Managing the Device
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|87
Neighbor Discover Protocol (ND-Proxy)
On some IPv6 networks, where prefix delegation is not supported, you can use the
Neighbor Discover Protocol (ND proxy) to assign globally-routable IPv6 addresses to
internal (LAN) interfaces and hosts.
Workflow:
1. The Security Gateway receives a globally-routable /64 IPv6 prefix from the ISP
through a dynamic IPv6 Internet-connection, using RA (Router Advertisement).
2. Instead of assigning an IPv6 address to the Internet-connection interface (using
SLAAC), the address is assigned to one of the internal interfaces(LAN, DMZ, Bridge,
and so on).
3. SLAAC is enabled automatically on the internal network/bridge.
Hosts behind this internal network/bridge receive a globally-routable IPv6 address
automatically.
4. The Internet-connection interface is not assigned with any global IPv6 address, but
still has a link-local IPv6 address.
5. A default-gateway route is created to the ISP's gateway link-local address (as with all
IPv6 Internet-connection).
6. ND proxy is used to answer Neighbor Discovery requests from the ISP side to the
internal network for hosts that were assigned addresses with IPv6 prefix received from
the ISP.
To enable ND proxy:
1. In the Configuring Internet Connectivity page, click New/Edit the IPv6 connection.
The Edit Internet Connection window opens in the Configuration tab.
2. For Connection type, select Obtain automatically (DHCPv6/SLAAC).
3. In the Advanced tab, expand the Neighbor Discovery proxy section.
4. Select the Enable Neighbor Discovery proxy checkbox.
5. Select your local network from the drop down menu.
6. Make sure NAT Settings are disabled:
7. Expand the NAT Settings section and select the Do not hide internal networks
behind this Internet connection checkbox.
8. Make sure Prefix Delegation is disabled:
To Next Page
Loading...
