This is a great place to get yourself access to the IPv6 world.
Start by registering for an account and getting yourself and IPv6 block.
Next setup your SRX.
Setup you IP interface. This will be used to create the IP tunnel.
ip-0/0/0 {
unit 0 {
tunnel {
source #Your Gateway IP#;
destination #IP of tunnelbroker server#;
}
family inet6 {
address #local IPv6 address#;
}
}
}
Setup an Ethernet port with an IPv6 IP. VLAN interfaces aren't currently supported. I configured this and then looped it back into the SRX's switch.
fe-0/0/1 {
description "IPv6 interface";
unit 0 {
family inet6 {
address #your IPv6 network#; //make this the first IP in the pool just to keep it simple
}
}
}
Now correctly place all the interfaces into zones.
security-zone ipv6-trust {
interfaces {
fe-0/0/1.0 {
host-inbound-traffic {
system-services {
dhcpv6;
ping;
}
}
}
}
}
security-zone ipv6-untrust {
interfaces {
ip-0/0/0.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
}
}
Create your policies.
from-zone ipv6-trust to-zone ipv6-untrust {
policy 1 {
match {
source-address any-ipv6;
destination-address any-ipv6;
application any;
}
then {
permit;
}
}
}
Setup your IPv6 forwarding mode to flow
security {
forwarding-options {
family {
inet6 {
mode flow-based;
}
}
}
}
}
Lastly setup DHCP.
access {
address-assignment {
pool home {
family inet6 {
prefix #IPv6 network#;
range range1 {
low #low IP in range#;
high #high IP in range#;
}
dhcp-attributes {
maximum-lease-time 120;
grace-period 3600;
dns-server {
# tunnel broker DNS IP#;
}
}
}
}
}
}
Reboot and you should be set!
