IPv6 Addressing in JSA Deployments
IPv4 and IPv6 addressing is supported for network connectivity and management of JSA software and appliances. When you install JSA, you are prompted to specify whether your Internet Protocol is IPv4 or IPv6.
JSA Components That Support IPv6 Addressing
The following JSA components support IPv6: addressing.
Network Activity tab -- Because IPv6 Source Address and IPv6 Destination Address are not default columns, they are not automatically displayed. To display these columns, you must select them when you configure your search parameters (column definition).
To save space and indexing in an IPv4 or IPv6 source environment, extra IP address fields are not stored or displayed. In a mixed IPv4 and IPv6 environment, a flow record contains both IPv4 and IPv6 addresses.
IPv6 addresses are supported for both packet data, including sFlow, and NetFlow V9 data. However, older versions of NetFlow might not support IPv6.
Log Activity tab -- Because IPv6 Source Address and IPv6 Destination Address are not default columns, they are not automatically displayed. To display these columns, you must select them when you configure your search parameters (column definition).
DSMs can parse IPv6 addresses from the event payload. If any DSM cannot parse IPv6 addresses, a log source extension can parse the addresses. For more information about log source extensions, see the Juniper Secure Analytics Log Sources User Guide.
Searching, grouping, and reporting on IPv6 fields -- You can search events and flows by using IPv6 parameters in the search criteria.
You can also group and sort event and flow records that are based on IPv6 parameters.
You can create reports that are based on data from IPv6-based searches.
Custom rules --The following custom rule to support IPv6 addressing was added: SRC/DST IP = IPv6 Address
IPv6-based building blocks are available in other rules.
Device support modules (DSMs) -- DSMs can parse IPv6 source and destination address from event payloads.
Deploying JSA in IPv6 Environments
To log in to JSA in an IPv6 environment, wrap the IP address in square brackets:
https://[<IP Address> ]
Both IPv4 and IPv6 environments can use a hosts file for address
translation. In an IPv6 environment, the client resolves the Console
address by its host name. You must add the IP address of the IPv6
console to the
/etc/hosts file on
Flow sources, such as NetFlow and sFlow, are accepted from IPv4 and IPv6 addresses. Event sources, such as syslog and SNMP, are accepted from IPv4 and IPv6 addresses. You can disable superflows and flow bundling in an IPv6 environment.
IPv6 Addressing Limitations
When JSA is deployed in an IPv6 environment, the following limitations are known:
The network hierarchy is not updated to support IPv6.
Some parts of the JSA deployment, including surveillance, searching, and analysis, do not take advantage of the network hierarchy. For example, within the Log Activity tab, you cannot search or aggregate events By Network
No IPv6-based asset profiles.
Asset profiles are created only if JSA receives events, flows, and vulnerability data for IPv4 hosts.
No host profile test in custom rules for IPv6 addresses.
No specialized indexing or optimization of IPv6 addresses.
No IPv6-based sources and destinations for offenses