Hello,
After troubleshooting several issues in depth with hosts that I could not access via network behind Sophos XG, but could elsewhere, even when fully excluded (web, firewall, IPS, SSL logs would all show allowed), I finally figured out that the problem is that the hosts are dual-stack (IPv4/IPv6), so my DNS exclusion didn't apply to IPv6.
Unfortunately, it appears that I cannot add the DNS (FQDN) hosts to IPv6 exclusions at all - it only supports IP addresses, MAC hosts, and built in groups (ANY, SSL VPN, etc). Disabling all filtering on IPv6 works and resolves the issue, but then leaves IPv6 wide open.
Is my only option to manually resolve the IPv6 addresses and add then each individually? Why can't FQDN hosts be both IPv4 AND IPv6, or at least why can't I maintain a separate list?
I last saw this mentioned over two years ago (https://community.sophos.com/sophos-xg-firewall/f/discussions/105112/how-to-add-fqdn-in-ipv6) - is it still an issue?
This thread was automatically locked due to age.
