Enable IPv6 Networking for Mobile Users—GlobalProtect Deployment (Strata Cloud Manager)
Focus
Focus
Prisma Access

Enable IPv6 Networking for Mobile Users—GlobalProtect Deployment (Strata Cloud Manager)

Table of Contents


Enable IPv6 Networking for Mobile Users—GlobalProtect Deployment (Strata Cloud Manager)

In addition to specifying mobile user IP address pools, you must configure IPv6 Availability for your Mobile Users—GlobalProtect deployments. If your network uses IPv6 DNS servers to resolve internal domains, you can also specify IPv6 addresses for primary and secondary DNS servers, as shown in the following section.
  1. Plan if you want to deploy IPv6 across your entire Prisma Access deployment, or for only a certain number of compute locations.
  2. Configure IPv6 availability for the regions where you want to deploy IPv6.
    1. Select WorkflowsPrisma Access SetupGlobalProtect and select the gear icon to edit the Infrastructure Settings.
    2. In the IPv6 Settings section, choose the locations you want to Enable IPv6 for.
      All locations are associated to a compute location. If locations in a compute location do not have IPv6 enabled, leave that compute location deselected.
  3. (Optional) If your internal DNS servers use are reachable by IPv6 addresses, select Add Region from the Client DNS section, select the check box to Resolve Internal Domains, Add a rule or specify the default rule, and specify Custom DNS Server IPv6 addresses for the Primary DNS and Secondary DNS server.
    If you enter IPv6 addresses for DNS servers, you must also have IPv6 addresses in your mobile user IP address pool.
    You can enter any combination of IPv4 or IPv6 addresses for primary and secondary DNS servers. If you enter an IPv6 address for the primary DNS server and an IPv4 address for the secondary DNS server, and a DNS query is received from a compute location that does not have IPv6 Availability enabled, Prisma Access uses the secondary DNS server because it uses an IPv4 address.
    IPv4 addresses use A records, while IPv6 addresses use AAAA records. Some DNS servers can perform AAAA DNS lookups over IPv4 transport; therefore, you might not need a server with an IPv6 IP address.
  4. (Optional) If you haven't yet completed the mobile users configuration, complete it now. See Set Up GlobalProtect Mobile Users for details.
  5. Push Config to deploy your changes to you network.