IPv6 firewall support

• Previous message (by thread): IPv6 firewall support
• Next message (by thread): Comcast Contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Have to say, using screenOS 5.4 on our juniper kit and relatively happy.

Elsewhere, if you just want a packet filter, v6 ACLs are fine, depending 
of course whether they are done in hardware or software and if this is 
appropriate for your application (i.e , ACL in software path is 
perfectly appropriate in a number of scenarios where you have dedicated 
router and low traffic environment....)

Dave.


michael.dillon at bt.com wrote:
> Some people have claimed that they cannot yet sell
> IPv6 Internet access because there is no IPv6 firewall
> support. According to this ICANN study:
> http://www.icann.org/committees/security/sac021.pdf
> this is not quite true. At least 30% of the 42 vendors
> surveyed, had IPv6 support.
> 
> According to this talk 
> <http://www.guug.de/veranstaltungen/ecai6-2007/slides/2007-ECA-I6-Status
> -IPv6-Firewalling-PeterBieringer-Talk.pdf> 
> many open-source and commercial firewalls supporting IPv6 are available.
> 
> IPCop is based on Linux
> <http://www.ipcop.org/index.php?module=pnWikka&tag=IPCopScreenshots>
> 
> m0n0wall is based on FreeBSD
> <http://m0n0.ch/wall/screenshots.php>
> 
> pfSense is also based on FreeBSD
> <http://pfsense.com/index.php?id=26>
> 
> FWBuilder is a management tool that builds filter setups for 
> several different firewalls.
> <http://www.fwbuilder.org/archives/cat_screenshots.html>
> 
> Checkpoint FW1 NGX R65 on SecurePlatform supports IPv6
> 
> FortiGate supports IPv6 in FortiOS 3.0 and up.
> 
> Juniper SSG (formerly Netscreen) supports IPv6 in ScreenOS 6.0 and up.
> 
> Cisco ASA (formerly PIX) supports IPv6 in version 7.0 and up.
> 
> I suspect that the people complaining about IPv6 support are 
> partially complaining because they have older hardware that 
> the vendor does not plan to upgrade to IPv6 support until 
> they have all features implemented in their newer products, 
> and partially complaining because their vendor has not 
> implemented some feature which they happen to use.
> 
> Commercial firewall support may be lagging behind OS and 
> router support, but not by much. And if commercial vendors 
> are not responsive, maybe you should try pricing out an open 
> source solution with a consultant. I believe there is a gap 
> here that startup firewall companies could fill if they 
> understand the enterprise market.
> 
> --Michael Dillon
> 

• Previous message (by thread): IPv6 firewall support
• Next message (by thread): Comcast Contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]