WatchGuard Support Center

Knowledge Base - Article

 Browser traffic through a proxy does not fall back from IPv6 to IPv4

Products: Firebox & XTM
Operating System: 12.5.x
Issue Status: Open
Tracking ID: FBX-19484
Status: Open
Resolved In:
When users try to connect to a website at an IPv6 address through an HTTP or HTTPS proxy, and the server sends a RST response, the connection does not fall back to IPv4. This is because the proxy responds to a SYN packet from the client.
  1. Create an HTTP or HTTPS packet filter policy. 
  2. Add the IPv6 address of the HTTP/HTTPS server to the To field. You cannot specify an FQDN in the To field to workaround this issue.
  3. From the HTTP/HTTPS connections are drop-down list, select Denied (Send Reset)
  4. Save the policy. When users try to connect to the IPv6 address, the browser will fall back to IPv4, which the proxy policy handles successfully.