Configure an Interface as a DHCPv6 Client with Prefix Delegation
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 11.2
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
Configure an Interface as a DHCPv6 Client with Prefix Delegation
Configure a DHCPv6 Client Interface with Prefix Delegation.
Before you configure DHCPV6 Client, learn
about how a Layer 3 Ethernet, VLAN, or AE interface on the firewall
can function as a DHCPv6 client,
with or without prefix delegation.
The following task begins
by showing how to configure the interface facing the DHCPv6 server
to be a DHCPv6 client and request a Non-Temporary or Temporary address
for itself. This interface also requests a delegated prefix on behalf
of the host-facing interface. The task then shows how to configure
an interface facing the hosts as an inherited interface
that provides prefix delegation to the LAN hosts.
- Select an Ethernet, AE, or VLAN interface (that faces the DHCPv6 server and ISP) to be a DHCPv6 client.
- Select NetworkInterfacesEthernet or select NetworkInterfacesEthernet and select an AE interface, or select NetworkInterfacesVLAN.
- For Interface Type, select Layer3.
- (Optional) Add Subinterface if you want a single Ethernet or VLAN interface facing the ISP to be separated into subinterfaces.
- On the Config tab, assign the interface to a Virtual Router and Security Zone.
- Select IPv6.
- Enable IPv6 on the interface.
- For Interface ID, enter the EUI-64 (default 64-bit Extended Unique Identifier) in hexadecimal format (for example, 00:26:08:FF:FE:DE:4E:29). If you leave this field blank, the firewall uses the EUI-64 generated from the MAC address of the physical interface.
- Configure the interface that faces the ISP to be a DHCPv6 client and request its leased, temporary IPv6 address and/or non-temporary IPv6 address.
- For Type, select DHCPv6 Client.
- Select Address Assignment and Accept Router Advertised Route to allow the DHCPv6 Client to accept the Router Advertisement.
- Enter a Default Route Metric for the route from the interface to the ISP; range is 1 to 65,535; default is 10.
- Select Preference of the DHCPv6 client interface (low, medium or high) so that, in the event you have two interfaces (each connected to a different ISP for redundancy), you can assign the interface to one ISP a higher preference than the interface to the other ISP. The ISP connected to the preferred interface will be the ISP that provides the delegated prefix to send to a host-facing interface. If the interfaces have the same preference, both ISPs provide a delegated prefix and the host decides which prefix to use.
- Select DHCPv6 Options and Enable IPv6 Address.
- In the Request Address Type area, select Non-Temporary Address (default setting). This address type has a longer lifespan.
- Select Temporary Address for a greater level of security because the address is intended to be used for a short period of time.Whether you request a Non-Temporary Address or Temporary Address for the interface is based on your discretion and the capability of the DHCPv6 server; some servers can provide only a temporary address. The best practice is to select both Non-Temporary Address and Temporary Address, in which case the firewall will prefer the Non-Temporary Address.
- Select Rapid Commit to use the DHCPv6 process of Solicit and Reply messages (two messages), rather than the process of Solicit, Advertise, Request, and Reply messages (four messages).
- Select Prefix Delegation and Enable Prefix Delegation to allow the firewall to support prefix delegation functionality. This means that the interface accepts a prefix from the upstream DHCPv6 server and places the prefix into the Prefix Pool, from which the firewall delegates a prefix to a host via RA. The ability to enable or disable prefix delegation for an interface allows the firewall to support multiple ISPs (one ISP per interface). Enabling prefix delegation on this interface controls which ISP provides the prefix.The delegated prefix is used on the host-facing interface, and its IPv6 address is constructed with the MAC address and EUI-64 input. In our example, the inherited interface receives the inherited prefix displayed in the step to view DHCPv6 information.
- Select DHCP Prefix Length Hint to enable the firewall to send a preferred DHCPv6 prefix length to the DHCPv6 server.
