On Fri, 01 Jul 2016 21:28:54 -0500, Edgar Carver said:
We're having problems where viruses are getting through Firefox, and we think it's because our Palo Alto firewall is set to bypass filtering for IPv6.
Do you have any actual evidence (device logs, tcpdump, netflow, etc) that support that train of thought? Remember that your Palo Alto isn't stopping 100% of the icky stuff on the IPv4 side either - the sad truth is that most commercial security software is only able to identify and block between 30% and 70% of the crap that's out in the wild. There's also BYOD issues where a laptop comes in and infects all your systems from behind the firewall (as Marcus Ranum says: "Crunchy on the outside, soft and chewy inside"). In any case,your first two actions should be to recover the password for the Palo Alto, and make sure it has updated pattern definitions in effect on both IPv4 and IPv6 connections. And your third should be to re-examine your vendor rules of engagement, to ensure your deliverables include things like passwords and update support so you're not stuck if your vendor goes belly up..