Video Screencast Help

IPv6 rules

Created: 21 Dec 2012 • Updated: 27 Dec 2012 | 2 comments

How do I put an IPv6 address or address range into a firewall rule on small business endpoint software?  I have a small business essentials 2011 server and 5 client computers running Windows 7.  The endpoint server software and endpoint cllient software There are various kinds of IPv6 blockages reported from our internal traffic.  I'd like to allow this for internal traffic and not external traffic but there appears to be no way to do this when internal IPv6 addresses are involved. 

Comments 2 CommentsJump to latest comment

Ashish-Sharma's picture


Check this 

Symantec Endpoint Protection blocking IPv6 communication with allow application rule
Article:TECH169685  |  Created: 2011-09-15  |  Updated: 2012-02-22  |  Article URL

Or check 

Change the SEP firewall rules for IPv6 traffic to from "Block" to "Allow".

Thanks In Advance

Ashish Sharma

Mithun Sanghavi's picture


What version of SEP 12.1 are you running?

The FW rule does not allow user to specify ipv6 address.

Regarding IPv6 support, need to distiguish between the use in policies and client settings and the use in the Symantec Endpoint Protection (SEP) architecture in general.

In Symantec Endpoint Protection (SEP) 11.x, IPv6 could only be used as a general ethernet protocol type in firewall rules. So IPv6 network traffic could be blocked or allowed completely in a rule.

SEP 12.1 has added support for IPV6 in the traffic.  In SEP 12.1 the firewall and SEP engine have the ability to decode and block the traffic based on  the firewall policy or based on detected attacks within the IPv6 traffic.  The protection offered on IPv6 traffic in SEP 12.1 is as good as the protection offered on IPv4 traffic. Logs will show IPv6 addresses as well.

Check these Articles:

Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation

IPv6 support in Symantec Endpoint Protection 12.1

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.