Remove Dual Stack functionality from SSL VPN on prod

Question

Hello,

we need to switch from Dual Stack SSL VPN to v4 only, since we need SNAT4 on some policies for traffic originating from SSL-VPN.

Is it safe to "set dual-stack-mode disable" or will this remove / invalidate all existing policies? The current policy set contains both v4 and v6 address objects. The IPv6 address objects can not be removed from the SSL-VPN policies as long as dual stack mode is enabled. Can this be done without downtime? Or do I need to edit the conf file and deploy the new config without dual stack and without v6 address objects at a time?

Kind regards

funkylicious · Answer

hi,havent really done this in a production or lab environment, but based on what the configuration and where you need to set it, it will most likely disconnect all active SSLVPN sessions but it should not delete any objects from the rules.you would need to disable ipv6 from the sslvpn portal that the users are connecting/using and disable dual-stack from sslvpn settings.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded