About IPv6 Prefix Delegation

The threat defense can act as a DHPCv6 Prefix Delegation client so that the client interface, for example the outside interface connected to a cable modem, can receive one or more IPv6 prefixes that the threat defense can then subnet and assign to its inside interfaces. Hosts connected to the inside interfaces can then use StateLess Address Auto Configuration (SLAAC) to obtain global IPv6 addresses. Note that the inside threat defense interfaces do not in turn act as Prefix Delegation servers; the threat defense can only provide global IP addresses to SLAAC clients. For example, if a router is connected to the threat defense, it can act as a SLAAC client to obtain its IP address. But if you want to use a subnet of the delegated prefix for the networks behind the router, you must manually configure those addresses on the router's inside interfaces.

The threat defense includes a light DHCPv6 server so the threat defense can provide information such as the DNS server and domain name to SLAAC clients when they send Information Request (IR) packets to the threat defense. The threat defense only accepts IR packets, and does not assign addresses to the clients. You will configure the client to generate its own IPv6 address by enabling IPv6 autoconfiguration on the client. Enabling stateless autoconfiguration on a client configures IPv6 addresses based on prefixes received in Router Advertisement messages; in other words, based on the prefix that the threat defense received using Prefix Delegation.