IPv6 Support in Homogeneous and Heterogeneous vGW Series Environments

This topic covers how vGW Series treats the configuration of IPv6 traffic handling in homogeneous environments in which all vGW Series components–vGW Security Design VMs and vGW Security VMs–belong to vGW Series 5.5 (or later) and heterogeneous environments in which they do not. A heterogeneous environment might include a 5.5 vGW Security Design VM that manages one or more 5.0 vGW Security VMs.

This topic includes the following sections:

IPv6 Traffic Handling in Homogenous Environments (All vGW Series Components at Version 5.5 or Later)

If your environment contains a mix of vGW Series components with different versions because it is in a transition period, skip this section and readIPv6 Traffic Handling in Heterogeneous Environments (with a Mix of vGW Series Component Versions).

If your environment is a complete vGW Series 5.5 installation, you can create granular firewall policies on IPv6 traffic flows. For example, you can create policies that use IPv6 objects such as IPv6 machines or the predefined term Any-IPv6, which pertains exclusively to IPv6 traffic. To do so, you use the Firewall module Manage Policy page, just as you would do to create rules for a given policy for IPv4 traffic.

For a complete vGW Series 5.5 installation, for the IPv6 traffic configuration option, the Allow check box in the Global settings is dimmed, and it is not used.

Note: A complete installation of vGW Series 5.5 on all components is required to take advantage of the ability to write granular policies on IPv6 traffic flows.

IPv6 Traffic Handling in Heterogeneous Environments (with a Mix of vGW Series Component Versions)

vGW Series enables support of IPv6 in environments that include a mix of vGW Series 5.5 or later components and vGW Series 5.0 components. This kind of environment is not uncommon during the transition period when organizations are adopting IPv6 but continue to use IPv4 until the transition is completed.

A heterogeneous environment might include any combination of vGW components with different versions. For example, an environment might include:

Note: Until all components in your environment are at version 5.5 or later, you must use the Settings module Security Settings > Global page IPv6 traffic configuration option to control handling of IPv6 traffic.

You can continue to create granular IPv4 policies and push them to vGW Security VMs.

After you upgrade all vGW Security VMs in your environment to vGW Series 5.5, the Security Settings > Global page IPv6 traffic setting is no longer used. Instead, policy rules are applied. In this case, the behavior might be different from what you expect if you presume that the global setting is still in effect.

It is important to understand how vGW Series treats heterogeneous environments in regard to IPv6. For vGW Series 5.5 or later environments in which not all components have been upgraded to version 5.5:

Note: When you upgrade a vGW Security Design VM to version 5.5 from a preceding release, vGW Series carries over and continues to use the IPv6 traffic setting from the previous release.

Related Documentation