2.1.7 Ensure IPv6 is disabled if not used

Information

Although IPv6 has many advantages over IPv4, not all organizations have IPv6 or dual stack configurations implemented

Rationale:

If IPv6 or dual stack is not to be used, it is recommended that IPv6 be disabled to reduce the attack surface of the system.

Solution

Run the following command to enable or disable IPv6.

Hostname> set ipv6-state on
Hostname> set ipv6-state off

Default Value:

ipv6 is disabled

See Also

https://workbench.cisecurity.org/files/2828

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a.

Plugin: CheckPoint

Control ID: 57334afd7ab09e3a3ec86603f4df3010e5d0e7f0e625433e17acd0dc67f4acae