Some ISP routers still don’t like IPv6, and 2024.5 added WAN / LAN detection with additional hardening. The full Guard page and Drop connection features were rolled-back at the last minute as WAN detection was triggering in some circumstances on the LAN, but I only have a link to the HASS podcast created before the rollback. As the feature was pulled from 2024.5, I’d concentrate on IPv4 verses IPv6 routing and DNS.
I’ve seen IPv6 connect, when IPv4 fails due to DHCP or other routing issues - the complexity here is a dual-stack client device might automatically choose IPv6 (LLA or ULA) masking a failure and thoroughly confusing you.
There’s a few threads on here with more detailed examples (I deliberately use HAOS to avoid container routing), but ping -4 xxxx and ping -6 xxxx are your friend.
(Aside - my least favourite recent issue was an intermittent uplink that broke IPv4 DHCP but allowed just enough IPv6 to confuse my tracing. 4h to find a bad SFP! Grr!)