Orbi WiFi 7 RBE973
Reply

Re: FVS318Gv2 - No LAN Groups in IPv6

deadbeef
Tutor

FVS318Gv2 - No LAN Groups in IPv6

There's a LAN groups tab available for IPv4 in the router, where the table shows MAC address & corresponding IPv4 addresses for devices on network. Also, you can define and assign up-to 8 LAN groups to these devices. In turn, you can refer to these LAN groups in your firewall rules to limit inbound/outbound access for these devices.

 

In IPv6 LAN settings this tab is missing: There is no way to see which IPv6 address belongs to which MAC address and cannot assign LAN groups. (I relaize you can have multiple IPv6 addresses per device, but these all could be listed for same MAC forcing the assignment of a single LAN group per MAC address)

 

Since, my ISP provides dynamic IPv6 address with prefix delegation, setting static IPv6 addresses for my devices doesn't work and this makes IPv6 firewall rules worthless since you can only reference a device by IP address.

 

Having a MAC to LAN group option then using LAN groups in firewall rules would solve this issue.

Model: FVS318Gv2|ProSafe gigabit 8 port VPN firewall
Message 1 of 5
deadbeef
Tutor

Re: FVS318Gv2 - No LAN Groups in IPv6

Screenshot showing LAN Groups for IPv4. Notice greyed out radio button for IPv6:

1.png

 

 

 

 

Screenshot showing IPv4 Firewall Rules supporting LAN Groups:

LAN groups in IPv4 Firewall

Message 2 of 5
DaneA
NETGEAR Employee Retired

Re: FVS318Gv2 - No LAN Groups in IPv6

Hi deadbeef,

 

Welcome to the community! 🙂

 

I have also checked our FVS318Gv2 and it seems that this is by design.  What it shows on the web-GUI when IPv6 is selected on the LAN Setup is depicted as well in the FVS318Gv2 user manual here on pages 80-95.

 

For further assistance in setting up IPv6 on your FVS318Gv2, you may open an online case with NETGEAR Support at anytime.  

 

 

Regards,

 

DaneA
NETGEAR Community Team

Message 3 of 5
deadbeef
Tutor

Re: FVS318Gv2 - No LAN Groups in IPv6

Thank you for your response.

 

I read the manual and have to conclude that there is now way to write host specific firewall rules in IPv6 since IPv6 client addresses will be random (OSX, Linux, Windows clients all use RFC 3041 - Privacy Extensions by default).

 

In my opinion, this is a major gap in functionality for a "business class" device.

 

I will open a support case to see if there is a workaround.

Message 4 of 5
DaneA
NETGEAR Employee Retired

Re: FVS318Gv2 - No LAN Groups in IPv6

Hi deadbeef,

 

It appears that the online case you have opened about this concern has been forwarded to the engineering team.  Kindly wait for the response. 

 

 

Regards,

 

DaneA

NETGEAR Community Team 

Message 5 of 5
Discussion stats
  • 4 replies
  • 2813 views
  • 0 kudos
  • 2 in conversation
Announcements