I found an issue with Sophos where I was unable to ping from my local network to a public IPv6 address even with the firewall rules in place to allow ICMPv6. The issue is when you enable NAT it enables for both IPv4 and IPv6. You need to create a NAT rule that ensures NAT will not apply to IPv6 and the issue will be resolved.

You really shouldn’t have to use NAT with IPv6 given the amount of IP Addresses available. Comcast for instance was giving me my own /64 block. Which is 2^64 = 18,446,744,073,709,551,616 total addresses but that isn’t counting the network ID and subnet mask so really it’s 18,446,744,073,709,551,614 addresses for my own use. Why use NAT at that point?

You can view my post on the Sophos Community Forums HERE