IPv6 Considerations

Tip:

Endpoint Application Control endpoints register their IP address with the server after installation. The registered IP address can affect communication with Endpoint Application Control servers. Verify that the server endpoint IPv4 or IPv6 address can be reached. For example, at the command prompt, use ping or nslookup to test the connection.

The following limitations apply to Endpoint Application Control installations in dual-stack and IPv6 environments:

  • Some versions of Windows do not support IPv6 addressing.

    For information about IPv6 support in Microsoft products and services, see the Microsoft Technet article at https://technet.microsoft.com/en-us/network/hh994905.aspx.

  • Some installation methods require special attention to install successfully in IPv6 environments. See the following table:

    Table 1. IP Version Considerations

    Endpoint IP Version

    Agent Considerations

    Server Considerations

    IPv4

    IPv4 endpoints use their IPv4 address to register with the Endpoint Application Control server.

    Management:

    • Endpoint Application Control servers installed on IPv4 or dual-stack endpoints can manage IPv4 endpoints.

    • Endpoint Application Control servers installed on IPv6 endpoints are unable to manage IPv4 endpoints.

    IPv6

    IPv6 endpoints use their IPv6 address to register with the Endpoint Application Control server.

    Management:

    • Endpoint Application Control servers installed on IPv6 or dual-stack endpoints can manage IPv6 endpoints.

    • Endpoint Application Control servers installed on IPv4 endpoints are unable to manage IPv6 endpoints.

    To manage IPv6 agents, your Endpoint Application Control server endpoint must have an IPv6 address. The server can be identified by its host name or this IPv6 address.

    To identify an IPv6 server by its host name, use its Fully Qualified Domain Name (FQDN). In pure IPv6 environments, WINS servers are unable to translate host names to their corresponding IPv6 addresses.

    Important:

    If you install Endpoint Application Control server on a pure IPv6 endpoint, your network must allow the Endpoint Application Control server to communicate with IPv4 addresses on the Internet to connect to Trend Micro services such as ActiveUpdate, Online Registration, and the Certified Safe Software Service. Use a dual-stack proxy server to convert between IPv6 and IPv4 addresses. Position the proxy server between the Endpoint Application Control server endpoint and the Internet.

    Dual-stack

    Dual-stack endpoints use either their IPv4 or IPv6 address to register with the Endpoint Application Control server.

    To specify whether dual-stack endpoints will use their IPv4 or IPv6 address, during agent installation specify the server IP address using your preferred IP version.

    Management:

    • Endpoint Application Control servers installed on IPv4, IPv6, or dual-stack endpoints can manage dual-stack endpoints.

    To manage IPv4 and IPv6 agents, your Endpoint Application Control server endpoint must have both IPv4 and IPv6 addresses and must be identified by its host name.

    If a server is identified only by its IPv4 address, IPv6 agents are unable to connect to the server. Likewise, if a server is identified only by its IPv6 address, IPv4 agents are unable to connect to the server.