Author Topic: Network Zones - Home #1 Home #2 - IPv6 issue.  (Read 836 times)

Offline CISfan

  • Comodo's Hero
  • *****
  • Posts: 1806
Re: Network Zones - Home #1 Home #2 - IPv6 issue.
« Reply #15 on: May 11, 2022, 05:22:59 AM »
Yes I'm very sure.
Because I couldn't believe what was happening I even uninstalled CIS and installed old version 12.0.0.6882 and used it with default Firewall Security config settings in which the filter IPv6 setting is disabled out-of-the-box (but I've checked it anyway) and also with this old version the IPv6 non local address got added to the Home #1 Network Zone.

Of course when using a browser the computer IPv4 and/or IPv6 addresses are being exposed. This is normal as a browser has it own set of Firewall rules in which you allow these connections.

To my believe Home Network Zones should only contain local IP addresses (IPv4 and/or IPv6) that belong to a LAN and not to a WAN.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5349
Re: Network Zones - Home #1 Home #2 - IPv6 issue.
« Reply #16 on: May 11, 2022, 07:04:08 PM »
Clearly your ISP is providng public you a IPv6 address block which in tunr is distributed by your router for eact endpoint. Take a look at manage networks firewall task to get an idea of why this is occuring. CIS will always detect IPv6 addresses assigned to network adapters it can see regardless of IPv6 filtering firewall setting. Your getting hung up by the name of "detect private networks" when in fact it doesn't matter the type of address being assigned to your computer, CIS will keep track of it and define it as part of a network zone. You would still get this alert if you were to directly connect to your modem and get an IPv4 public address assigned to a NIC.

Offline CISfan

  • Comodo's Hero
  • *****
  • Posts: 1806
Re: Network Zones - Home #1 Home #2 - IPv6 issue.
« Reply #17 on: May 12, 2022, 10:02:09 AM »
Thank you futuretech.

I think that I indeed got carried away by the part "Private" which I thought that Home Network Zones would only contain locally assigned IP addresses for computers connected inside a LAN (computers <-> modem/router connections) which addresses are not directly visible on the WAN (modem/router <-> ISP connection).

In the manage networks firewall task I see locally assigned IPv4 addresses (range 192.168.xxx.xxx) to computers but I don't see the IPv4 address that is actually being used to connect to the WAN (internet). Therefore I also expected to see only locally assigned IPv6 addresses (range fe80::/10 or else what is defined as locally on IPv6) but I only saw these IPv6 addresses appearing which are also being used to connect to the WAN.
Locally assigned LAN IPv4 addresses seem to be "isolated" from the IPv4 address which is used on the WAN and maybe for IPv6 this "isolation" is not always applicable.

Maybe it depends on the hardware (NIC/modem/router) how IPv6 addresses are being assigned/handled/treated or distributed between computers and modem/router and whether these IPv6 addresses appear (being used) on LAN connections or on WAN connections as well.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek