Create 6in4 tunnel
Last adaptation to the version: 12.6.0
New:
- Function: Update associated network objects
- Updated to Redesign of the webinterface
This article refers to a Beta version
Introduction | |||
| A 6in4 tunnel is a transition mechanism from IPv4 to IPv6. Here, the IPv6 data packets are transmitted over an IPv4 network to a node. This is done with the help of a tunnel broker such as the one from Hurricane Electric . |  | ||
Tunnel broker configuration
The tunnel broker from Hurricane Electric is used as an example.
Create an account with Hurricane Electric
- The website is: www.tunnelbroker.net
- Click on "Register" at the top left.
- All fields must be filled in and then click on "Register".
- The password for the account will be send to the specified email address.
Creating the 6in4 tunnel
|
 | ||
|
 | ||
Tunnel ID and IP addresses of the tunnel servers | |||
|
 | ||
Configuration of the Securepoint Appliance
| In order to create a 6in4 tunnel it is necessary to click on Area Network Interfaces button . | |||
Step 1Step 1
| |||
| Name: | six0 | Assign names | UTMuser@firewall.name.fqdnNetworkNetwork configuration  Enter local IPv4 and IPv6 address
|
| Local IPv6 address: | Enter IPv6 address | ||
| Local IPv4 address: | Enter public IPv4 address If the interface is dynamic, this field must remain empty! The firewall then automatically informs the Tunnel Broker when the IP address changes.
| ||
Step 2Step 2
| |||
| Remote IPv6 address: | Enter IPv6 address |  | |
| Remote IPv4 address: | Enter the IPv4 address of the server (here Berlin). This IPv4 address is listed in the tunnel details under the item Server IPv4 address. | ||
| Use as default route: | Yes | Must be enabled | |
| Type: | Select Hurricane | ||
| Username: | TestSecurepoint | Enter username | |
| Password: | ••••••••• | Enter password | |
| Tunnel: | 123456 | Enter tunnel ID (also to be taken from the tunnel details) | |
Step 3Step 3
| |||
| Zones: | external_v6 firewall-external_v6 |
Select the "external_v6" and "firewall-external_v6" zones |  |
| Add new zone: | No dmz3 |
Hier kann eine neue Zone hinzugefügt werden | |
| Generate rules: | No | Rules for the zone can be generated here | |
| Update associated network objects: notempty New as of v12.6.0 |
On | If an existing zone has been selected, all network objects that are already in this zone and have an interface as a target are moved to the new interface. | |
Packet filter
In order for the 6in4 tunnel to be established, the IP address must be enabled by the Tunnel Broker server.
The server first tests with a ping whether the specified tunnel endpoint exists at all and can be reached.
Create network object | |||
| Click on button . | |||
| Name: | Hurricane | Assign names | UTMuser@firewall.name.fqdnFirewallNetwork object  Create network object for Hurricane
|
| Type: | Select "Host" type | ||
| Address: | Here the IP "66.220.2.74" must be entered | ||
| Zone: | Select zone "external_v6" | ||
| Groups: | Groups may be entered here | ||
Firewall rule
Click Area + Add rule and create the packet filter rule as follows:
| # | Source | Target | Service | NAT | Action | Active | |||
 |
 Hurricane |
 external-interface |
 ftp |
Accept | On |