5 Jul
2016
5 Jul
'16
7:22 p.m.
On 5 July 2016 at 17:40, Lee <ler762@gmail.com> wrote:
Right. But how long is it going to take to secure the Palo Alto firewall? If the central Cisco Catalyst really is an IPv6 router, doing a conf t ipv6 access-list denyIPv6 deny ipv6 any any
interface [whatever connects to the ISP] ipv6 traffic-filter denyIPv6 in ipv6 traffic-filter denyIPv6 out end would be a quick fix for the firewall not doing any ipv6 filtering.
Nope, that is not going to stop his IPv6 address from appearing, which I will bet you good money is in the range of fe80::/64.