WatchGuard Support Center

Article ID :000017302
Browser traffic through a proxy does not fall back from IPv6 to IPv4

Applies To

	Products:	Firebox & XTM
	Operating System:	12.5.x
	Issue Status:	Open

Status and Tracking

Tracking ID:	FBX-19484
Status:	Open
Resolved In:

When users try to connect to a website at an IPv6 address through an HTTP or HTTPS proxy, and the server sends a RST response, the connection does not fall back to IPv4. This is because the proxy responds to a SYN packet from the client.

Workaround

Create an HTTP or HTTPS packet filter policy.
Add the IPv6 address of the HTTP/HTTPS server to the To field. You cannot specify an FQDN in the To field to workaround this issue.
From the HTTP/HTTPS connections are drop-down list, select Denied (Send Reset).
Save the policy. When users try to connect to the IPv6 address, the browser will fall back to IPv4, which the proxy policy handles successfully.

Knowledge Base - Article

Article ID :000017302
Browser traffic through a proxy does not fall back from IPv6 to IPv4

Applies To

Status and Tracking

Description

Workaround

Knowledge Base - Article

Search the WatchGuard Knowledge Base

Applies To

Status and Tracking

Description

Workaround