IPv6 support for IP geolocation provides visibility and control in dual-stack and
IPv6-only environments using your current security policy rules with a single global
switch.
IPv6 support for IP geolocation supplements the existing IPv4 geolocation support for
country-based
Security,
Decryption, and
DoS Protection policies by providing
visibility and control in dual-stack and IPv6-only environments using your current
security policy rules with a single global switch. This unified approach simplifies
policy management and ensures consistent security enforcement across both IPv4 and
IPv6 networks. This addresses the growing adoption of IPv6 by ISPs and other large
enterprise organizations as well as customers who are required to phase out IPv4 and
implement IPv6 as part of a larger migration process.
To ensure up-to-date geolocation data, Palo Alto Networks provides a regularly
updated global content file which includes an IPv4/IPv6 to country mapping database
to determine the ownership of a given IP space. The IP to geolocation mapping for
IPv6 addresses is supported with the same level of granularity and coverage as for
IPv4 addresses, ensuring consistent policy enforcement across both address types.
Alternatively, you can
create your own custom mappings by providing a
range of IPv6 addresses to a specified region; these have precedence over
the default mapping and can be used to fine-tune your security policies.
Additionally, IPv6 support for IP Geolocation integrates seamlessly with existing
Palo Alto Networks logging and monitoring tools. Source and destination countries
are displayed in logs for IPv6 traffic, and you can filter logs by source or
destination country to include IPv6 traffic. All ACC widgets that display source or
destination country information now count IPv6 traffic as well.