SonicOS 7 Network Firewall
- SonicOS 7.0
- About Firewall
- Advanced
- Flood Protection
- SSL Control
- Cipher Control
- Real-Time Black List (RBL) Filter
IPv6 Advanced Configuration
To configure advanced IPv6:
- Navigate to Network > Firewall > Advanced.
-
Go to IPv6.
- To disable IPv6 completely on the firewall, select Disable all IPv6 traffic processing on this firewall. When enabled, this option takes precedence over the other IPv6 options in this section. This option is not selected by default.
- To prevent a potential DoS attack that exploits IPv6 Routing Header type 0 (RH0) packets, select Drop IPv6 Routing Header type 0 packets. When this setting is enabled, RH0 packets are dropped unless their destination is the SonicWall security appliance and their Segments Left value is 0. Segments Left specifies the number of route segments remaining before reaching the final destination. This option is selected by default. For more information, see http://tools.ietf.org/html/rfc5095
- To drop a packet when the hop limit has been decremented to 0, select Decrement IPv6 hop limit for forwarded traffic; this is similar to IPv4 TTL. This option is not selected by default.
- To reject and log network packets that have a source or destination address of the network packet defined as an address reserved for future definition and use as specified in RFC 4921 for IPv6, select Drop and log network packets whose source or destination address is reserved by RFC. This option is not selected by default.
- By default, the SonicWall appliance generates IPv6 ICMP Time-Exceeded Packets that report when the appliance drops packets due to the hop limit decrementing to 0. To disable this function so the SonicWall appliance does not generate these packets, select Never generate IPv6 ICMP Time-Exceeded packets. This option is selected by default.
- By default, the SonicWall appliance generates IPv6 ICMP destination unreachable packets. To disable this function so the SonicWall appliance does not generate these packets, select Never generate IPv6 ICMP destination unreachable packets. This option is selected by default.
- By default, the SonicWall appliance generates redirect packets. To disable this function so the SonicWall appliance does not generate redirect packets, select Never generate IPv6 ICMP redirect packets. This option is selected by default.
- By default, the SonicWall appliance generates IPv6 ICMP parameter problem packets. To disable this function; so the SonicWall appliance does not generate these packets, select Never generate IPv6 ICMP parameter problem packets. This option is selected by default.
-
To allow Site-Local Unicast (SLU) address, the default SonicWall appliance behavior, select Allow to use Site-Local-Unicast Address. This option is selected by default.
As currently defined, SLU addresses are ambiguous and can represent multiple sites. The use of SLU addresses may adversely affect network security through leaks, ambiguity, and potential misrouting. To avoid the issue, deselect the option to prevent the appliance from using SLU addresses.
-
To have the SonicWall appliance check the validity of IPv6 extension headers, select Enforce IPv6 Extension Header Validation. This option is not selected by default.
When this option is selected, the Enforce IPv6 Extension Header Order Check option becomes available. (You may need to refresh the page.)
-
To have the SonicWall appliance check the order of IPv6 Extension Headers, select Enforce IPv6 Extension Header Order Check. This option is not selected by default.
-
-
To have the SonicWall appliance generate a NetBIOS name in response to a broadcast ISATAP query, select Enable NetBIOS name query response for ISATAP. This option is not selected by default.
Select this option only when one ISATAP tunnel interface is configured.
- Click Accept.
Was This Article Helpful?
Help us to improve our support portal