Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

PANOS 8.0.4 warning ipv6 not enabled on tunnel interface

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PANOS 8.0.4 warning ipv6 not enabled on tunnel interface

L3 Networker

Hello All,

I just upgraded to 8.0.4 and now when I commit the tunnel interface associated with my external GP gateway gives a warning that "ipv6 is not enabled on the tunnel interface tunnel.1.  IPv6 address will be ignored!"

Did something change in the gateway configuration.  I've gone over and over a few times and am not finding a reference to IPv6 anywhere.  It's set to use IPv4 Only.  If I remove the tunnel interface from the gateway config or I enable IPv6 on the tunnel interface, the warning goes away.  Is there a setting I need to change or could this be an issue with 8.0.4?

2 accepted solutions

Accepted Solutions

L4 Transporter

PAN OS 8.0 added IPv6 support for Global Protect.  

 

https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/globalprotect-features/ipv...

 

If you don't need IPv6 for Global Protect, just ignore the warning message.  It is perfectly safe.

 

E

View solution in original post

To confirm... I enabled v6 on all tunnels just to remove the warning. It made no difference to GP operation. 

View solution in original post

14 REPLIES 14

L4 Transporter

PAN OS 8.0 added IPv6 support for Global Protect.  

 

https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/globalprotect-features/ipv...

 

If you don't need IPv6 for Global Protect, just ignore the warning message.  It is perfectly safe.

 

E

Thanks for the reply.  Would there be a reason not to enable IPv6 on the tunnel interface?  If GP isn't using IPv6 for client IPs, I don't see how it could affect anything.

To confirm... I enabled v6 on all tunnels just to remove the warning. It made no difference to GP operation. 

Thanks for the confirmation!

L2 Linker

JFYI:

I did open a tech support case for this in december.

I got the infomation, this is a kown cosmetic bug.

There will be no fix in 8.0.x

There should be a solution in 8.1.

I can't confirm this with 8.1.0, but will wait for 8.1.1.

Not fixed in 9.0.x.

I tested on the PA 8.1.9 GP external Gateway I do not get any warning message.

MP

Help the community: Like helpful comments and mark solutions.

Thanks @MP18 . To clarify my post, I still get the warnings on 8.1.9-h4 and 9.0.5 when the enable IPv6 on the interface is unchecked in the tunnel interface config. From what @fb-pan posted, this was going to be addressed in future code releases. I do not want to use the workaround.

Thanks for replying back.

Try 8.1.9 if you can as it works fine for me without enabling Tunnel Interface for IPv6.

MP

Help the community: Like helpful comments and mark solutions.

@MP18 

I'm still seeing the commit warnings with 8.1.9.

 

  • Warning: tunnel tunnel.666 ipv6 is not enabled. IPv6 address will be ignored!
  • (Module: rasmgr)

please try this 

 

Disable IPv6 Firewalling under Device - Setup - Session - Session Settings will get rid of those warnings.

MP

Help the community: Like helpful comments and mark solutions.

Unchecking Enable IPv6 Firewalling from Session Settings did not clear the tunnel interface warnings.

I mean you need to check the option for IPV6  Firewalling from Session Settings 

MP

Help the community: Like helpful comments and mark solutions.

I disabled the IPv6 Firewalling option in that exact location you specified, and I still got "Warning: tunnel tunnel.41 ipv6 is not enabled. IPv6 address will be ignored!" So, no, that doesn't work.

  • 2 accepted solutions
  • 14420 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!