IPv6 hosts can configure themselves automatically when connected to an IPv6 network
using the neighbor discovery (ND) protocol via ICMPv6 router discovery messages.
These hosts require firewall packet protection unique to IPv6 traffic, as IPv6
addresses are composed of eight groups of four hexadecimal digits separated by
colons. When first connected to a network, a host sends a link-local router
solicitation multicast request for its configuration parameters; routers respond to
such a request with a router advertisement packet that contains Internet Layer
configuration parameters.
To configure or modify Firewall policy IPv6 settings:
-
Choose from the following actions:
- If you are in the process of configuring a new Firewall policy, proceed
to the next step.
-
If you want to modify Firewall IPv6 settings, go to , then select 
adjacent to the policy you want to modify.
Proceed to the next step, and modify the IPv6 settings in accordance
with the steps in this procedure.
-
Select the IPv6 tab.
The IPv6 firewall provides support to IPv6 packet streams. The
IPv6 Firewall setting is selected by default.
Deactivating IPv6 firewall support also deactivates proxy neighbor
discovery.
-
Select IPv6 Rewrite Flow to provide flow label rewrites
for each IPv6 packet.
A flow is a sequence of packets from a particular source to a particular
(unicast or multicast) destination. The flow label helps keep packet streams
from looking like one massive flow. Flow label rewrites are not selected by
default.
Flow label re-writes enable the re-classification of packets belonging to a
specific flow. The flow label does nothing to eliminate the need for packet
filtering.
-
Select Enable Proxy ND to generate neighbor discovery
responses on behalf of another controller or service platform.
When selected, any IPv6 packet received on an interface is parsed to see
whether it is known to be a neighbor solicitation. This setting is selected
by default.
-
Under the
Settings pane, configure Event parameters
to activate individual IPv6 unique events, as described in IPv6 Event Parameters.
Table 1. IPv6 Event Parameters
| Parameter |
Description |
| Event |
Lists the name of each IPv6 specific event subject to
logging |
| Enable |
Select Enable to set the firewall policy to filter
the associated IPv6 event based on the selection in the
Action column |
| Action |
If a filter is selected, chose an action from the
drop-down list box to determine how the firewall treats the
associated IPv6 event
- Log
and Drop - An entry for the associated IPv6 event is
added to the log and then the packets are
dropped
- Log
Only - An entry for the associated IPv6 event is
added to the log. No further action is taken
- Drop
Only - The packet is dropped. No further action is
taken
|
| Log Level |
Select Log Level and then select a standard log level
from the Log Level drop-down list box |
| Info |
Additional information about IPv6 settings |
-
After you have completed
configuring the settings, choose from the following actions:
-
Select Revert to restore default settings.
Note
You cannot restore default settings after applying or saving
changes.
-
Select Apply
to commit the configured settings.
Note
This does not
permanently save the settings you configured. If you perform a
Reload (warm reboot), applied settings will be lost.
-
Select Save
to commit and save the configured settings.
Note
If you do not select Apply or
Save, the settings that you configured are
not saved when you move away from the configuration
window.
