What level does Symantec Endpoint Protection (SEP) 12.1 support the IPv6 protocol.
Regarding IPv6 support, need to distiguish between the use in policies and client settings and the use in the Symantec Endpoint Protection (SEP) architecture in general.
In Symantec Endpoint Protection (SEP) 11.x, IPv6 could only be used as a general ethernet protocol type in firewall rules. So IPv6 network traffic could be blocked or allowed completely in a rule.
SEP 12.1 has added support for IPV6 in the traffic. In SEP 12.1 the firewall and SEP engine have the ability to decode and block the traffic based on the firewall policy or based on detected attacks within the IPv6 traffic. The protection offered on IPv6 traffic in SEP 12.1 is as good as the protection offered on IPv4 traffic. Logs will show IPv6 addresses as well.
However there are a few limitations for IPv6:
- SEP 12.1 does not have the ability to decode IPv4 to IPv6 tunneling protocols such as ISATAP or Teredo.
If using IPv6 in the network, it is recommend to block IPv4 to IPv6 tunneling and only use native IPv6 traffic.
- SEP 12.1 RU4 MP1a and earlier does not have the ability to create firewall rules for specific IPv6 addresses. SEP 12.1 RU5 and newer does support this functionality.
In SEP 12.1 firewall rules can be created to filter IPv6 traffic. IPv6 traffic can be filtered by different ways, such as by TCP or UDP ports and protocols or by applications. So for instance, a firewall rule could be created to block HTTP port 80. This rule would block also IPv6 HTTP traffic. Similarly, a rule could be created to allow traffic to Outlook. This would allow the IPv6 traffic that is used by Outlook. However prior to SEP 12.1 RU5, it does not have the ability to create firewall rules to block or allow traffic based on a specific IPv6 address. This means for example that it is not possible to create a firewall rule to block IPv6 traffic to a specific server on the network while allowing the same IPv6 traffic to another system on the network.
- SEP 12.1 does not have the ability to do location awareness (a.k.a Auto Location Switching) by IPv6 addresses.
Regarding the use of IPv6 in the general of the architecture, IPv6 is currently not supported for any communication between the different SEP components themselves. All client - manager, console - manager, manager - manager traffic as well as LiveUpdate is all still based on IPv4.
It is planned to add IPv6 support for all components in the future, so that SEP can be used in pure IPv6 environments.