GlobalProtect and IPv6

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect and IPv6

L2 Linker

So we're rolling out IPv6 to our network, one thought that just crossed my mind is what kind/if any support for IPv6 does GlobalProtect have?

 

An issue I see is when we start listed AAAA records for internal servers in DNS, external VPN users will get those responses and will try to access those directly (and be denied) unless I can route them over the tunnel.

 

I currently get an error adding a IPv6 range to the gateway config thought I can add an access route to the config for an IPv6 block but after some brief testing it doesn't make it to the client.

 

Any thoughts?

1 ACCEPTED SOLUTION

Accepted Solutions

Nope.

Slide from v7 201 training course material:

cpipv6.PNG

Enterprise Architect, Security @ Cloud Carib Ltd
ACE, PCNSE, PCNSI

View solution in original post

9 REPLIES 9

L7 Applicator

GlobalProtect does not support IPv6.

https://live.paloaltonetworks.com/t5/Learning-Articles/IPv6-Support-on-the-Palo-Alto-Networks-Firewa...

Enterprise Architect, Security @ Cloud Carib Ltd
ACE, PCNSE, PCNSI

Hmm, that's no good. I was hoping it fell under IPSec VPN but I guess that was optimistic.

Nope.

Slide from v7 201 training course material:

cpipv6.PNG

Enterprise Architect, Security @ Cloud Carib Ltd
ACE, PCNSE, PCNSI

Hi Guys,

I wanted to continue to on this thread as it's somewhat related. 

 

We have PA-3020 running PAN-ON 6.1.10

We have encountered problems with our staff member who is unable to connect to our Global Protect portal.


Up on investigation we found that the ISP issues IPv6 address(!) 

When the individual goes to "whats my ip" in google, the IP address that shows up is a long IPv6 address and the ISP shows as "Google" 

 

However, when he goes to other website, http://www.whatsmyip.org/ that shows IPv4 

We had a look at our logs, and we can see connection attempts from IPv4 provided.
There is nothing out of ordinary, there are even packets exchanged.

However the user is unable to connect. 

 

We asked him to create an AP from his phone and connect this way and that worked.



Can somebody elaborate on the issues we are experiencing? 
If I were to go to the ISP what should I tell them ? So far, according to them everything works...

 

Any thoughts?

 

Thanks
Mariusz

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!