>
    Enable IPv6 Networking for Remote Networks
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Access
    4. Prisma Access Advanced Deployments
    5. Advanced Deployments that Apply to All Prisma Access Types
    6. IPv6 Support for Private App Access
    7. Enable IPv6 Networking for Remote Networks
    Download PDF

    Enable IPv6 Networking for Remote Networks

    Table of Contents

    Enable IPv6 Networking for Remote Networks

    Enable IPv6 networking in a Prisma Access remote network deployment.
    For remote network connections, you can use IPv6 subnets for static routes. For BGP routing, you can enter IPv6 peer addresses and specify that BGP use IPv6 routing only or both IPv4 and IPv6 routing.
    To configure IPv6 networking for remote network connections, complete the following task.
    1. (Optional) Enter IPv6 addresses to your custom DNS server proxy configuration.
      1. Select PanoramaCloud ServicesConfigurationRemote Networks and edit the settings by clicking the gear icon in the Settings area.
      2. In the DNS Proxy area, enter IPv6 Custom DNS Server addresses for your DNS proxy settings.
        See Onboard and Configure Remote Networks for more information about configuring DNS proxy settings for remote networks.
    2. Select PanoramaCloud ServicesConfigurationRemote Networks.
    3. Add a new remote network connection or select an existing service connection to edit it.
    4. Set up IPv6 routing for your remote network.
      1. (Static Routing Deployments Only) Enter one or more Corporate Subnets in the Static Routes tab.
      2. (BGP Routing Deployments Only) Specify the method to exchange IPv4 and IPv6 BGP routes; then, enter an IPv6 Peer Address and Local Address.
        • To use a single IPv4 BGP session to exchange both IPv4 and IPv6 BGP peering information, select Exchange both IPv4 and IPv6 routes over IPv4 peering.
        • To an IPv4 BGP session to exchange IPv4 BGP peering information and an IPv6 session to exchange IPv6 BGP peering information, select Exchange IPv4 routes over IPv4 peering and IPv6 routes over IPv6 peering.
        • To use a single IPv6 BGP session to exchange IPv6 BGP peering information, select Exchange IPv6 routes over IPv6 peering.
      3. If your secondary WAN uses a different peer or local address, deselect Same as Primary WAN and enter the IPv6 Peer Address and Local Address for the secondary WAN.
    5. (Optional) If your internal DNS servers use are reachable by IPv6 addresses, select PanoramaCloud ServicesConfigurationRemote NetworkSettings, click the gear icon to edit the settings, select the DNS Proxy tab, Add a rule or specify the default rule, and specify Custom DNS Server IPv6 addresses for the Primary DNS and Secondary DNS server.
      Prisma Access allows you to specify DNS servers to resolve both domains that are internal to your organization and external domains. If you do not specify any settings, Prisma Access does not proxy DNS requests for remote networks. You also need to select a Region. See Onboard and Configure Remote Networks for more information.
      You can enter any combination of IPv4 or IPv6 addresses for primary and secondary DNS servers.
      IPv4 addresses use A records, while IPv6 addresses use AAAA records. Some DNS servers can perform AAAA DNS lookups over IPv4 transport; therefore, you might not need a server with an IPv6 IP address.
    6. If you have not yet completed the your remote network connection setup, complete it now. See Onboard and Configure Remote Networks for details.
    7. Commit and Push your changes.
    8. Select PanoramaCloud ServicesStatusNetwork DetailsRemote Networks and make a note of the EBGP Router addresses.
      After you commit your changes, you will have an IPv6 EBGP Router addresses for service connections.
      Because the IPSec tunnel used for the remote network connection uses IPv4 addressing, the Service IP Address stays as an IPv4 address.

    © 2024 Palo Alto Networks, Inc. All rights reserved.