IPv6 support is available on the following devices.
- N-Platform (660N, 1400N, 2500N, 5100N, 6100N)
- NX-Platform (2600NX, 5200NX, 6200NX, 7100NX, 7500NX)
- Security Management System (SMS)
- S-Series (S10, S110, S330)
- TPS (440T, 2200T, 1100TX, 5500TX, 8200TX, 8400TX, vTPS)
IPv6 is an Internet protocol that uses 128-bit addresses, which increases the number of possible addresses (over IPv4) and adds increased security. Expressed in a series of four-digit hexadecimal numbers that are separated by colon (:) notation, IPv6 addresses allow the Internet to grow in terms of connected hosts and data traffic.
|Threat Management Center (TMC):||
The TMC service does not support IPv6. An SMS operating in IPv6-only mode will not be able to contact the TMC, unless the SMS IP address is NAT-ed or uses a proxy that has NAT configured.
|SMS Management Port:||
You can manage the SMS via IPv4/IPv6, or both at the same time. Changes to the configuration can be performed in Admin > Server Properties > Network tab.
When an SMS Client is connected to the SMS server using IPv6 protocol, and the IPv6 traffic is being tunneled through IPv4 hardware, the SMS audit logs, system logs, and active session’s table will show 0.0.0.0 as the client's IP Address.
|SMS Backup and Restore:||
Some of the supported storage access protocols allow IPv6 addressing. When you specify a backup location in the SMS backup wizard with an IPv6 address, adhere to the following syntax requirements:
SMS High Availability:
SMS High Availability (HA) is not supported with IPv6. If the SMS is IPv6 only, the HA configuration button will display an error when selected.
|Device Management Port:||
You can manage devices via IPv4/IPv6, or both at the same time. Normally the IPv6 management option is setup during the Out of the Box Experience (OBE). However, if IPv6 was not enabled during OBE, it can be enabled after the fact from the Command Line Interface (CLI) by running the "setup" or CLI command.
If you are editing the Network Management configuration and want to disable IPv4, use IPv6 to manage the network BEFORE you disable IPv4. If you are editing the Network Management configuration and want to disable IPv6, use IPv4 to manage the network BEFORE you disable IPv6.
Entering an IPv4-mapped address in IPv6 notation will only match addresses that actually appear in IPv6 packets on the wire. They will not match IPv4 packets. Similarly, a range entered in IPv4 notation will only match IPv4 packets, and not IPv6 packets that contain the equivalent IPv4- mapped addresses. To match both notations, use both. In fields where any is allowed, you can enter any4 to match IPv4 packets, any6 to match IPv6 packets, and any to match both IPv4 and IPv6 packets.
When using wildcards to create an IPv6 address exception, use a wildcard character to represent each field. For example:
|Filter Inspections:||The TippingPoint devices support IPv4 and IPv6 packet inspection. As most of the Digital Vaccine (DV) filters are application layer filters, they will work irrespective of the IP type as well as all the combinations of tunneling (4in6, 6in4, 6in6, GRE, mobile IP, etc.). In addition, there are a small set of L3 filters, which are IPv4/IPv6 specific.|
|Traffic Management Filters: TCPv6 and UDPv6 protocols:||
The source and destination ports cannot be set for traffic management filters using TCPv6 and UDPv6 protocols. Use TCP and UDP instead. They will accept IPv6 addresses.
The VMware deployment screen supports setting up only an IPv4 IP address. If you want to set up an IPv6 address, you must first install the vTPS with IPv4 using the OBE interface on the console. Configure an IPv6 address after the device is booted.
|SSL Inspection (TPS 2200T, 1100TX, 5500TX, 8200TX, 8400TX):||
The device inspects inbound IPv4 traffic, including HTTP and HTTPS traffic. When inspecting encrypted SSL traffic, the device does not support:
|Mozilla Firefox:||Certificate exceptions cannot be added when managing an IPv6 device on an IPv6 network with Firefox 4 or later. To add a certificate exception in an IPv6 environment, use a different browser or the CLI. If your browser receives 404 Page Not Found errors or displays blank LSM frames, the cookies on the computer might be out of sync. To resolve these issues, clear the cache, delete the cookies, and restart the browser.|