Set Up an IPv6 Sinkhole On the On-Premises Gateway
Table of Contents
Set Up an IPv6 Sinkhole On the On-Premises Gateway
Set up an IPv6 sinkhole for a Prisma Access GlobalProtect
mobile users deployment.
If you have a hybrid deployment that uses
next-generation firewalls configured as gateways with Prisma Access,
perform the following task on the on-premises gateway to drop the
IPv6 traffic.
- Add
IPv6 IP pools to your GlobalProtect agent configuration.
- Select .
- Select an existing GlobalProtect gateway or Add a new one.
- Select .
- Select the agent configuration to modify or Add a new one.
- Select IP Pools; then, Add an
IPv6 pool to assign to the virtual network adapter on the endpoints
that connect to the GlobalProtect gateway uses for mobile network
traffic and click OK.
![]()
- Enable IPv6 on the interface.
- Select and select the tunnel Interface that you use for the mobile user’s traffic.
- Select IPv6; then, select Enable
IPv6 on the interface.
![]()
- Add a security policy to set a TCP reset action that
will terminate sessions with IPv6 source traffic that matches the
IP pools you configured in Step 1.
- Select and Add a new security policy.
- Set the Source Address in the
rule to match the IP pools you configured in Step 1.
![]()
- Select Actions; then, select
an Action Setting of Reset Client and
click OK.
![]()
- Commit your changes.
- (Optional) Perform this task on all the gateway firewalls in your deployment.
