Support for IPv6-Only GlobalProtect Deployments

You can now configure GlobalProtect gateways to assign only IPv6 addresses to connecting endpoints.
Software Support
: Starting with PAN-OS® 9.0
You can now configure GlobalProtect gateways with IP pools that use only IPv6 addresses. With this enhancement, GlobalProtect can support remote access deployments with end-to-end IPv6-only infrastructures. In PAN-OS 8.1 and earlier releases, you are required to configure IP pools with both IPv4 and IPv6 subnets or address ranges in order to assign IPv6 addresses to connecting endpoints.
ipv6-only-deployment.png
  1. Enable tunneling.
    1. From your gateway configuration (
      Network
      GlobalProtect
      Gateways
      <gateway-config>
      ), select
      Agent
      Tunnel Settings
      to enable
      Tunnel Mode
      .
  2. Configure an IPv6-only IP pool.
    Use one of the following options to configure an IPv6-only IP pool at either the client level or the gateway level:
    You can configure an IP pool at only the client level (
    Network
    GlobalProtect
    Gateways
    <gateway-config>
    GlobalProtect Gateway Configuration
    Agent
    Client Settings
    <client-setting>
    Configs
    IP Pools
    ) or only the gateway level (
    Network
    GlobalProtect
    Gateways
    <gateway-config>
    GlobalProtect Gateway Configuration
    Agent
    Client IP Pool
    ).
    • To assign only IPv6 addresses to connecting endpoints with a specific client settings configuration, configure a client level IPv6-only IP pool:
      1. From your gateway configuration (
        Network
        GlobalProtect
        Gateways
        <gateway-config>
        ), select
        Agent
        Client Settings
        .
      2. Select an existing client settings configuration or
        Add
        a new one.
      3. Select
        IP Pools
        .
      4. In the IP Pool area,
        Add
        an IPv6 subnet or address range. To ensure proper routing back to the gateway, you must use a different range of IP addresses from those assigned to existing IP pools on the gateway (if applicable) and to the endpoints that are physically connected to your LAN.
        ipv6-only-ip-pool-client-level.png
      5. Click
        OK
        to save your client settings configuration.
    • To assign only IPv6 addresses to all endpoints that connect to the gateway, configure a global IPv6-only IP pool:
      1. From your gateway configuration (
        Network
        GlobalProtect
        Gateways
        <gateway-config>
        ), select
        Agent
        Client IP Pool
        .
      2. In the IP Pool area,
        Add
        an IPv6 subnet or address range. To ensure proper routing back to the gateway, you must use a different range of IP addresses from those assigned to the endpoints that are physically connected to your LAN.
        ipv6-only-ip-pool-gateway-level.png
  3. Save your gateway configuration.
    1. Click
      OK
      .
    2. Commit
      the changes.

Recommended For You