Configure your Guardium®
deployment to use both IPv4 and IPv6 addresses.
Before you begin
Dual mode allows Guardium to
communicate with devices using IPv4, IPv6, or both network protocols. Follow this procedure to
enable dual mode on your central manager and register managed units using either IPv4
or IPv6.Attention: If your Domain Name System (DNS) supports multiple protocols, it can
return either an IPv4 or IPv6 address for a specific hostname. If the returned IP address does not
match the IP mode of the Guardium
system, this can result in network connectivity issues. To avoid this scenario, use the IP address
and not the hostname to connect a database, host, or device to the Guardium
system.
Ensure that you meet these prerequisites:
- Your central manager and managed units are running Guardium V11.1
or later.
- Your network is configured to use Guardium over
both IPv4 and IPv6.
- All devices in your environment use the appropriate protocol. For example, if you are using
IPv6, the Guardium
system and all Guardium
agents, such as S-TAPs, are assigned IPv6 addresses. If you are using IPv4, the Guardium
system and all Guardium
agents, such as S-TAPs, are assigned IPv4 addresses.
- Each device is assigned a distinct hostname for each protocol. For example, a device that is
running both IPv4 and IPv6 is configured with hostnames devicename-IPv4 and
devicename-IPv6.
- The DNS of your network is configured for IPv4 and IPv6.
Procedure
- On the central manager, set the IP mode to dual mode by
running the CLI command store system ipmode dual.
Important: Do not restart the network until you complete step
2.
- Set up IPv6 by running the following CLI commands.
This
assumes that the central manager had a functioning IPv4 configuration before enabling dual
mode. The following commands leave the existing IPv4 configuration intact while configuring
the central manager for IPv6 connections.
- store network interface ip <IP address>
Where
<IP address> is the primary IPv6 address of your Guardium system in
Classless Inter-Domain Routing (CIDR) notation. For example, store network interface ip
2002:0920:c000:3145:0000:0000:0000:0013/96
.
- store network routes defaultroute <IP address>
Where
<IP address> is the IPv6 address of the default router.
- store network resolvers <IPv4 address> <IPv6
address>
Where IPv4 address is one or more IPv4 DNS
addresses and IPv6 address is one or more IPv6 DNS addresses. When migrating
an existing IPv4 deployment to dual mode, specify the same IPv4
address values used for the original IPv4 configuration.
- Restart the network configuration by running the CLI command restart
network.
- Verify that you can ping your Guardium system's IPv4 and IPv6
addresses.
- Enable IPv4 or IPv6 on each managed unit.
- After the managed units are set up in either IPv4 or IPv6 mode, register each managed
unit to the central manager using the CLI command register management <central manager
IP> <port> from each managed unit.
Where
<central manager
IP> is the IPv4 or IPv6 address of the central manager and
<port> is the port number. For example,
register management
9.70.145.07 8443
for an IPv4 managed unit or
register management
2620:1f7:807:a000:920:8400:0:182 8443
for an IPv6 managed unit.
Important: To
avoid connectivity issues during registration, use the IP address and not the hostname. To
unregister a managed unit from a central manager, use the same IP mode and IP address that was used
during registration.
- After the central manager and managed units are configured, the environment is ready to
register databases, devices, and other agents to the Guardium
system using either IPv4 or IPv6 addresses.