10-26-2012 03:45 PM
Hi
I'm trying to "play around" with ipv6. As my ISP doesn't offer IPv6 to my connection I want to use tunnelbroker.com to setup a ipv6 (6 in 4) Tunnel.
I've read that this feature has been dropped since 4.1, is this correct? If so, ayn other chance to get this running?
I get a /64 and a /48 from tunnel broker so I thought I use my fritz.box (www.avm.de). This box works fine with the tunnel (/64 network up and running) but unfortunately it's missing a vital feature: routing the /48 to the /64 address of my PA 😞 (Internet <-> fritz.box <-> PA <-> internal Network)
I'd really like to deal with 6in4 directly on the PA but can't find a way to do this.
Thanks
Andre
10-26-2012 04:25 PM
Andre:
You are correct that Palo Alto Networks does not natively support 6-in-4 tunnels today. To get around this limitation, I use an external router that supports 6-in-4 tunnels, and then natively route the /48 through the Palo Alto Firewall. It works great and I've been using it for months. The key for you will be replacing your fritz.box with something that supports 6-in-4 tunnels and can route the /48 through the Palo Alto Networks firewall.
Good luck.
10-26-2012 04:25 PM
Andre:
You are correct that Palo Alto Networks does not natively support 6-in-4 tunnels today. To get around this limitation, I use an external router that supports 6-in-4 tunnels, and then natively route the /48 through the Palo Alto Firewall. It works great and I've been using it for months. The key for you will be replacing your fritz.box with something that supports 6-in-4 tunnels and can route the /48 through the Palo Alto Networks firewall.
Good luck.
10-28-2012 12:18 AM
Hi
too bad. Unfortunately I can't replace that fritz.box that easy. It's also handling VoIP, Fax, Answering machine, and most important TVoIP.
I'll check with the vendor to see why I can't add an IPv6 route just as I can with IPv4, which would solve the problem.
meanwhile I used a Vyatta router to setup the tunnel and do DHCPv6. Basic firewall rules in place, all is working fine.
Hopefully they bring this feature in Release 5.x
Andre
11-18-2022 04:16 PM
Is that possible to get this feature back? It is annoying to keep another firewall|hardware running just for this. Most other vendors still support it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
