Set Up an IPv6 Sinkhole On the On-Premises Gateway
Focus
Focus

Set Up an IPv6 Sinkhole On the On-Premises Gateway

Table of Contents

Set Up an IPv6 Sinkhole On the On-Premises Gateway

Set up an IPv6 sinkhole for a Prisma Access GlobalProtect mobile users deployment.
If you have a hybrid deployment that uses next-generation firewalls configured as gateways with Prisma Access, perform the following task on the on-premises gateway to drop the IPv6 traffic.
  1. Add IPv6 IP pools to your GlobalProtect agent configuration.
    1. Select
      Network
      GlobalProtect
      Gateways
      .
    2. Select an existing GlobalProtect gateway or
      Add
      a new one.
    3. Select
      Agent
      Client Settings
      .
    4. Select the agent configuration to modify or
      Add
      a new one.
    5. Select
      IP Pools
      ; then,
      Add
      an IPv6 pool to assign to the virtual network adapter on the endpoints that connect to the GlobalProtect gateway uses for mobile network traffic and click
      OK
      .
  2. Enable IPv6 on the interface.
    1. Select
      Device
      Interface
      Tunnel
      and select the tunnel
      Interface
      that you use for the mobile user’s traffic.
    2. Select
      IPv6
      ; then, select
      Enable IPv6 on the interface
      .
  3. Add a security policy to set a TCP reset action that will terminate sessions with IPv6 source traffic that matches the IP pools you configured in Step 1.
    1. Select
      Policies
      Security
      and
      Add
      a new security policy.
    2. Set the
      Source Address
      in the rule to match the IP pools you configured in Step 1.
    3. Select
      Actions
      ; then, select an
      Action Setting
      of
      Reset Client
      and click
      OK
      .
  4. Commit
    your changes.
  5. (
    Optional
    ) Perform this task on all the gateway firewalls in your deployment.

Recommended For You