06-23-2018 01:48 PM
PAN-OS has a gap in AppID for ICMPv6 apps. Working against RFC4890, I created custom apps for the recommended ICMPv6 types/codes.
Sharing here for other's benefit.
set application icmpv6-echo-request category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Echo Request" timeout 6 default ident-by-icmp6-type type 128 set application icmpv6-echo-reply category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Echo Reply" timeout 6 default ident-by-icmp6-type type 129 set application icmpv6-dest-unreach category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Destination Unreachable" timeout 6 default ident-by-icmp6-type type 1 set application icmpv6-too-big category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Packet Too Big" timeout 6 default ident-by-icmp6-type type 2 set application icmpv6-time-exceed0 category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Time Exceeded" timeout 6 default ident-by-icmp6-type type 3 code 0 set application icmpv6-time-exceed1 category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Time Exceeded" timeout 6 default ident-by-icmp6-type type 3 code 1 set application icmpv6-parm-prob0 category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Parameter Problem Code 1" timeout 6 default ident-by-icmp6-type type 4 code 0 set application icmpv6-parm-prob1 category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Parameter Problem Code 1" timeout 6 default ident-by-icmp6-type type 4 code 1 set application icmpv6-parm-prob2 category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Parameter Problem Code 2" timeout 6 default ident-by-icmp6-type type 4 code 2 set application icmpv6-rs category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Router Solicitation" timeout 6 default ident-by-icmp6-type type 133 set application icmpv6-ra category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Router Advertisement" timeout 6 default ident-by-icmp6-type type 134 set application icmpv6-ns category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Neighbor Solicitation" timeout 6 default ident-by-icmp6-type type 135 set application icmpv6-na category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Neighbor Advertisement" timeout 6 default ident-by-icmp6-type type 136 set application icmpv6-nds category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Inverse Neighbor Discovery Solicitation" timeout 6 default ident-by-icmp6-type type 141 set application icmpv6-nda category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Inverse Neighbor Discovery Advertisement" timeout 6 default ident-by-icmp6-type type 142 set application icmpv6-list-query category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Listener Query" timeout 6 default ident-by-icmp6-type type 130 set application icmpv6-list-report category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Listener Report" timeout 6 default ident-by-icmp6-type type 131 set application icmpv6-list-done category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Listener Done" timeout 6 default ident-by-icmp6-type type 132 set application icmpv6-list-report-v2 category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Listener Report v2" timeout 6 default ident-by-icmp6-type type 143 set application icmpv6-cps category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 SEND Cert Path Solicitation" timeout 6 default ident-by-icmp6-type type 148 set application icmpv6-cpa category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 SEND Cert Path Advertisement" timeout 6 default ident-by-icmp6-type type 149 set application icmpv6-mra category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Multicast Router Advertisement" timeout 6 default ident-by-icmp6-type type 151 set application icmpv6-mrs category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Multicast Router Solicitation" timeout 6 default ident-by-icmp6-type type 152 set application icmpv6-mrt category networking subcategory infrastructure technology network-protocol risk 1 parent-app ipv6-icmp description "ICMPv6 Multicast Router Termination" timeout 6 default ident-by-icmp6-type type 153
