No matter where your organization is on the IPv6 adoption spectrum, our USGv6-compliant firewalls can provide consistent security, control and visibility across a combination of IPv4 and IPv6 traffic. Whether you’re running, connecting, or transitioning to IPv6, or planning to run “dual-stacked” well into the future, our next-generation firewalls can secure your organization.

From a security operational perspective, the use of IPv6 vs. IPv4 in our firewalls is largely transparent. For example, application- and user-based policies stay the same, whether the underlying connectivity is based on IPv6 or IPv4.

IPv6 Support Features

While our core technologies (e.g., App-ID™, User-ID™) work irrespective of IP version, as network elements, our next-generation firewalls support many IPv6 features to integrate with, and enable the broader network. These include: SLAAC for automatic IPv6 host address configuration, DHCPv6 Relay, and the OSPFv3 routing protocol.

Our firewalls support both IPv6 over IPsec (between IPv4 endpoints), and IPv4 over IPsec (between IPv6 endpoints), as well as neighbor discovery (NDP) and firewall Zone Protections, based on IPv6 header inspection. They also support NAT64 and NPTv6 address translation too, providing flexible address translation options. Firewall L3 interfaces support dual-stack too.

Managing IPv6

From a management perspective, the 128-bit IPv6 addresses are flexibly supported by our firewalls across a number of formats.

Finally, for seamless integration, network services in an IPv6 environment are supported, including: RADIUS, syslog, DNS, User-ID agents, LDAP, SNMP, SCP, FTP and SSH. Administrative services supported over IPv6 include: admin-authenticated sources, NTP, Panorama™, logging and alerting (syslog, SNMP, email), and PBF next-hop monitoring of IPv6 addresses.