Department of Defense
High Performance Computing Modernization Program

Enabling IPv6 in Microsoft Windows-based Firewalls

Most of the settings available in the basic Windows Firewall are IP-agnostic, so filtering rules apply equally to IPv4 and IPv6. This has been the case since the Windows Firewall became IPv6-aware in Windows XP Service Pack 2. Even in Windows Firewall with Advanced Security, most filtering rules are still either port-oriented (specified IP ports) or application-oriented (specified applications that use those ports).

The predefined Inbound and Outbound Rules are IP-agnostic by default. Only Scope Settings made when configuring custom Inbound or Outbound Rules will be IP-protocol specific (specified IPv4 or IPv6 addresses or address ranges in the Scope Settings tab). Making Scope Settings in different Microsoft Windows versions is done as follows:

XP is shown here,
XP SP2 and SP3 is shown here,
Vista is shown here,
Windows 7 is shown here,
and Windows 8/8.1/10 is shown here.

Documentation for Scope Settings different Microsoft Windows versions is available as follows:

XP SP2 and SP3 is available here,
Vista, Server 2008, Windows 7, and Server 2008 R2 is available here,
Windows Server 2012 is available here, and
Windows Server 2016 and Windows 8/8.1/10 is available here.

Disabling IPv6 in Microsoft Windows-based Firewalls

Rather than disabling IPv6 in the firewall (for the few individual custom Inbound or Outbound Rules that may have been configured as IP-protocol specific), it is a better practice to selectively disable it in the operating system. See the “Disabling IPv6 in Microsoft Windows” article for the appropriate version of Windows in the IP Transport section.


Top