Requirements for IPv6 Firewalls

• Previous message (by thread): Requirements for IPv6 Firewalls
• Next message (by thread): Requirements for IPv6 Firewalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Thu, Apr 17, 2014 at 06:55:24PM +0200, Sander Steffann wrote:
> Hi Bill,
> 
> > Also, I note your draft is entitled "Requirements for IPv6 Enterprise
> > Firewalls." Frankly, no "enterprise" firewall will be taken seriously
> > without address-overloaded NAT. I realize that's a controversial
> > statement in the IPv6 world but until you get past it you're basically
> > wasting your time on a document which won't be useful to industry.
> 
> I disagree. While there certainly will be organisations that want such a 'feature' it is certainly not a requirement for every (I hope most, but I might be optimistic) enterprises.

I fully second Sander's input. I've been involved in IPv6 planning in a number of very large enterprises now and _none_ of them required/asked for (66/overloading) NAT for their firewall environments. A few think about very specific deployments of NPTv6 like stuff for connections to supplier/partner networks (to map those to their own address space) but these are corner cases not even relevant for their "firewalls".

best

Enno

 




> 
> Cheers,
> Sander
> 
> 

-- 
Enno Rey

ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey

=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
Twitter: @Enno_Insinuator
=======================================================

• Previous message (by thread): Requirements for IPv6 Firewalls
• Next message (by thread): Requirements for IPv6 Firewalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]