Enable IPv6 Networking for Service Connections

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Enable IPv6 Networking for Mobile Users—GlobalProtect Deployment

Enable IPv6 Networking for Remote Networks

Enable IPv6 Networking for Service Connections

Enable IPv6 networking for service connections in a Prisma Access deployment.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama)	Prisma Access license version 2.2 Preferred and later Native IPv6 access to public and private apps requires the following minimum releases: Prisma Access (Managed by Strata Cloud Manager): June 2024 release Prisma Access (Managed by Panorama): Prisma Access 5.1.1 for new deployments only. Any other deployments (including existing Prisma Access (Managed by Panorama) deployments) support private app access only.

Where Can I Use This?

What Do I Need?

Prisma Access (Managed by Strata Cloud Manager)
Prisma Access (Managed by Panorama)

Prisma Access license version 2.2 Preferred and later
Native IPv6 access to public and private apps requires the following minimum releases:
- Prisma Access (Managed by Strata Cloud Manager): June 2024 release
- Prisma Access (Managed by Panorama): Prisma Access 5.1.1 for new deployments only.
Any other deployments (including existing Prisma Access (Managed by Panorama) deployments) support private app access only.

For service connections, you can use IPv6 subnets for static or BGP routing. For BGP routing, you can enter IPv6 peer addresses and specify IPv4 and IPv6 routing options.

To configure IPv6 networking for service connections, complete the following task.

Enable IPv6 Networking for Service Connections (Strata Cloud Manager)

Select ManageService ConnectionsService Connections Setup.

If you're using Strata Cloud Manager, go to WorkflowsPrisma Access SetupService Connectionsand Add Service Connection.
Add a new service connection or select an existing service connection to edit it.
Set up IPv6 routing for the service connection.
1. (Static Routing Deployments Only) Enter one or more Corporate Subnets in the Static Routes tab.
2. (BGP Routing Deployments Only) Specify the method to exchange IPv4 and IPv6 BGP routes; then, enter an IPv6 Peer Address and Local Address.
  To use a single IPv4 BGP session to exchange both IPv4 and IPv6 BGP peering information, select Exchange both IPv4 and IPv6 routes over IPv4 peering.
  To an IPv4 BGP session to exchange IPv4 BGP peering information and an IPv6 session to exchange IPv6 BGP peering information, select Exchange IPv4 routes over IPv4 peering and IPv6 routes over IPv6 peering.
  To use a single IPv6 BGP session to exchange IPv6 BGP peering information, select Exchange IPv6 routes over IPv6 peering.
3. If your secondary WAN uses a different peer or local address, deselect Same as Primary WAN and enter the IPv6 Peer Address and Local Address for the secondary WAN.
If you have not yet completed the your service connection setup, complete it now. See Configure a Service Connection in for details.

IPv6 internet access for service connections is enabled by an underlay connection, in which IPv6 traffic is passed through an IPv4 tunnel.
Push Config to deploy your changes to you network.
If you have not yet completed the mobile users configuration, complete it now.

Enable IPv6 Networking for Service Connections (Panorama)

Enable IPv6 networking for service connections in a Prisma Access deployment.

Select PanoramaCloud ServicesConfigurationService Connection.
Add a new service connection or select an existing service connection to edit it.
Set up IPv6 routing for the service connection.
1. (Static Routing Deployments Only) Enter one or more Corporate Subnets in the Static Routes tab.
2. (BGP Routing Deployments Only) Specify the method to exchange IPv4 and IPv6 BGP routes; then, enter an IPv6 Peer Address and Local Address.
  To use a single IPv4 BGP session to exchange both IPv4 and IPv6 BGP peering information, select Exchange both IPv4 and IPv6 routes over IPv4 peering.
  To an IPv4 BGP session to exchange IPv4 BGP peering information and an IPv6 session to exchange IPv6 BGP peering information, select Exchange IPv4 routes over IPv4 peering and IPv6 routes over IPv6 peering.
  To use a single IPv6 BGP session to exchange IPv6 BGP peering information, select Exchange IPv6 routes over IPv6 peering.
3. If your secondary WAN uses a different peer or local address, deselect Same as Primary WAN and enter the IPv6 Peer Address and Local Address for the secondary WAN.
If you have not yet completed the your service connection setup, complete it now. See Configure a Service Connection in Prisma Access for details.
Commit and Push your changes.
Select PanoramaCloud ServicesStatusNetwork DetailsService Connection and make a note of the IPv6 User-ID Agent Address and EBGP Router addresses.

After you commit your changes, you will have an IPv6 User-ID Agent Address (used for User-ID retrieval and distribution) and EBGP Router addresses for service connections.

Because the IPSec tunnel used for the service connection uses IPv4 addressing, the Service IP Address is an IPv4 address.

IPv6 internet access for service connections is enabled by an underlay connection, in which IPv6 traffic is passed through an IPv4 tunnel.
If you have not yet completed the mobile users configuration, complete it now.