Department of Defense
High Performance Computing Modernization Program

Enabling IPv6 in Checkpoint Firewalls

The following describes the basic steps involved in enabling IPv6 on selected Checkpoint firewalls. There are several families of firewall products, and this article does not attempt to cover them all in detail.

SecurePlatform

 To enable IPv6 on a SecurePlatform Security Gateway:

  1. Go to: 
    •  /etc/rc.d/rc3.d and 
    • create the file S11ipv6
  2. Add these commands to the S11ipv6 file:
    • #!/bin/sh
    • modprobe ipv6
    • /sbin/ifconfig <dev> inet6 add <IPv6-Address>/<Prefix-Length>
    • Note – The above command must be repeated for each interface that is configured with an IPv6 address.
  3. Configure the S11ipv6 file with executable permissions
  4. Run S11ipv6
  5. Run $FWDIR/scripts/fwipv6_enable on
  6. Reboot the Security Gateway

Consider upgrading the SecurePlatform OS to GAiA before enabling IPv6. See the Upgrading to GAiA Reference for details.

 IPSO Appliance

 To enable IPv6 on an IPSO appliance:

 Use Voyager or the CLI to enable and configure applicable interfaces for IPv6 traffic

  1. Use Voyager or the CLI to configure IPv6 static routes
  2. Run $FWDIR/scripts/fwipv6_enable on
  3. Reboot the Appliance

 Consider upgrading the IPSO OS to GAiA before enabling IPv6. See the Upgrading to GAiA Reference for details.

 GAiA Security Gateway

 To enable IPv6 on a GAiA Security Gateway:

 In the WebUI, go to the System Management > System Configuration page

  1. Select the IPv6 Support > On option
  2. Reboot the Security Gateway
  3. Use the WebUI or the CLI to enable and configure the applicable interfaces for IPv6
  4. Use the WebUI or the CLI to configure IPv6 static routes

 

Checkpoint GAiA – Complete First Time Configuration Through Command Line (look for an entry with this title) describes the command lines used to enable IPv6 on specified interfaces of a Checkpoint GAiA Security Gateway in detail.

 

A complete reference manual documenting GAiA configuration options is available here on the Checkpoint website. A separate chapter in that manual provides numerous examples and gives a detailed explanation of options specific to IPv6. An IPv6-specific Frequently Asked Questions (FAQ) file is maintained by Checkpoint.

Disabling IPv6 in Checkpoint Firewalls

The following describes the basic steps involved in disabling IPv6 on selected Checkpoint firewalls.

SecurePlatform

To disable IPv6 on an IPv6-enabled SecurePlatform Security Gateway:

  1. Run this command from the expert mode:
    • $FWDIR/scripts/fwipv6_enable off
  2. Delete the S11ipv6 file from /etc/rc.d/rc3.d
  3. Reboot the Security Gateway

IPSO Appliances

To disable IPv6 on an IPv6-enabled IPSO appliance:

  1. Run $FWDIR/scripts/fwdir6_enable off
  2. Disable IPv6 support for each applicable interface using Voyager or the CLI
  3. Reboot the Appliance

GAiA Security Gateways

To disable IPv6 on an IPv6-enabled GAiA Security Gateway:

  1. In the WebUI, go to the System Management > System Configuration page
  2. Select the IPv6 Support > Off option
  3. Reboot the Security Gateway

 


Top