In a dual stack endpoint that can process both IPv4 and IPv6 traffic, the GlobalProtect app sends
mobile user IPv4 traffic to be protected through the GlobalProtect VPN tunnel to
Prisma Access
. However, mobile user IPv6 traffic isn't sent to
Prisma Access
by
default and is sent to the local network adapter on the endpoint instead. To reduce
the attack surface for IPv6-based threats, Palo Alto Networks recommends that you
configure
Prisma Access
to sinkhole IPv6 traffic. Because endpoints can
automatically fall back to an IPv4 address, you can enable a secure and
uninterrupted user experience for mobile user traffic to the internet.