IPv6 - Network Prefix Translation

Posted: 05 Jun 2020, 18:24
by bonnet

Can we do Network Prefix Translation on SG appliance?
I see pfsense can do it ( ... n-npt.html).

We have many WAN connections and many servers with inbound connections from Internet. I would like to change my ISP without changing all IPs on servers.

For exemple :
ISP A with prefix 2001:DB8:A::/48
ISP B with prefix 2001:DB8:B::/48

So my server will have those IPs with automatic configuration:

I want to manually add an anycast IP on both ISP like:

If I change my ISP, I don't want to change all manual anycast IP on all servers. So I think, the best practice may be setting this manual IP on the server:

And add on SG appliance a network prefix translation like:
2001:DB8:A::/48 to FE00:1000::/48
2001:DB8:B::/48 to FE00:1000::/48

And if one day I add or change one ISP, I just need to change a network prefix translation on the appliance without reconfiguration of all servers.

Re: IPv6 - Network Prefix Translation

Posted: 29 Jun 2020, 07:30
by Peter

Unfortunately i don't think this would be possible in the current version of the Firewall (we are currently at version 13.00.06). The main reason for that is due to the lack of IPv6 address translation capabilities.

The only alternative i can think of at the moment would be to use DHCPv6 in order to hand out leases to the clients with the new range. But if the clients/servers are configured with static IP that would be.... problematic.

