If you have a hybrid deployment that uses next-generation
firewalls configured as gateways with
Prisma Access
, perform the
following task on the on-premises gateway to drop the IPv6 traffic.
Add
IPv6 IP pools to your GlobalProtect agent configuration.
Select
Network
GlobalProtect
Gateways
.
Select an existing GlobalProtect gateway or
Add
a
new one.
Select
Agent
Client Settings
.
Select the agent configuration to modify or
Add
a
new one.
Select
IP Pools
; then,
Add
an
IPv6 pool to assign to the virtual network adapter on the endpoints
that connect to the GlobalProtect gateway uses for mobile network
traffic and click
OK
.
Enable IPv6 on the interface.
Select
Device
Interface
Tunnel
and
select the tunnel
Interface
that you use
for the mobile user’s traffic.
Select
IPv6
; then, select
Enable
IPv6 on the interface
.
Add a security policy to set a TCP reset action that
will terminate sessions with IPv6 source traffic that matches the
IP pools you configured in Step 1.
Select
Policies
Security
and
Add
a
new security policy.
Set the
Source Address
in the
rule to match the IP pools you configured in Step 1.
Select
Actions
; then, select
an
Action Setting
of
Reset Client
and
click
OK
.
Commit
your changes.
(
Optional
) Perform this task on all the gateway
firewalls in your deployment.