Overview of IPv6 Implementation in the vGW Security Design VM Modules

This topic summarizes the vGW Security Design VM IPv6 implementation that allows you to enter and view information pertaining to IPv6 addresses and traffic. It also covers information on individual modules, including figures that show windows and tabs that contain IPv6 fields and information.

This topic assumes that IPv4 addresses are handled largely in the same way.

Main Module

You can view or enter IPv6 information, in addition to IPv4, in the following areas:

Network Module

The details tables display IPv6 information. Network traffic assessment takes into account IPv6 traffic.

Firewall Module

You can view results containing IPv6 and IPv4 addresses, and you can create policies that include them.

Firewall Logs

Firewall log entries include information pertaining to IPv6 and IPv4 addresses.

Policies

If all components belong to vGW Series release 5.5. or later, you can create firewall policies on IPv6 objects, in addition to IPv4 objects. You can select groups, networks, and machines that have IPv6 addresses to use as source and destination terms. You can also create new groups, networks, and machines that have IPv6 addresses and use them in rules.

You can use the following predefined addresses for source and destination terms in policy rules:

Note: Prior to vGW Series Release 5.5, which introduces support for IPv6, the predefined term “Any” referred to any IPv4 address.

ICMPv6

By default vGW Series allows a subset of Internet Control Message Protocol version 6 (ICMPv6) traffic types. These types are included in the DefaultAllow-ICMPv6 protocol group. ICMPv6 is integral to IPv6 and fundamental to the proper functioning of IPv6 networks. For more information, on vGW Series and ICMPv6 protocols, see Understanding How vGW Series Handles ICMPv6 Protocol Traffic.

IDS Module

The IDS engine detects and reports attacks launched by IPv6 and IPv4 traffic.

AntiVirus Module

You use the vGW AntiVirus On-Demand and On-Access features to protect your environment from malicious attacks. The AntiVirus On-Access scan requires IPv4.

Introspection Module

You use the Introspection feature in both IPv6 and IPv4 environments. (vGW Series can mount disks that are attached to VMs that have either IPv6 or IPv4 addresses bound to them.)

Compliance Module

You can create compliance rules for hypervisors that have IPv6 or IPv4 addresses bound to them. Prebuilt compliance rules apply to both IPv6 and IPv4 environments.

Reports Module

Charts, graphics, and other areas of reports that show IPv4 addresses can also show IPv6 addresses. You can sort information based on IPv6 addresses using the filter box.

Settings Module

All sections of the Settings module that display or accept IPv4 addresses also display or accept IPv6 addresses.

Additional protocols for IPv6, including ICMPv6 protocols, an ICMPv6 transport protocol type, a protocol that includes all ICMPv6 protocols, and a default ICMPv6 protocol group that allows access for some fundamental ICMPv6 protocols have been added to the protocol list. For details, see Understanding vGW Series Protocols Support.

For details, see the topics that pertain to the Settings module. See Understanding the vGW Series Settings Module.

Related Documentation