Views:

Deep Security has several filter layers where IPv6 goes through (verifier, modulesmicro, blocked list, Firewall/DPI) for verification.

In this case, the IP header was checked at the Verifier level and was found to have malformed packets. This means that IPv6 was held at the Verifier level blocking the traffic despite the Firewall and DPI being disabled.

As a workaround, please do the following:

For Deep Security 8.0:

  1. Go to DSM > System > System Settings > Network Engine > Advanced.
  2. Enable the Use custom driver settings check box and then set the following options to No:
    • Block IPv6 for Pre 8.0 Agents and Appliances
    • Block IPv6 for 8.0 and Above Agents and Appliances
  3. Click Save for the settings to take effect.
 
This issue will be addressed once we release Service Pack 4 for Deep Security 7.5 and once we release an update for Deep Security 8.0.
 

For Deep Security 9.0:

  1. Go to Policy/Computer Editor > Settings > Network Engine.
  2. Go to Advanced Network Engine Settings and set the following options to No:
    • Block IPv6 on Agents and Appliances versions 8 and earlier
    • Block IPv6 on Agents and Appliances versions 9 and later
  3. Click Save for the settings to take effect.
Keywords: IPv6,firewall event,malformed packets,Firewall events malfunction