Wednesday, September 10, 2014

IPv6 Configuration on Splat Gateway and Windows Machine




  IPv6:

The Check Point architecture gives administrators a smooth and secure migration path to IPv6.
Many networks still use IPv4, and some applications cannot be upgraded to support IPv6.
For this reason, the Check Point IPv6 solution includes full support for legacy IPv4. In fact,
while IPv6 support is optional, you cannot disable IPv4 support.

The Check Point IPv6 solution includes Dual Stacks, which support the two IP versions.
It does this by using different IPv4 and IPv6 stacks simultaneously. The Check Point Dual
Stack also solution uses two different kernel drivers: One for IPv4 traffic and one for IPv6 traffic.


 Supported Check Point Features:


 Supported Platforms: Gaia, SecurePlatform and IPSO.

 Access Control Rules - IPv6 Hosts and IPv6 networks can be configured in Firewall Rule base.

 User defined ICMPv6 services.

 Anti-Spoofing.

  IPS protections:Port Scan,Aggressive Aging,Max Ping Size Limit,Small PMTU.

  Acceleration by SecureXL (SecurePlatform and Gaia only).

  ClusterXL High Availability (SecurePlatform and Gaia only).

  CoreXL (SecurePlatform and Gaia only).

  SmartView Tracker support with IPv6 filtering.



 IPv6 Specific Functionality:


  IPv6 extension headers can be allowed or blocked.

  IPv6 Fragmentation headers are fully inspected.

  6in4 tunnel traffic can be allowed or blocked.

  IPv6 traffic in 6in4 tunnels can be inspected (SecurePlatform and Gaia only).




 Non-Supported Features:


  IPS (except for protections shown above).

  **NAT.

  Application & URL Filtering.

  IPSec VPN (This feature was previously supported R70 IPv6Pack).

  Anti-Spam & Mail.

  Anti-Virus.

  DLP.

  QoS.



**NAT is not a concept of IPv6.



  IPV6 address configuration on Gateway:


*******************************************************************************

1. Log in to SecurePlatform (expert mode).



2. Go to the /etc/rc.d/rc3.d directory and create a new script, named S11ipv6.:
# vi S11ipv6



3.add the following lines in S11ipv6 script:
#!/bin/sh
modprobe ipv6
/sbin/ip -6 addr add ipv6-address/subnet-mask dev Interface-name
/sbin/ip -6 addr add ipv6-address/subnet-mask dev Interface-name

Example:
#!/bin/sh
modprobe ipv6
/sbin/ip -6 addr add 2001:1:1::1/64 dev eth0
/sbin/ip -6 addr add 2001:1:1:1::1/64 dev eth1

Note: The command is required for each interface that is configured with an IPv6 address.
-- Save the script.



4.Assign the S11ipv6 script execute permission :
# chmod 777 S11ipv6



5.Run the S11ipv6 file
# sh S11ipv6



6.Enable IPv6 by running the command :
#$FWDIR/scripts/fwipv6_enable on



7.Turn on IPv6 forwarding by running the command :
# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding



8. Verify IPV6 address using commmand:
#ifconfig





  IPV6 address configuration on Windows Machine:


******************************************************************

  On Windows 7:

1.Go to Control Panel.
2.Open "Network and sharing center".
3.Click on "Change adapter Settings".
4.Double Click on Adapter , select and open "IPV6 address configuration on"
5.Configure the IPV6 address, ipv6 Gateway address in the properties window and save.



  On Windows XP:

1. Open Command Prommpt.
2. run following command :
> ipv6 install



3.Assign ipv6 address using command:
>netsh interface ipv6 add address "Local Area Connection" [ipv6 address]



4. Add default Gateway by:
> netsh interface ipv6 add route ::/0 "Local Area Connection" [ipv6 address](Gateway ipv6 address)



5. Verify IPV6 address by:
>ipconfig




 Ping IPv6 Address:

  Ping test on windows Machine using Command prompt:

> Ping [ipv6 address](ipv6 address of another devices)






  Ping Test on Splat:

# Ping6 (ipv6 address of another Devices)



No comments: