Operational Defect Database
BugZero found this defect 1475 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000kCPhSAM
Browser traffic through a proxy does not fall back from IPv6 to IPv4
Last update date:
5/5/2020
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.5.x
Fixed releases:
All
Description:
Issue
When users try to connect to a website at an IPv6 address through an HTTP or HTTPS proxy, and the server sends a RST response, the connection does not fall back to IPv4. This is because the proxy responds to a SYN packet from the client.
Workaround/Solution
Create an HTTP or HTTPS packet filter policy. Add the IPv6 address of the HTTP/HTTPS server to the To field. You cannot specify an FQDN in the To field to workaround this issue.From the HTTP/HTTPS connections are drop-down list, select Denied (Send Reset). Save the policy. When users try to connect to the IPv6 address, the browser will fall back to IPv4, which the proxy policy handles successfully.
