We have a McAfee 410 running v70103. IPv6 has been enabled on both Internal and External interfaces. A Static Route has been configured. I've added multiple IPv6 addresses in Network Objects.
When i try to create an IPv6 rule, the Endpoint option <Any V6> is not present. The only two that show are <Any> and <Any V4>. After enabling IPv6 on one or more interfaces, this option should appear, but it doesnt.
Next, I cannot select my new IPv6 addresses from the Endpoint list. They do not appear either.
Dead in the water right now from what appears to be a bug. I've configured IPv6 on newer S4016's w/o issue...
Solved! Go to Solution.
Interesting. So why/how did this change with the newer version 8 software?
My next hurdle is the following error message i received about the new Service.
"Service requires an Application Defense of the following types: ['ipf', 'group', 'defaultgroup']."
I'm not very familiar w/ the Application Defense section. Can you push me in the right direction here?
I believe this means you need to select an Application Defense in this rule. I don't see how it's possible to not select an App. Defense in a rule (one is automatically selected when you create a rule) but maybe this comes from having IPv6 turned on (I do not have IPv6 turned on on my firewall).
ok, so within the Rule i just selected the Application Defense named "default (ipf)". I also selected the Service that i just created. I was finally able to save the rule.
No word yet on if the Rule works or not as there are other settings in the network that have not yet been complete. That's out of my control at the moment.
Thanks for the quick turnaround, sliedl. i would have never figured out that i needed to create a new Service for IPv6. I didnt have to do this on our other firewalls running the newer software.
i'll post again once i see traffic flowing.
i realize im posting this a month later, but i was able to get IPv6 traffic flowing by using that "default (ipf)" option in the rule. I had to wait for others in the network chain to get their part done. So we're good.
btw, does anyone know what exactly "default (ipf)" or "default (group)" means?
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center