This will be an emerging trend in future. symantec always recomends the best practiveds, the reason for why its blocked is summarized here ( Googled)
just took few examples from internet

 Rogue IPv6 traffic

Organizations that aren't running IPv6 and don't plan to run it anytime soon, should use their firewalls to block IPv6 traffic from coming in and out of their networks. Most experts say this should be a temporary measure because an increasing amount of Internet traffic is IPv6-based, and organizations don't want to limit access to customers or business partners around the world that will be using IPv6. "What customers need to do within their intrusion-prevention systems or within their firewalls is to explicitly look for IPv6 traffic and drop it" say expers.

Type 0 routing header

This well-known IPv6 vulnerability creates the opportunity for denial-of-service attacks because it gives a hacker the ability to manipulate how traffic flows over the Internet. This feature of IPv6 allows you to specify in the header what route is used to forward traffic. A hacker could use this feature to saturate a particular part of the network

Built-in ICMP and multicast

Unlike IPv4, IPv6 features built-in Internet Control Message Protocol (ICMP) and multicast. These two types of network traffic are integral to how IPv6 works. With IPv4, network managers can block ICMP and multicast traffic to prevent attacks coming over these channels. But for IPv6, network managers will need to fine-tune the filters on their firewalls or routers to allow some ICMP and multicast traffic through

Rogue IPv6 devices

The auto-configuration capabilities that are built into IPv6 allow an attacker to define a rogue device that assigns IP addresses to all the other devices on the network

IPv6 tunnels

Three types of IPv6 tunnels —Teredo, 6to4 and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) -- allow IPv6 packets to be encapsulated inside IPv4 packets that can be sent through IPv4-enabled firewalls or network address translation devices. To a network manager, tunneled IPv6 packets look like normal IPv4 traffic. That's why network managers need deep packet inspections systems that can peer into tunnels to examine what's inside of them

I think because of these reasons, its BLOCKED By default...