Migrate to IPv6 in an existing IPv4 deployment

Configure your existing Guardium® deployment to use IPv6 addresses exclusively.

Before you begin

Ensure that you meet these prerequisites:
  • Your central manager and managed units are running on V11.1 or later.
  • Your network is configured to use Guardium over IPv6.
  • All devices in your environment use IPv6 addresses. For example, the Guardium system and all Guardium agents, such as S-TAPs, are assigned IPv6 addresses.
  • The Domain Name System (DNS) of your network is configured for IPv6.

About this task

Use this procedure to enable IPv6 on a central manager in an existing IPv4 environment.
Attention: If you set the IP mode to IPv6, Guardium cannot communicate with the systems that are running in IPv4 mode. Any previous network settings, including all IPv4 configurations, are wiped out.

Procedure

  1. On the central manager, set the IP mode to dual mode by running the CLI command store system ipmode dual.
    Important: Do not restart the network until you complete step 2.
  2. Set up IPv6 by running the following CLI commands.
    1. store network interface ip <IP address>
      Where <IP address> is the primary IPv6 address of your Guardium system in Classless Inter-Domain Routing (CIDR) notation. For example, store network interface ip 2002:0920:c000:3145:0000:0000:0000:0013/96.
    2. store network routes defaultroute <IP address>
      Where <IP address> is the IPv6 address of the default router.
    3. store network resolvers <IP address>
      Where IP address is one or more IPv6 addresses for your DNS servers.
  3. Unregister managed units by running the CLI command unregister management on each managed unit.
  4. Migrate each managed unit to dual mode.
    1. Set the IP mode to dual mode by running the CLI command store system ipmode dual.
      Important: Do not restart the network until you complete step 4.b.
    2. Set up IPv6 by running the following CLI commands.
      1. store network interface ip <IP address>

        Where <IP address> is the primary IPv6 address of your Guardium system in Classless Inter-Domain Routing (CIDR) notation. For example, store network interface ip 2002:0920:c000:3145:0000:0000:0000:0013/96.

      2. store network routes defaultroute <IP address>

        Where <IP address> is the IPv6 address of the default router.

      3. store network resolvers <IP address>

        Where IP address is one or more IPv6 addresses for your DNS servers.

  5. Restart the network configuration by running the CLI command restart network on the central manager.
  6. Register managed units to the central manger using the CLI command register management <central manager IP> <port> from each managed unit.
    Where <central manager IP> is the IPv6 address of the central manager and <port> is the port number. For example, register management 2620:1f7:807:a000:920:8400:0:182 8443. Repeat this step for each managed unit.
    Important: To avoid connectivity issues during registration, use the IP address and not the hostname.

    To unregister a managed unit from a central manager, use the same IP mode and IP address that was used during registration.

  7. After the central manager and managed units are configured, the environment is ready to register databases, devices, and other agents to the Guardium system using IPv6 addresses.