IPv6 for GlobalProtect
GlobalProtect clients and satellites can now connect to portals and gateways using IPv6. This feature allows connection from clients that are in IPv6-only environments, IPv4-only environments, or dual-stack (IPv4 and IPv6) environments. The tunnel endpoints are IPv6 capable and IPv6 user traffic can be routed through the tunnel. You can encapsulate IPv4 traffic within an IPv6 tunnel and the IP address pool can assign both IPv4 and IPv6 addresses. This feature requires you to install a GlobalProtect subscription on any portal or gateway that uses IPv6.
IPv6 uses 16-byte hexadecimal number fields separated by colons (:) to represent the 128-bit addressing format. For example, 2001:db8:130D:0000:0000:09F0:876A:130B.
To make an IPv6 address easier to represent, IPv6 uses the following conventions to shorten the address:
- Leading zeros in the address field are optional. For example, the following hexadecimal numbers can be represented as shown:
- 0000 (expanded) can be represented as 0 (compressed)
- 2001:db8:130D:0000:0000:09F0:876A:130B (expanded) can be represented as 2001:db8:130D:0:0:9F0:876A:130B (compressed)
- A pair of colons (::) represents successive fields of zeros. The pair of colons can be used only once in an IPv6 address. For example:
- E2001:db8:130D:0:0:9F0:876A:130B (expanded) can be represented as 2001:db8:130D::9F0:876A:130B (compressed)
- DD01:0:0:0:0:0:1 (expanded) can be represented as DD01::1 (compressed)
An address parser can easily identify the number of missing zeros in an IPv6 address by separating the two parts of the address and filling in the zeros until the 128-bit address is complete. However, if two colons (::) are placed in the same address, then there is no way to identify the size of each block of zeros. The use of colons makes many IPv6 addresses very small.
- Before you configure an IP address, select the
type of GlobalProtect connection you want to configure.Select the type of GlobalProtect connection you want to configure. This can include connections to the GlobalProtect portal, GlobalProtect internal gateways, GlobalProtect external gateways, authentication server IP pools, and tunnel interfaces to satellites.
- Navigate to Network Settings for
the connection type. For portal and gateway configurations, Network Settings are located on the General tab. For satellite configurations, there is a Network Settings tab.
- Choose the IP Address Type from the drop down. The IP address type can be IPv4 (for IPv4 traffic only), IPv6 (for IPv6 traffic only, or IPv4 and IPv6. Use IPv4 and IPv6 if your network supports dual stack configurations, where IPv4 and IPv6 run at the same time.
- Enter the IP Address. The IP address you enter must be compatible with the IP address type. For example, 172.16.1/0 for IPv4 addresses or 21DA:D3:0:2F3B for IPv6 addresses. For dual stack configurations, enter both an IPv4 and IPv6 address.
IPSec Tunnel Proxy IDs Tab
IPSec Tunnel Proxy IDs Tab Network > IPSec Tunnels > Proxy IDs The IPSec Tunnel Proxy IDs tab is separated into two tabs: IPv4 and ...
Configure the Portal
Configure the Portal After you have completed the GlobalProtect Portal for LSVPN Prerequisite Tasks , configure the GlobalProtect portal as follows: Add the portal. Select ...
GlobalProtect Portals General Tab
GlobalProtect Portals General Tab Select Network GlobalProtect Portals General to define the network settings that an agent or app uses to connect to the GlobalProtect ...
Configure GlobalProtect Gateways for LSVPN
Configure GlobalProtect Gateways for LSVPN Because the GlobalProtect configuration that the portal delivers to the satellites includes the list of gateways the satellite can connect ...
IPSec Tunnel General Tab
IPSec Tunnel General Tab Network > IPSec Tunnels > General Use the following fields to set up an IPSec tunnel. IPSec Tunnel General Settings Description ...
GlobalProtect Gateways General Tab
GlobalProtect Gateways General Tab Select Network GlobalProtect Gateways General to define the gateway interface to which the agents or apps can connect and specify how ...
GlobalProtect Portals Agent Internal Tab
GlobalProtect Portals Agent Internal Tab Select Network GlobalProtect Portals Agent Internal to configure the settings for internal gateways for an agent configuration. GlobalProtect Portal Internal ...
GlobalProtect Features New GlobalProtect Features Description Clientless VPN You can now use Clientless VPN for securing remote access to common enterprise web applications that use ...
Set Up Access to the GlobalProtect Portal
Set Up Access to the GlobalProtect Portal After you have completed the Prerequisite Tasks for Configuring the GlobalProtect Portal , configure the GlobalProtect portal as ...