- Enter the preferred DHCP Prefix Length (bits) in the range from 48 to 64, which is sent as the hint to the DHCPv6 server. The DHCPv6 server has the discretion to send whatever prefix length it chooses.Requesting a prefix length of 48, for example, leaves 16 bits remaining for subnets (64-48), which indicates you require many subdivisions of that prefix to delegate. On the other hand, requesting a prefix length of 63 leaves 1 bit for delegating only two subnets. Of the 128 bits, there are still 64 more bits for host address.The interface can receive a /48 prefix, but delegate a /64 prefix, for example, which means the firewall is subdividing the prefix it delegates.
- Enter a Prefix Pool Name for the pool where the firewall stores the received prefix. The name must be unique and contain a maximum of 63 alphanumeric characters, hyphens, periods, and underscores.Use a prefix pool name that reflects the ISP for easy recognition.
- For a DHCPv6 Client, configure address resolution.
- Select Address Resolution
- Enable Duplicate Address Detection (DAD) if you want the uniqueness of a potential IPv6 address to be verified before it is assigned to the interface (enabled by default).
- If you selected Enable Duplicate Address Detection, specify the number of DAD Attempts within the neighbor solicitation (NS) interval before the attempt to identify neighbors fails; range is 1 to 10; default is 1.
- Enter the Reachable Time (sec), the length of time in seconds that the client assumes a neighbor is reachable after receiving a Reachability Confirmation message; range is 10 to 36,000; default is 30.
- Enter the NS Interval (sec), which is the length of time between Neighbor Solicitations; range is 1 to 3,600; default is 1.Neighbor solicitations are sent every second using a well-known multicast group. The interface is asking if a device with the same IPv6 address exists on the network by sending NS, including its own address in the request. If another device has the same address, it responds to these requests.
- Enable NDP Monitoring to enable Neighbor Discovery Protocol monitoring. When enabled, you can select the NDP icon (
- For a DHCPv6 Client, configure DNS support.
- Select DNS Support.
- Enable DNS Recursive Name Server and select:
- DHCPv6—To have the DHCPv6 Server send the DNS Recursive Name Server information to the client.
- Manual—To manually configure the DNS
Recursive Name Server. Add the IPv6 address
of the Server, for example, 2001:4860:4860:0:0:0:8888. Enter
a Lifetime in seconds, which is the maximum
length of time the client can use the specific DNS Recursive Name
Server to resolve domain names. The Lifetime range is 4 to 3,600;
default is 1,200.
- Enable Domain Search List and select:
- DHCPv6—To have the DHCPv6 Server send the Domain Search List information to the client.
- Manual—To manually configure the Domain Search List. Add a Domain suffix to add to a partial name in DNS to form a fully qualified domain name. For example, enter company.org. Enter a Lifetime in seconds for the list; range is 4 to 3,600; default is 1,200.
- Click OK to save the DHCPv6 Client configuration.
- Configure a host-facing interface to inherit the IPv6 prefix and advertise allocated /64 prefixes from the pool to the hosts.
- Select NetworkInterfacesEthernet or select NetworkInterfacesEthernet and select an AE interface, or select NetworkInterfacesVLAN.
- Select a Layer 3 interface.
- Select IPv6.
- Enable IPv6 on the interface.
- For Type, select Inherited.
- Select Address Assignment and Add an address by entering a Name. The name can be a maximum of 63 alphanumeric characters, hyphens, periods, and underscores.
- For Address Type, select one of the following:
- GUA from Pool—Global Unicast Address (GUA) that comes from the Prefix Pool chosen below.
- ULA—Unique Local Address is a private
address in the address range fc00::/7 for connectivity within a
private network. Select ULA if there is no DHCPv6 server. The DHCPv6
server has the discretion to send whatever prefix length it chooses.It is recommended to also configure a ULA to maintain local connectivity in case the connection to the DHCPv6 server is lost.
- Enable on Interface (GUA) or Enable Address on Interface (ULA) to enable this address.
- (GUA only) Select the Prefix Pool from which to get the GUA.
- (GUA only) Select Assignment Type:
- Dynamic—The DHCPv6 client is responsible for choosing an identifier to configure the inherited interface.
