SNX in Application Mode does not support IPv6 and does not support IPv4-mapped to IPv6.
No fix is required; the system is functioning as designed.
Since R77.20, by default, IPv6 connections and IPv4-mapped to IPv6 connections will go directly to destination and not through the SSL tunnel, even if it is destination in the encryption domain.
In order to enhance the security, SNX user can change the default behaviour for such connections to be dropped.
In Windows Registry, set the decimal value of the following DWORD 32 key to 11:
HKEY_CURRENT_USER\Software\Checkpoint\SSL Network Extender\parameters\DropIpv6
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
- 01244809 , 01294173 , 01353737 , 01386596