Example: IPv6 firewall addresses
Scenario: Mail server
You need to create an IPv6 address for the Mail Server on Port1 of your internal network.
- These server is on the network off of port1.
- The IP address is 2001:db8:0:2::20/64
- There should be a tag for this address being for a server
- Go to Policy & Objects> Objects > Addresses and select Create New > Address.
- Fill out the fields with the following information
Category | IPv6 Address |
Name | Mail_Server |
Type | Subnet |
Subnet / IP Range | 2001:db8:0:2::20/64 |
Interface | port1 |
Visibility | <enable> |
Comments | <Input into this field is optional> |
- Select OK.
- Enter the following CLI command:
config firewall address6
edit Mail_Server
set type ipmask
set subnet 2001:db8:0:2::20/64
set associated-interface port1
end
Scenario: First floor network
You need to create an IPv4 address for the subnet of the internal network off of Port1.
- These computers are on the network off of port1.
- The Network uses the IPv6 addresses: fdde:5a7d:f40b:2e9d:xxxx:xxxx:xxxx:xxxx
- There should be a reference to this being the network for the 1st floor of the building.
- Go to Policy & Objects> Objects > Addresses and select Create New > Address.
- Fill out the fields with the following information
Category | IPv6 Address |
Name | Internal_Subnet_1 |
Type | Subnet |
Subnet / IP Range | 2001:db8:0:2::/64 |
Interface | port1 |
Visibility | <enable> |
Comments | Network for 1st Floor |
- Select OK.
- Enter the following CLI command:
config firewall address6
edit Internal_Subnet_1
Set comment “Network for 1st Floor”
set subnet 2001:db8:0:2::/64
end
Verification
To verify that the addresses were added correctly:
- Go to Policy & Objects> Objects > Addresses. Check that the addresses have been added to the address list and that they are correct.
- Enter the following CLI command:
config firewall address6
edit <the name of the address that you wish to verify>
Show full-configuration