NAT firewall for IPv6?

• Previous message (by thread): NAT firewall for IPv6?
• Next message (by thread): NAT firewall for IPv6?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI

There is no way to reset the password on a PAN without doing a factory
reset if you do not know the password of any previous config release
version.

If you do a reset then you will have to reconfigure the fw rules, ip
addresses, routes, nat, inspection policy's, and other basic functions
depending on if it in layer3 mode or layer2 from scratch. Also are you sure
the exploit vector is from ipv6 and not from traffic that the PAN cannot
see such as TLS traffic?

Also are you sure IPv6 is working? You can test connectivity over IPv6 here
http://test-ipv6.com/

On Tue, Jul 5, 2016 at 12:47 PM, Octavio Alvarez <octalnanog at alvarezp.org>
wrote:

> On 07/01/2016 07:28 PM, Edgar Carver wrote:
> > Is there some kind of NAT-based IPv6 firewall I can setup on the router
> > that can help block viruses?
>
> You need layer-7 firewalls for this. NAT-based "firewalls"
> (pseudo-firewalls, really) are layer-4 only. Those will not help you
> block typical viruses, as people will usually get infected from
> connecting to a compromised Website, or from an e-mail attachments. And
> even more, if connections are encrypted, an L7 firewall will not be able
> to do anything (whether IPv4 or v6) unless... better not open a can of
> worms.
>
> They will just help you block *some* attack vectors, though: those that
> rely on starting connections to your hosts from the outside.
>
> My guess is that, with regard to e-mail attachments and compromised
> Websites, IPv4 hosts are still attacked more than IPv6 ones, so, even if
> you turn off IPv6 you will still get attacked through IPv4.
>
> Everything else has been already said by others: fixing the Palo Alto is
> still your best bet.
>
> Good luck!
>


On Tue, Jul 5, 2016 at 12:45 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:

> Hi,
>
> > Right.  But how long is it going to take to secure the Palo Alto
> firewall?
>
> around 5 minutes?
>
> recover password, restart, log in, fix rules.
>
>
> https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Reset-the-Administrator-Password/ta-p/57581
>
>
> obviously the firewall is also blocking google access! ;-)
>
> alan
>

• Previous message (by thread): NAT firewall for IPv6?
• Next message (by thread): NAT firewall for IPv6?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]