[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NG Firewalls & IPv6
- Subject: NG Firewalls & IPv6
- From: nanog at jima.us (Jima)
- Date: Tue, 3 Apr 2018 23:44:54 -0600
- In-reply-to: <CAP032[email protected]>
- References: <CAP032[email protected]>
Hey Joe,
I don't know how next-gen they'd be considered, but I've had reasonably good luck with Cisco ASA (v9+), and to a lesser degree Juniper ScreenOS (v6.3+). Modern-ish ASA does v6-only pretty well; ScreenOS has more v4-dependent nuances, that I've found.
I do like the NAT64 support in ASA (although it sadly doesn't support the Well-Known Prefix) -- no love in ScreenOS, as far as I've ever found.
- Jima
> On Apr 2, 2018, at 16:58, Joe Klein <jsklein at gmail.com> wrote:
>
> All,
>
> At security and network tradeshows over the last 15 years, I have asked
> companies if their products supported "IPv6". They all claimed they did,
> but were unable to verify any successful installations. Later they told me
> it was on their "Roadmap" but were unable to provide an estimated year,
> because it was a trade secret.
>
> Starting this last year at BlackHat US, I again visited every product
> booth, asking if their products supported dual-stack or IPv6 only
> operations. Receiving only the same unsupported answers, I decided to focus
> on one product category.
>
> To the gurus of the NANOG community, What are your experiences with
> installing and managing Next Generations firewalls? Do they support IPv6
> only environments? Details? Stories?
>
> If you prefer not to disparage those poor product companies, please contact
> me off the list.
>
> Thanks,
>
> Joe Klein
>
> "inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1)
> PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8