Many organizations are rapidly migrating to IPv6 networks, driven by ISP adoption and the depletion of IPv4 space. This transition often introduces security blind spots, making it challenging to maintain consistent country-based policy enforcement across dual-stack or IPv6-only environments. IPv6 support for IP geolocation supplements the existing IPv4 geolocation support for country-based Security, Decryption, and DoS Protection NGFW policies by providing visibility and control in dual-stack and IPv6-only environments using your current security policy rules with a single global switch. This unified approach simplifies policy management and ensures consistent security enforcement across both IPv4 and IPv6 networks. This addresses the growing adoption of IPv6 by ISPs and other large enterprise organizations as well as customers who are required to phase out IPv4 and implement IPv6 as part of a larger migration process.

To ensure up-to-date geolocation data, Palo Alto Networks provides a regularly updated global content file which includes an IPv4/IPv6 to country mapping database to determine the ownership of a given IP space. The IP to geolocation mapping for IPv6 addresses is supported with the same level of granularity and coverage as for IPv4 addresses, ensuring consistent policy enforcement across both address types. Alternatively, you can create your own custom mappings by providing a range of IPv6 addresses to a specified region; these have precedence over the default mapping and can be used to fine-tune your security policies.