NAT firewall for IPv6?
Larry Sheldon
larrysheldon at cox.net
Tue Jul 5 22:51:07 UTC 2016
My how the world has changed!
On 7/1/2016 21:28, Edgar Carver wrote:
> Hello NANOG community. I was directed here by our network administrator
> since she is on vacation.
I am Old School, I guess. In my day Step One would be "Fire the
administrator." The job is by nature a 24 X 7 X 52 job and "On Call"
the rest of the time. "Vacation" is never a reason to leave your
assignment insecure.
"NAT-based firewall"? Really?
How long has the consultant been out of business?
Luckily, I minored in Computer Science so I have
> some familiarity.
>
> We have a small satellite campus of around 170 devices that share one
> external IPv4 and IPv6 address via NAT for internet traffic. Internal
> traffic is over an MPLS.
>
> We're having problems where viruses are getting through Firefox, and we
> think it's because our Palo Alto firewall is set to bypass filtering for
> IPv6. Unfortunately, the network admin couldn't give me the password since
> a local consultant set it up, and it seems they went out of business. I
> need to think outside the box.
>
> Is there some kind of NAT-based IPv6 firewall I can setup on the router
> that can help block viruses? I figure that's the right place to start since
> all the traffic gets funneled there. We have a Cisco Catalyst as a
> router. Or, ideally, is there an easy way to turn off IPv6 completely? I
> really don't see a need for it, any legitimate service should have an IPv4
> address.
>
> I'd really appreciate your advice. I plan to drive out there tomorrow,
> where I can get the exact model numbers and stuff.
>
> Regards,
> Dr. Edgar Carver
>
--
"Everybody is a genius. But if you judge a fish by
its ability to climb a tree, it will live its whole
life believing that it is stupid."
--Albert Einstein
From Larry's Cox account.
More information about the NANOG
mailing list