07-20-2021 10:55 AM
since the Covid situation, we went in a fast rollout regarding GlobalProtect and got a prelogon always on setup running - so far so good. As we enabled the users, wo work from home, we experienced lot's of issues regarding name resolution, since IPv6 an LLMNR interferes with the classical IPv4 DNS way.
As a result, we deployed a script, which disables IPv6 on all interfaces, so communication outside of the defined IPv4 way is not possible.
On a regular security audit, our pentest guy noticed, that IPv6 was enabled on the globalprotect tunnel adapter, but nobody enabled it and we even got logs from our custom script, that all of the IPv6 communication were successfully disabled.
Now the big question is - what software component enabled IPv6 again?
Maybe anyone has an idea, which logs/locations to check.
The script disables IPv6 on the interfaces with powershell "Disable-NetAdapterBinden -name <> -ComponentID ms_tcpip6". That survives a reboot as well.
Maybe that's even related to Windows updates or with GlobalProtect tunnel adapters expected behavior?
GlobalProtect latest 5.2 release, Windows 10 latest stable release
Looking forward to your ideas - many thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!