...

interface Vlan9
 description IPv6_only_Servers
 no ip address
 no ip proxy-arp
 ipv6 address 2001:610:148:BAD::1/64
 ipv6 nd prefix 2001:610:148:BAD::/64
 ipv6 traffic-filter ipv6_servers2only_servers_out in
 ipv6 traffic-filter ipv6_only__servers2servers_in out
end

I started out with IPv6 ACLs that disallow everything by default, and then open up specific things.

...

Unfortunately the Microsoft Update servers are also available only on IPv4 .

I set-up a limiting HTTP proxy server that listens on IPv6, and added a number of regular expressions to allow Windows to download updates.

Details of the proxy and the Windows configuration process are described on a separate page.

As can be seen from the lists, several other URLs also need whitelisting, such as CRLs and OCSPs.Details of the proxy

Secunia CSI

This tool monitors installed software for vulnerabilities. We have the corporate version CSI 6. This is a service that registers itself at Secunia to download patch lists, upload results, etc.

Unfortunately the host is question agent.csi6.secunia.com is only reachable via IPv4.

But when configured to use the HTTP proxy everything works as expected  and the Windows configuration process are described on a separate page.

Exact Software

I phoned up Exact Software Netherlands to see if Exact Globe would support IPv6, but the help desk could not provide me with a definitive answer. So then, time for some testing. 

...