Focus

NPTv6

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Virtual Wire Destination NAT Example

NPTv6 Overview

NPTv6

IPv6-to-IPv6 Network Prefix Translation (NPTv6) performs a stateless, static translation of one IPv6 prefix to another IPv6 prefix (port numbers are not changed). Beginning with PAN-OS 11.1.5, NPTv6 also supports dynamically assigned IPv6 address prefixes.

The primary benefits of NPTv6 are:

You can prevent the asymmetrical routing problems that result from Provider Independent addresses being advertised from multiple datacenters.
NPTv6 allows more specific routes to be advertised so that return traffic arrives at the same firewall that transmitted the traffic.
Private and public addresses are independent; you can change one without affecting the other. You don't need to renumber the IPv6 addresses used inside the local network (on the hosts) if a global prefix assigned for use by the edge network changes.
You have the ability to translate Unique Local Addresses (ULA) to globally routable addresses.

This topic builds on a basic understanding of NAT. You should be sure you are familiar with NAT concepts before configuring NPTv6.

Virtual Wire Destination NAT Example

NPTv6 Overview

Next-Generation Firewall Docs

NPTv6

Next-Generation Firewall Docs

NPTv6

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner