Create a Post
Showing results for 
Search instead for 
Did you mean: 

Endpoint Security VPN, IPv6 and Hub Mode: IPv6 is not handled


When Endpoint Security VPN is configured in hub mode, the expectation is, that all traffic would be sent through the gateway the client is connected to. This does not apply to IPv6 traffic, since the Endpoint Security VPN does not support it at all. Thus if the client has IPv6 enabled and is in a network with working IPv6 connectivity, all v6 traffic will bypass the tunnel and leave the client directly, This obviously defeats the purpose of having configuring a hub mode setup. I'm aware of two ways to fix this: Deliver the Desktop/Client Firewall Policy from Endpoint Policy Managment, where such an option is available or disable IPv6 on the client computers LAN/WLAN/WWAN interfaces. 

Both options aren't ideal. Enabling the EPM just for disabling v6 on VPN clients appears excessive, permanently disabling IPv6 on the client is backwards and possibly unreliable depending on how it would be enforced. What I'm looking for, is a simple way to tell the client that IPv6 should be disconnected while the tunnel is up. Is there a way to do this except the two I mentioned?



0 Kudos
1 Reply

I'm afraid if you want to still allow people to use IPv6, then you'll have to deploy Desktop Firewall.

0 Kudos