Entrust nShield Connect Installation Manual page 29
Hide thumbs
Also See for nShield Connect:
- Security manual (90 pages) ,
- Hardware and setup manual (26 pages) ,
- Installation manual (9 pages)
Table of Contents
Advertisement
automatically form IPv6 addresses from network prefixes contained in Router
Advertisements (RAs). RAs are received directly by the nShield Connect Operating
System and automatically forms IPv6 addresses by combining the network prefixes
contained in the RA with the MAC address of the receiving Ethernet interface. As they
are created by the Operating System, SLAAC IPv6 addresses are not subject to the same
validation rules as addresses entered via the nShield Connect front panel. If SLAAC is to
be used to configure nShield Connect IPv6 addresses in preference to statically entered
addresses then network planners must take care to ensure that prefixes advertised to the
nShield Connect are of a suitable type, see
9.2.1.1.3. IPv6 Compliance
A new sub-menu (1-1-1-9 - Set IPv6 compliance) has been added to the nShield Connect
front panel menu to permit the User to select an IPv6 compliance mode for an nShield
Connect. Compliance with USGv6 or IPv6 ready can be selected.
Both these modes change the settings for the nShield Connect firewall so that it will
pass-through packets which are discarded in the normal Default* mode. This behaviour is
required for compliance testing but is not recommended for normal use since allowing
packets with invalid fields or parameters through the firewall increases the attack
surface. When either USGv6 or IPv6 ready are selected, a confirmation message is
displayed to reduce the likelihood that they are enabled by accident.
It is recommended that the IPv6 compliance mode is set to Default for all normal
operations.
9.2.1.1.4. Acceptable IPv6 Address by Use Case
The types of IPv6 which are acceptable as a static address are given in the table below
For examples of valid IPv6 addresses, see
Use Case
Static IPv6 Address
Entry
IPv6 Default
Gateway
nShield® Connect Installation Guide
Acceptable Address Type
• Global Unicast
• Local Unicast
• Global Unicast
• Local Unicast
• Link-local
Acceptable IPv6 Address by Use
Valid IPv6
Addresses.
Case.
29 of 73
Advertisement
Table of Contents
Need help?
Do you have a question about the nShield Connect and is the answer not in the manual?