Prefix Advertisements
On the IPv6 > Prefix Advertisements tab you can configure your Sophos UTM on AWS to assign clients an IPv6 address prefix which in turn enables them to pick an IPv6 address by themselves. Prefix advertisement (or router advertisement) is an IPv6 feature where routers (or in this case Sophos UTM on AWS) behave like a DHCP server in IPv4, in a way. However, the routers do not assign IPs directly to clients. Instead, clients in an IPv6 network assign themselves a so-called link-local address for the primary communication with the router. The router then tells the client the prefix for its network segment. Subsequently, the clients generate an IP address consisting of the prefix and their MAC address.
To create a new prefix, do the following:
-
On the Prefix Advertisements tab, click New Prefix.
The dialog box Add Prefix opens.
-
Specify the following settings:
Interface: Select an interface that has an IPv6 address with a 64 bit netmask configured.
DNS server 1/2 (optional): The IPv6 addresses of the DNS servers.
Domain (optional): Enter the domain name that will be transmitted to the clients (e.g., intranet.example.com).
Valid lifetime: The time the prefix is to be valid. Default is 30 days.
Preferred lifetime: The time after which another prefix, whose preferred lifetime has not yet expired, is to be selected by the client. Default is 7 days.
-
Optionally, make the following advanced settings:
Stateless integrated server: This option is selected by default. Creating a prefix advertisement automatically starts a DHCPv6 server. Note that this DHCPv6 configuration is hidden and therefore not visible or editable via the DHCP configuration menu.
Managed (stateful): This option is not available when Stateless integrated server is selected. It allows to start stateful DHCPv6 server in the same interface with prefix advertisement. You can configure a DHCPv6 server under the Network Services > DHCP > Servers tab.
Other config: This option is not available when Stateless integrated server is selected. It ensures that a given DNS server and domain name are additionally announced via DHCPv6 for the given prefix. This is useful since, at the moment, there are too few clients which are able to fetch the DNS information from the prefix advertisement (RFC 5006/ RFC 6106).
-
Click Save.
The new prefix configuration appears on the Prefix Advertisements list.