On the taskbar, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click Windows PowerShell, and then click Run as administrator.

From the command prompt, run the ConfigureLocalhostToIPv6Policy script with the required usage.

Note:
The script is located in the \Program Files\Microsoft Forefront Unified Access Gateway\utils\TMGIPv6Policy folder.

1. Type ConfigureLocalhostToIPv6Policy.vbs AllowAllLocalhostToIPv6 to allow all IPv6 traffic from the local host to the corpnet. This script usage:

   1. Enables the DirectAccess mode: Allow IPv6 traffic from Local Host rule by adding the Anywhere IPv6 range to the destination range.
      
      
   2. Adds the Anywhere IPv6 destination range to the IPv6 Computer Set for rules using domain name sets.
      
      

2. Type ConfigureLocalhostToIPv6Policy.vbs DisableAllLocalhostToIPv6 to disable IPv6 traffic from the local host to the corpnet. This script usage:

   1. Disables the DirectAccess mode: Allow IPv6 traffic from Local Host system rule.
      
      
   2. Clears the computer set used as the destination in rules using domain name sets.
      
      
   3. Deletes all user rules created by the script.
      
      

3. Type ConfigureLocalhostToIPv6Policy.vbs add <"protocol"> <from IP> <to IP> to add a protocol applied to a specific IPv6 range.

   Note:
   When specifying the protocol, you must use the full Forefront TMG protocol name.

   This script usage:

   1. Disables the DirectAccess mode: Allow IPv6 traffic from Local Host system rule by clearing the destination range.
      
      
   2. Creates a new system rule DirectAccess mode: Allow IPv6traffic from Forefront TMG to IPv6 networks for the outbound IPv6 infrastructure protocols, if the rule does not already exist.
      
      
   3. Creates an empty computer set to be used by rules using domain name sets.
      
      

   Note:

   If a protocol is defined in rules using domain name sets, the script adds a destination range to the computer sets used by all rules using domain name sets. If the protocol is not defined in the rules using domain name sets, the script creates a user rule with the protocol and destination range. The rule’s name is in the format:"DirectAccess mode: Allow IPv6 traffic from Forefront TMG IPv6 range <From IP>-<To IP> for protocol <ProtocolName> <Current time>”. For example, if the script is run as: ConfigureLocalhostToIPv6Policy.vbs add smtp :: ffff.ffff.ffff.ffff::ffff, the rule name that is created is; DirectAccess mode: Allow IPv6 traffic from Forefront TMG IPv6 range :: ffff.ffff.ffff.ffff::ffff for protocol smtp.

4. Type ConfigureLocalhostToIPv6Policy.vbs delete <"protocol"> <from IP> <to IP> to delete a protocol applied to a specific IPv6 range. This script usage:

   1. Disables the DirectAccess mode: Allow IPv6 traffic from Local Host system rule by clearing the destination range.
      
      
   2. Creates a new system rule DirectAccess mode: Allow IPv6traffic from Forefront TMG to IPv6 networks for the outbound IPv6 infrastructure protocols, if the rule does not already exist.
      
      
   3. Creates a computer set to be used by rules using domain name sets, if one does not already exist.
      
      

      Note:
      If a protocol is defined in the rules using domain name set, the script removes all exact ranges from the computer set used by rules using domain name sets. If the protocol is not defined in the rules using domain name, the script deletes all user rules with the protocol and exact destination range.