Configure IPv6 in Prisma Access to let mobile users access
private apps behind IPv6 addresses.
If your organization uses IPv6 addressing
for your internal resources, Prisma Access makes it possible for
you to access internal (private) apps that are behind IPv6 addresses.
You can access these apps either from a data center behind a service
connection or from a branch office behind a remote network connection.
You
cannot access external SaaS or public apps using IPv6; IPv4 networking
is still required to access external apps.
Users access
internal apps through GlobalProtect (for external GlobalProtect
mobile users) or through a remote network IPSec tunnel (for internal GlobalProtect
mobile users in a branch office accessing Prisma Access through
a remote network connection). Either internal or external GlobalProtect mobile
users can access private apps over IPv6.
You
configure IPv6 in the following Prisma Access network components:
Enable IPv6 and specify an IPv6 subnet in your
Infrastructure
Subnet to establish an IPv6 network infrastructure to enable
communication between your remote networks (branch locations), mobile
users, and service connections (data center or headquarters locations).
For a Mobile Users—GlobalProtect deployment, specify whether
or not IPv6 networking should be utilized for the
compute locations that
are associated with your mobile user locations.
You can specify
IPv6 mobile user
IP address pools and
IPv6 DNS server addresses as required.
For service connections and remote network connections, you
can specify IPv6 addressing for the type of routing the connection
uses (either static or BGP routes).
For static routes,
specify an IPv6 address for the subnets used for the static routes.
For BGP routes, specify an IPv6 Peer Address and Local
Address.
You can also specify the transport method
used to exchange BGP peering information. You can specify to use
IPv4 to exchange all BGP peering information (including IPv4 and
IPv6), use IPv6 to exchange all BGP peering information, or use
IPv4 to exchange IPv4 BGP peering information and IPv6 to exchange
IPv6 BGP peering information.
For remote networks, you can add IPv6 addresses for DNS servers.
The
following deployments do not support IPv6 addressing:
Traffic Steering (using
traffic steering rules to redirect internet-bound traffic using
a service connection)