Enable dual IP mode in an existing IPv4 deployment

Configure your Guardium® deployment to use both IPv4 and IPv6 addresses.

Before you begin

Dual mode allows Guardium to communicate with devices using IPv4, IPv6, or both network protocols. Follow this procedure to enable dual mode on your central manager and register managed units using either IPv4 or IPv6.
Attention: If your Domain Name System (DNS) supports multiple protocols, it can return either an IPv4 or IPv6 address for a specific hostname. If the returned IP address does not match the IP mode of the Guardium system, this can result in network connectivity issues. To avoid this scenario, use the IP address and not the hostname to connect a database, host, or device to the Guardium system.
Ensure that you meet these prerequisites:
  • Your central manager and managed units are running Guardium V11.1 or later.
  • Your network is configured to use Guardium over both IPv4 and IPv6.
  • All devices in your environment use the appropriate protocol. For example, if you are using IPv6, the Guardium system and all Guardium agents, such as S-TAPs, are assigned IPv6 addresses. If you are using IPv4, the Guardium system and all Guardium agents, such as S-TAPs, are assigned IPv4 addresses.
  • Each device is assigned a distinct hostname for each protocol. For example, a device that is running both IPv4 and IPv6 is configured with hostnames devicename-IPv4 and devicename-IPv6.
  • The DNS of your network is configured for IPv4 and IPv6.

Procedure

  1. On the central manager, set the IP mode to dual mode by running the CLI command store system ipmode dual.
    Important: Do not restart the network until you complete step 2.
  2. Set up IPv6 by running the following CLI commands.
    This assumes that the central manager had a functioning IPv4 configuration before enabling dual mode. The following commands leave the existing IPv4 configuration intact while configuring the central manager for IPv6 connections.
    1. store network interface ip <IP address>
      Where <IP address> is the primary IPv6 address of your Guardium system in Classless Inter-Domain Routing (CIDR) notation. For example, store network interface ip 2002:0920:c000:3145:0000:0000:0000:0013/96.
    2. store network routes defaultroute <IP address>
      Where <IP address> is the IPv6 address of the default router.
    3. store network resolvers <IPv4 address> <IPv6 address>
      Where IPv4 address is one or more IPv4 DNS addresses and IPv6 address is one or more IPv6 DNS addresses. When migrating an existing IPv4 deployment to dual mode, specify the same IPv4 address values used for the original IPv4 configuration.
  3. Restart the network configuration by running the CLI command restart network.
  4. Verify that you can ping your Guardium system's IPv4 and IPv6 addresses.
  5. Enable IPv4 or IPv6 on each managed unit.
  6. After the managed units are set up in either IPv4 or IPv6 mode, register each managed unit to the central manager using the CLI command register management <central manager IP> <port> from each managed unit.
    Where <central manager IP> is the IPv4 or IPv6 address of the central manager and <port> is the port number. For example, register management 9.70.145.07 8443 for an IPv4 managed unit or register management 2620:1f7:807:a000:920:8400:0:182 8443 for an IPv6 managed unit.
    Important: To avoid connectivity issues during registration, use the IP address and not the hostname. To unregister a managed unit from a central manager, use the same IP mode and IP address that was used during registration.
  7. After the central manager and managed units are configured, the environment is ready to register databases, devices, and other agents to the Guardium system using either IPv4 or IPv6 addresses.