Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tanr
Valued Contributor II

Teredo IPv6 tunnel through IPv4 - Any way to inspect without going to IPv6?

Hi All,

 

FortiGate 300D v5.4.1.  Just going live with a subset of our vlans and watching traffic, I noticed a ton of UPD/3544 from our Windows boxes, which is likely Teredo - Microsoft's IPv6 tunnel through IPv4.  I've kept everything in-house at IPv4 still.

 

A while back there were a lot of comments that Teredo could too easily be used by malware to bypass inspection by gateway firewalls.  I haven't seen much recently, but Symantec's write up on it was concerning: http://www.symantec.com/avcenter/reference/Teredo_Security.pdf.

 

My uneducated questions:

- Is Teredo still seen as a security risk?

- I assume FGT isn't aware of Teredo and there's no way for me to inspect it without moving over to IPv6 dual stack?

- Has anybody blocked Teredo at the FGT and disabled for the Windows clients (netsh interface teredo set state disable) and how did it go?

 

Thanks in advance for any pointers.

1 REPLY 1
63kk0
New Contributor II

Apologies for the ask, and I know this is very old, so I won't likely get an answer, but I have run into a similar situation where I see Teredo IPv6 over IPv4 tunnels being used for Xbox traffic, which circumvents policies and inspection when the firewall is in IPv4 mode.  Except, that I am using firmware 6.4.10 on a FGT60F.  I assume, likewise, that I will have to setup IPv6 mode for my firewall to be able to even inspect this tunnel, yes?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors