cancel
Showing results for 
Search instead for 
Did you mean: 

Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

We have a McAfee 410 running v70103. IPv6 has been enabled on both Internal and External interfaces. A Static Route has been configured. I've added multiple IPv6 addresses in Network Objects.

When i try to create an IPv6 rule, the Endpoint option <Any V6> is not present. The only two that show are <Any> and <Any V4>. After enabling IPv6 on one or more interfaces, this option should appear, but it doesnt.

Next, I cannot select my new IPv6 addresses from the Endpoint list. They do not appear either.

Dead in the water right now from what appears to be a bug. I've configured IPv6 on newer S4016's w/o issue...

1 Solution

Accepted Solutions
sliedl
Level 14
Report Inappropriate Content
Message 2 of 8

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

You cannot configure IPv6 for proxy rules, so make sure the Service(s) in your rule is a packet-filter service and not a proxy.

7 Replies
sliedl
Level 14
Report Inappropriate Content
Message 2 of 8

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

You cannot configure IPv6 for proxy rules, so make sure the Service(s) in your rule is a packet-filter service and not a proxy.

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

ok... so instead of using the default 'http' or 'https' (proxy) i need to create a new Service as a "TCP/UDP Packet Filter?"

sliedl
Level 14
Report Inappropriate Content
Message 4 of 8

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

Yes, exactly.  Create a packet-filter service on ports 80,443 to pass HTTP and HTTPS traffic over IPv6.

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

Interesting. So why/how did this change with the newer version 8 software?

My next hurdle is the following error message i received about the new Service.

"Service requires an Application Defense of the following types: ['ipf', 'group', 'defaultgroup']."

I'm not very familiar w/ the Application Defense section. Can you push me in the right direction here?

Thanks!

sliedl
Level 14
Report Inappropriate Content
Message 6 of 8

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

I believe this means you need to select an Application Defense in this rule.  I don't see how it's possible to not select an App. Defense in a rule (one is automatically selected when you create a rule) but maybe this comes from having IPv6 turned on (I do not have IPv6 turned on on my firewall).

Highlighted

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

ok, so within the Rule i just selected the Application Defense named "default (ipf)". I also selected the Service that i just created. I was finally able to save the rule.

No word yet on if the Rule works or not as there are other settings in the network that have not yet been complete. That's out of my control at the moment.

Thanks for the quick turnaround, sliedl. i would have never figured out that i needed to create a new Service for IPv6. I didnt have to do this on our other firewalls running the newer software.

i'll post again once i see traffic flowing.

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

i realize im posting this a month later, but i was able to get IPv6 traffic flowing by using that "default (ipf)" option in the rule. I had to wait for others in the network chain to get their part done. So we're good.

btw, does anyone know what exactly "default (ipf)" or "default (group)" means?

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.