Thread Info
  • State Not Answered
  • Replies 9 replies
  • Subscribers 5 subscribers
  • Views 16711 views
  • Users 0 members are here
Options
Suggested

BUG: IPv6 and WebFilter

BLS

Firstly - the web filter doesn't pass through the IPv6 address of the source machine, instead it passes the IPv6 WAN address - not sure if this is correct?  I would personally have thought that with IPv6, the web-filter would work in full transparent mode by default - as the nature of IPv6 is to present the IPv6 address of the individual machine.

Secondly, there appears to be a DNS issue with IPv6, sometimes web-sites will not work (YouTube.com for example), they will half load and then freeze - turning off the Web-Filter resolves the issues, but then obviously lessens the functionality of the UTM - turning off the "Enable Pharming protection" has helped a little, but it still happens frequently.

Using the http://test-ipv6.com web-site, this reports that there are issues with Test with Dual Stack DNS record, Test for Dual Stack DNS and large packet.

Turning off the web-filter and everything starts working 100%.

Parents Reply Children
  • 0 in reply to BLS

    Under further investigation, it appears that the web filter is not allowing fallback to IPv4.

    With the web filter off, there is no problem accessing the site, and the results are as follows: -

    Turn the web filter on and the results are almost constantly as this picture: -

    Occasionally the web filter will allow fallback to IPv6, but not often.

    Tim Grantham

    Enterprise Architect & Business owner

  • 0 in reply to BLS
    i got 14 seconds Fallback time with web protection enabled over ipv6

    ---

    Sophos UTM 9.3 Certified Engineer

  • 0 in reply to Ben
    I've just had a 7 second fall back, and now it's not working again.

    Disable the web-filter and it's always <1 second, which is what I would expect to see with the web-filter on.

    There's going to be some fun times ahead while the world migrates to IPv6 - at least being early adopters we can help iron out the bugs, if they are willing to listen :)

    Tim Grantham

    Enterprise Architect & Business owner

  • 0 in reply to BLS

    Now this gets a little more interesting,  I had "Enable Pharming protection" within the web-filter enabled, with this enabled I get the following fall-back results

    Disable the "Enable Pharming protection" and I get no fallback: -

    Again, disable the web-filter and this is the results: -

    So it would appear that the web-filter is not 100% compatible with the functional requirements of IPv6.

    Tim Grantham

    Enterprise Architect & Business owner

Unfiltered HTML