Enable IPv6 in a new deployment

Configure your new Guardium® deployment to use IPv6 addresses exclusively.

Before you begin

Warning: If you set the IP mode to IPv6, Guardium cannot communicate with systems running on other network protocols and any previous network settings are wiped out.
Ensure that you meet these prerequisites:
  • Your central manager and managed units are running on V11.1 or later.
  • Your network is configured to use Guardium over IPv6.
  • All devices in your environment use IPv6 addresses. For example, the Guardium system and all Guardium agents, such as S-TAPs, are assigned IPv6 addresses.
  • The Domain Name System (DNS) of your network is configured for IPv6.

About this task

Procedure

  1. On the central manager, set the IP mode to IPv6 by running the CLI command store system ipmode ipv6.
    Important: Do not restart the network until you complete step 2.
  2. Set up IPv6 by running the following CLI commands.
    1. store system hostname <hostname>
      Where <hostname> can be resolved by the DNS for IPv6 addresses.
    2. store system domain <domain name>
      Where <domain> is the domain name of your network.
    3. store network interface ip <IP address>
      Where <IP address> is the primary IPv6 address of your Guardium system in Classless Inter-Domain Routing (CIDR) notation. For example, store network interface ip 2002:0920:c000:3145:0000:0000:0000:0013/96.
    4. store network routes defaultroute <IP address>
      Where <IP address> is the IPv6 address of the default router.
    5. store network resolvers <IP address>
      Where IP address is one or more IPv6 addresses for your DNS servers.
  3. Restart the network configuration by running the CLI command restart network.
  4. Verify that you can ping your Guardium system's IPv6 address.
  5. Repeat steps 1 - 4 on each managed unit.
  6. Register managed units to the central manager using the CLI command register management <central manager IP> <port> from each managed unit.
    Where <central manager IP> is the IPv6 address of the central manager and <port> is the port number. For example, register management 2620:1f7:807:a000:920:8400:0:182 8443. Repeat this step for each managed unit.
    Important: To avoid connectivity issues during registration, use the IP address and not the hostname. To unregister a managed unit from a central manager, use the same IP mode and IP address that was used during registration.
  7. After the central manager and managed units are configured, the environment is ready to register databases, devices, and other agents to the Guardium system using IPv6 addresses.