- Dynamic with Identifier—You are responsible
for choosing an identifier in the range 0 to 4,000 and maintaining
a unique Identifier across the DHCPv6 clients.If you received a /64 prefix from the DHCPv6 server, do not select Dynamic with Identifier.If you are applying Dynamic with Identifier to more than one address, assign the lowest Identifier value to the first address, and a higher Identifier value to each subsequent address you configure.
- (ULA only) Enter an Address.
- (ULA only) Select Use interface ID as host portion to use the interface ID as the host portion of the IPv6 address.
- (ULA only) Select Anycast to make the IPv6 address an Anycast address, which means multiple locations can advertise the same prefix, and IPv6 sends the Anycast traffic to the node it considers the nearest, based on routing protocol costs and other factors.
- Select Send Router Advertisement to send RAs from the inherited interface to the LAN hosts.
- If you chose ULA, enter a Valid Lifetime and Preferred Lifetime.
- Select On-Link if systems that have addresses within the prefix are reachable without a router.
- Select Autonomous if systems can independently create an IPv6 address by combining the advertised prefix with an Interface ID.
- Click OK to save address assignment.
- For Inherited interface, configure address resolution.
- Select Address Resolution.
- Enable Duplicate Address Detection (DAD) if you want such detection (enabled by default).
- If you selected Enable Duplicate Address Detection, specify the number of DAD Attempts within the neighbor solicitation (NS) interval before the attempt to identify neighbors fails; range is 1 to 10; default is 1.
- Enter the Reachable Time (sec) that the client will use to assume a neighbor is reachable after receiving a Reachability Confirmation message; range is 10 to 36,000; default is 30.
- Enter the NS Interval (sec), which is the length of time between Neighbor Solicitation requests; range is 1 to 3,600; default is 1.
- Enable NDP Monitoring to enable Neighbor Discovery Protocol monitoring. When enabled, you can select the NDP icon (
- For Inherited interface, configure Router Advertisement so that this interface can send RAs to the hosts advertising the prefix that the hosts can use to construct their own IPv6 address.
- Select Router Advertisement and Enable Router Advertisement so this interface can reply to Router Solicitations from the hosts by sending RAs to hosts (default is enabled). The following 11 fields all pertain to the RA.
- Set the Min Interval (sec), the minimum interval, in seconds, between RAs the firewall sends (range is 3 to 1,350; default is 200). The firewall sends RAs at random intervals between the minimum and maximum values you set.
- Set Max Interval (sec), the maximum interval, in seconds between RAs the firewall sends (range is 4 to 1,800; default is 600). The firewall sends RAs at random intervals between the minimum and maximum values you set.
- Set Hop Limit to apply to clients for outgoing packets (range is 1 to 255; default is 64). Select unspecified to use the system default.
- Set Link MTU, the link maximum transmission unit (MTU) to apply to clients (range is 1,280 to 9,216; default is unspecified, which means the system default.
- Set Reachable Time (ms), in milliseconds, that the client will use to assume a neighbor is reachable after receiving a Reachability Confirmation message (range is 0 to 3,600,000; default is unspecified).
- Set Retrans Timer (ms), the retransmission timer that determines how long the client will wait, in milliseconds, before retransmitting Neighbor Solicitation messages. Select unspecified for no retransmission time (range is 0 to 4,294,967,295; default is unspecified).
- Set Lifetime (sec) to specify how long, in seconds, the client will use the firewall as the default gateway (range is 0 to 9,000; default is 1,800). Zero specifies that the firewall is not the default gateway. When the lifetime expires, the client removes the firewall entry from its Default Router List and uses another router as the default gateway.
- Set Router Preference in case there are two or more inherited interfaces on different routers sending RAs to a host. High, Medium, or Low is the priority that the RA advertises indicating the relative priority and the host uses the prefix from the higher prioritized router.
- Select Managed Configuration to indicate to the client that addresses are available via DHCPv6.
- Select Other Configuration to indicate to the client that other address information (such as DNS-related settings) is available via DHCPv6.
- Select Consistency Check to have the firewall verify that RAs sent from other routers are advertising consistent information on the link. The firewall logs any inconsistencies.
- For Inherited interface, configure DNS Support.
- Select DNS Support.
