Internet Service Providers (ISPs) often assign dynamic IPv6 addresses to Next-Generation Firewalls (NGFWs) using DHCPv6, PPPoEv6, or cellular connections. However, some ISPs, especially cellular providers, may not provide a delegated IPv6 prefix that the firewall can use to assign addresses to devices on the local area network (LAN). Additionally, even when a delegated prefix is available, some network administrators may prefer not to use it externally to avoid exposing internal network addressing.

This new capability allows you to use NPTv6 with dynamically assigned IPv6 address prefixes with dynamically assigned IPv6 address prefixes, solving both of these challenges. This enhancement builds upon the existing NPTv6 functionality that previously only supported statically configured IPv6 prefixes.

This feature is for network administrators who need to provide IPv6 connectivity to their LAN hosts when the ISP does not delegate a routable IPv6 prefix or when the organization requires internal address privacy. It is especially useful for deployments in environments that rely on cellular ISPs

The firewall translates the dynamic IPv6 prefix from the ISP into an internal, non-routable prefix for the LAN. This enables seamless IPv6 connectivity for internal hosts while keeping your network's addressing private. The firewall automatically manages the dynamic prefix changes from the ISP, ensuring uninterrupted service without manual intervention.

The key benefits of the feature are that it:

• Ensures LAN Connectivity: Provides IPv6 connectivity to internal hosts even when the ISP does not delegate a prefix.
• Enhances Privacy: Protects your internal network addressing from external exposure.
• Simplifies Management: Automates the translation process for dynamic IPv6 prefixes, reducing the need for manual configuration updates.
• Supports Flexible Deployments: Enables secure and reliable IPv6 connectivity in diverse environments, including those using cellular backhaul.