Set Up an IPv6 Sinkhole On the On-Premises Gateway
Focus
Focus

Set Up an IPv6 Sinkhole On the On-Premises Gateway

Table of Contents

Set Up an IPv6 Sinkhole On the On-Premises Gateway

Set up an IPv6 sinkhole for a Prisma Access GlobalProtect mobile users deployment.
If you have a hybrid deployment that uses next-generation firewalls configured as gateways with Prisma Access, perform the following task on the on-premises gateway to drop the IPv6 traffic.
  1. Add IPv6 IP pools to your GlobalProtect agent configuration.
    1. Select NetworkGlobalProtectGateways.
    2. Select an existing GlobalProtect gateway or Add a new one.
    3. Select AgentClient Settings.
    4. Select the agent configuration to modify or Add a new one.
    5. Select IP Pools; then, Add an IPv6 pool to assign to the virtual network adapter on the endpoints that connect to the GlobalProtect gateway uses for mobile network traffic and click OK.
  2. Enable IPv6 on the interface.
    1. Select DeviceInterfaceTunnel and select the tunnel Interface that you use for the mobile user’s traffic.
    2. Select IPv6; then, select Enable IPv6 on the interface.
  3. Add a security policy to set a TCP reset action that will terminate sessions with IPv6 source traffic that matches the IP pools you configured in Step 1.
    1. Select PoliciesSecurity and Add a new security policy.
    2. Set the Source Address in the rule to match the IP pools you configured in Step 1.
    3. Select Actions; then, select an Action Setting of Reset Client and click OK.
  4. Commit your changes.
  5. (Optional) Perform this task on all the gateway firewalls in your deployment.