- Enable DNS Recursive Name Server and select DHCPv6 or Manual:
- DHCPv6—To have the DHCPv6 Server
send the DNS Recursive Name Server information. Select a Prefix
Pool. When the DNS Recursive Namer Server is from the
DHCPv6 server, an inherited interface can derive information indirectly
from the prefix pool. (If on the Address Assignment tab
you configured the Address Type as ULA, the
Prefix Pool will be None.)
- Manual—To manually configure the DNS
Recursive Name Server. Add an IPv6 address
of the Server, for example, 2001:4860:4860:0:0:0:8888. Enter
a Lifetime for the server; the range is any
value equal to or between the Max Interval (that
you configured on the Router Advertisement tab) and
two times that Max Interval. Default is 1200 seconds.
- DHCPv6—To have the DHCPv6 Server
send the DNS Recursive Name Server information. Select a Prefix
Pool. When the DNS Recursive Namer Server is from the
DHCPv6 server, an inherited interface can derive information indirectly
from the prefix pool. (If on the Address Assignment tab
you configured the Address Type as ULA, the
Prefix Pool will be None.)
- Enable Domain Search List and select:
- DHCPv6—to have the DHCPv6 Server send the Domain Search List information. Select a Prefix Pool. When the Domain Search List is from the DHCPv6 server, an inherited interface can derive information indirectly from the prefix pool. (If on the Address Assignment tab you configured the Address Type as ULA, the Prefix Pool will be None.)
- Manual—To manually configure the Domain Search List. Add a Domain suffix to add to a partial name in DNS to form a fully qualified domain name. For example, enter company.org. Enter a Lifetime for the domain; the range is any value equal to or between the Max Interval (that you configured on the Router Advertisement tab) and two times that Max Interval. Default is 1200.
- Click OK to save the Inherited interface.
- Commit.
- View DHCPv6 information for an interface.
- Select NetworkInterfacesEthernet or VLAN or AE Group.
- In the row of your configured interface, select the Dynamic-DHCP Client link in the IP Address column to view the settings that the DHCPv6 server assigned to this DHCPv6 client.Alternatively, you could select the interface and then select Show DHCPv6 Client Runtime Info.
- View the information.
- In the following example, the middle section shows that the interface facing the ISP received a Non-Temporary address and a Temporary address for itself. The Remaining Lease Time applies to both addresses.
- The Prefix Delegation section shows that the interface also received a Prefix that the host-facing Inherited interface can advertise in RAs to the hosts.
- Select Show Prefix Pool Assignment to view for each host-facing Inherited Interface: the Inherited Prefix (prefix that the interface is distributing to hosts), the Assigned IPv6 Address of the inherited interface itself (based on the prefix and constructed from the MAC address), the Router Preference, and the State of the interface.The DHCPv6 Client requested a prefix length of /48 from the server and received it, but then divided that prefix into /64 prefixes and delegated them to the Inherited interfaces. The inherited interfaces advertise the /64 prefixes to the hosts.
- Select Show Prefix Pools to see the prefix pools created.
- Close the list of prefix pools.
- Renew a DHCPv6 lease with the DHCPv6 server (regardless of the lease term) if you want to renew sooner than the automatic renewal that the firewall requests.
- Select NetworkInterfacesEthernet or VLAN or AE Group.
- In the row of your configured interface, select the Dynamic-DHCP Client link in the IP Address column.
- Select Renew from the DHCPv6 Client Runtime Info screen.
- Close the DHCPv6 Client Runtime Info.
- Release the following DHCP options that came from the DHCPv6 server if you no longer need the options before the lifetime expires.
- Prefix
- IPv6 Address (Non-Temporary)
- IPv6 Address (Temporary)
- Remaining Lease Time
- Gateway
- DNS Server
- DNS Suffix
A release frees the IP address, which drops your network connection and renders the firewall unmanageable if no other interface is configured for management access.- Select NetworkInterfacesEthernet or VLAN or AE Group.
- In the row of your configured interface, select the Dynamic-DHCP Client link in the IP Address column.
- Select Release from the DHCPv6 Client Runtime Info screen.
- Close the DHCPv6 Client Runtime Info.