IPv6 Support

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

IPv6 Support

L0 Member

Are there any updates as to if/when PAN will support DHCPv6 Client and IPv6 Prefix Delegation? This is preventing a purchase for me. Without the ability to receive an IPv6 address and prefix delegation dynamically on the WAN interface, this is a show stopper.

6 REPLIES 6

Cyber Elite
Cyber Elite

Good Afternoon

 

I am not 100% sure, but can you take a look at this article and see if it describes what you are looking for?

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKlCAK

 

 

Help the community: Like helpful comments and mark solutions

It does not, but thanks for the attempt. The M and O flags provide a way for you to configure how you are going to assign IPv6 addresses to other devices on the network, either via SLAAC or DHCP. You still have to manually assign a static IP to the interface (referenced by looking at the screen shot in the article).

 

We need to be able to obtain an IPv6 address on the interface dynamically via DHCP. And then more importantly be able to support prefix delegation. With prefix delagation, the provider hands you a delgated prefix over DHCP as well. The firewall needs to be able to receive that and know what to do with it.

 

With other solutions that support it, there are usually options on the interface configuration that allow you to send an IPv6 prefix hint to indicate the desired prefix size for delegation. That is typically done on the external or WAN interface. Then there are typically options on the interface settings that you would set on your LAN interfaces to tell them to "track" the WAN interface to get their IPv6 addresses / delegated prefixes.

 

Without support of these two options, PAN is basically incapable of routing IPv6 to/from the internet.

L0 Member

Had a chat with my SE. It seems that DHCPv6-PD didn't show up in his searching of feature requests.  If you need this feature, you should contact your SE and reference the following feature request ID.

FR ID: 13342 

L1 Bithead

Lack of IPv6 DHCP-PD makes these, specially for GlobalProtect, not usable in Amazon AWS. If you have a GP setup in Amazon, it's not possible to run dual stack, and IPv6 traffic just bypasses the GP tunnel.

L0 Member

I know this an old thread, but in case you didn't see this, they finally added this feature! I upgraded a couple of days ago and have been running ipv6 ever since.

 

https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-new-features/networking-features/dhcpv6-client-...

L1 Bithead

It is still not possible to have GlobalProtect in VM-Series in AWS. GP portal or gateway will not attach to interfaces with DHCPv6-PD enabled.

  • 6903 Views
  • 6 replies
  • 10 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!