My idea is to have full IPv6 support in Symatnec Endpoint Protection.
There is a KB article http://www.symantec.com/docs/TECH174897 which details what is and is not supported, however IPv6 is actively in use on some of our customers networks and the items that are not supported constitute huge gaps in IPv6 support that leave our systems open to attack.
For example:
- The inablity to specifiy network locations on native IPv6 networks is a huge issue. This means we can't specify different firewall rulesets for clients "inside" the corporate network and clients "outside" the corporate network.
- The inablity to specify source or destination IPv6 addresses in firewall rules is also a huge issue. For services like web browsing (TCP 80, 443) etc its acceptible to create a rule with any source/destination, however with services such as "Remote Desktop TCP 3389" for example, its a security requirement that only selected hosts are permitted to Remote Desktop to workstations. Its not acceptible to open a firewall rule to allow all IPv6 hosts the ability to RDP to a machine.
- The firewall issue coupled with the inability to specify location profiles means we need to open system sensitive services like RPC or Remote Desktop for all IPv6 hosts when they are on the Internet or corporate network.
Please impliment full IPv6 support in firewall rules and location profiles!