Configure Firewall Policy IPv6 Settings

About this task

IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the neighbor discovery (ND) protocol via ICMPv6 router discovery messages. These hosts require firewall packet protection unique to IPv6 traffic, as IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters.

To define a firewall policy IPv6 settings:

Procedure

  1. Select Firewall > Policy > Firewall Policy > IPv6.
  2. Toggle to activate or deactivate IPv6 Firewall.

    The IPv6 firewall provides support to IPv6 packet streams. This setting is selected by default. Deactivating IPv6 firewall support also deactivates proxy neighbor discovery.

  3. Select IPv6 Rewrite Flow to provide flow label rewrites for each IPv6 packet.

    A flow is a sequence of packets from a particular source to a particular (unicast or multicast) destination. The flow label helps keep packet streams from looking like one massive flow. Flow label rewrites are not selected by default.

    Flow label re-writes enable the re-classification of packets belonging to a specific flow. The flow label does nothing to eliminate the need for packet filtering.

  4. Select Enable Proxy ND to generate neighbor discovery responses on behalf of another controller or service platform.

    When selected, any IPv6 packet received on an interface is parsed to see whether it is known to be a neighbor solicitation. This setting is selected by default.

  5. Configure Event Settings to activate individual IPv6 unique events.
    Setting Description
    Event Lists the name of each IPv6 specific event subject to logging
    Enable Select Enable to set the firewall policy to filter the associated IPv6 event based on the selection in the Action column
    Action If a filter is selected, chose an action from the drop-down list box to determine how the firewall treats the associated IPv6 event
    • Log and Drop - An entry for the associated IPv6 event is added to the log and then the packets are dropped
    • Log Only - An entry for the associated IPv6 event is added to the log. No further action is taken
    • Drop Only - The packet is dropped. No further action is taken
    Log Level Select Log Level and then select a standard log level from the Log Level drop-down list box
    Info Additional information about IPv6 settings
  6. Select Save to update IPv6 firewall policy settings.
9037026-03 Rev AA