>
    Enable IPv6 Networking for Mobile Users—GlobalProtect Deployment
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Advanced Deployments
    4. IPv6 Support for Private App Access
    5. Enable IPv6 Networking for Mobile Users—GlobalProtect Deployment
    Download PDF
    Prisma Access

    Enable IPv6 Networking for Mobile Users—GlobalProtect Deployment

    Table of Contents

    Enable IPv6 Networking for Mobile Users—GlobalProtect Deployment

    How to enable IPv6 networking for a Prisma Access Mobile Users—GlobalProtect deployment.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • Prisma Access
       license version 2.2 Preferred and later
    In addition to specifying mobile user IP address pools, you must configure
    IPv6 Availability
     for your Mobile Users—GlobalProtect deployments. If your network uses IPv6 DNS servers to resolve internal domains, you can also specify IPv6 addresses for primary and secondary DNS servers, as shown in the following section.

    Cloud Management

    In addition to specifying mobile user IP address pools, you must configure
    IPv6 Availability
     for your Mobile Users—GlobalProtect deployments. If your network uses IPv6 DNS servers to resolve internal domains, you can also specify IPv6 addresses for primary and secondary DNS servers, as shown in the following section.
    1. Plan if you want to deploy IPv6 across your entire Prisma Access deployment, or for only a certain number of compute locations.
    2. Configure IPv6 availability for the regions where you want to deploy IPv6.
      1. Select
        Manage
        Service Setup
        GlobalProtect
         and select the gear icon to edit the
        Infrastructure Settings
        .
        If you're using Strata Cloud Manager, go to
        Workflows
        Prisma Access Setup
        GlobalProtect
        .
      2. In the
        IPv6 Settings
         section, choose the locations you want to
        Enable
         IPv6 for.
        All locations are associated to a compute location. If locations in a compute location do not have IPv6 enabled, leave that compute location deselected.
    3. (
      Optional
      ) If your internal DNS servers use are reachable by IPv6 addresses, select
      Add Region
       from the
      Client DNS
       section, select the check box to
      Resolve Internal Domains
      ,
      Add
       a rule or specify the default rule, and specify
      Custom
       DNS Server IPv6 addresses for the
      Primary DNS
       and
      Secondary DNS
       server.
      If you enter IPv6 addresses for DNS servers, you must also have IPv6 addresses in your mobile user IP address pool.
      You can enter any combination of IPv4 or IPv6 addresses for primary and secondary DNS servers. If you enter an IPv6 address for the primary DNS server and an IPv4 address for the secondary DNS server, and a DNS query is received from a compute location that does not have
      IPv6 Availability
       enabled, Prisma Access uses the secondary DNS server because it uses an IPv4 address.
      IPv4 addresses use A records, while IPv6 addresses use AAAA records. Some DNS servers can perform AAAA DNS lookups over IPv4 transport; therefore, you might not need a server with an IPv6 IP address.
    4. (
      Optional
      ) If you haven't yet completed the mobile users configuration, complete it now. See Set Up GlobalProtect Mobile Users for details.
    5. Push Config
       to deploy your changes to you network.

    Panorama

    How to enable IPv6 networking for a Prisma Access Mobile Users—GlobalProtect deployment.
    In addition to specifying mobile user IP address pools, you must configure
    IPv6 Availability
     for your Mobile Users—GlobalProtect deployments. If your network uses IPv6 DNS servers to resolve internal domains, you can also specify IPv6 addresses for primary and secondary DNS servers, as shown in the following section.
    1. Plan if you want to deploy IPv6 across your entire Prisma Access deployment, or for only a certain number of compute locations.
    2. Configure IPv6 availability for the regions where you want to deploy IPv6.
      1. In the
        IPv6 Availability
         tab,
        Enable IPv6
         for the locations for which you want to enable IPv6.
        All locations are associated to a compute location. If locations in a compute location do not have IPv6 enabled, leave that compute location deselected.
    3. (
      Optional
      ) If your internal DNS servers use are reachable by IPv6 addresses, click the
      Network Services
       tab,
      Add
       a rule or specify the default rule, and specify
      Custom DNS Server
       IPv6 addresses for the
      Primary DNS
       and
      Secondary DNS
       server.
      If you enter IPv6 addresses for DNS servers, you must also have IPv6 addresses in your mobile user IP address pool.
      You can enter any combination of IPv4 or IPv6 addresses for primary and secondary DNS servers. If you enter an IPv6 address for the primary DNS server and an IPv4 address for the secondary DNS server, and a DNS query is received from a compute location that does not have
      IPv6 Availability
       enabled, Prisma Access uses the secondary DNS server because it uses an IPv4 address.
      IPv4 addresses use A records, while IPv6 addresses use AAAA records. Some DNS servers can perform AAAA DNS lookups over IPv4 transport; therefore, you might not need a server with an IPv6 IP address.
    4. (
      Optional
      ) If you have not yet completed the mobile users configuration, complete it now. See Set Up GlobalProtect Mobile Users for details.
    5. Commit and Push
       your changes.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.