You cannot configure IPv6 for proxy rules, so make sure the Service(s) in your rule is a packet-filter service and not a proxy.
ok... so instead of using the default 'http' or 'https' (proxy) i need to create a new Service as a "TCP/UDP Packet Filter?"
Yes, exactly. Create a packet-filter service on ports 80,443 to pass HTTP and HTTPS traffic over IPv6.
Interesting. So why/how did this change with the newer version 8 software?
My next hurdle is the following error message i received about the new Service.
"Service requires an Application Defense of the following types: ['ipf', 'group', 'defaultgroup']."
I'm not very familiar w/ the Application Defense section. Can you push me in the right direction here?
I believe this means you need to select an Application Defense in this rule. I don't see how it's possible to not select an App. Defense in a rule (one is automatically selected when you create a rule) but maybe this comes from having IPv6 turned on (I do not have IPv6 turned on on my firewall).
ok, so within the Rule i just selected the Application Defense named "default (ipf)". I also selected the Service that i just created. I was finally able to save the rule.
No word yet on if the Rule works or not as there are other settings in the network that have not yet been complete. That's out of my control at the moment.
Thanks for the quick turnaround, sliedl. i would have never figured out that i needed to create a new Service for IPv6. I didnt have to do this on our other firewalls running the newer software.
i'll post again once i see traffic flowing.
i realize im posting this a month later, but i was able to get IPv6 traffic flowing by using that "default (ipf)" option in the rule. I had to wait for others in the network chain to get their part done. So we're good.
btw, does anyone know what exactly "default (ipf)" or "default (group)" means?