Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 40 subscribers
  • Views 3669 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to use FQDN Host Group as Destination Network in IPv6 rule

Maikel van Amelsfort

Since Netflix is blocking my connection over IPv6 using a HE tunnel, I tried to block access to Netflix over IPv6 in the firewall so Netflix only uses IPv4. This works fine when I block access to the IP-address of Netflix, but since this also blocks a lot of other Amazon services (because they're in the same IP pool) I wanted to use the new feature 'FQDN Host Groups' as it already contains a group for Netflix.

Unfortunately, I was unable to select any other group besides:
Any
##ALL_RW6
##ALL_SSLVPN_RW6
##ALL_IPSEC_RW6

When I tried creating a similar rule for IPv4, I noticed I had a lot of options to select from: a lot of countries, Dropbox, Amazon Cloudfront and Netflix.

Why are those groups not available for IPv6 rules? They're FQDN based, so I think it shouldn't matter if it's over IPv4 or IPv6.



This thread was automatically locked due to age.
  • 0

    That is not all that is missing from IPv6 on XG, try country blocking. Try locating your assigned /56.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML