NG Firewalls & IPv6

• Previous message (by thread): NG Firewalls & IPv6
• Next message (by thread): NG Firewalls & IPv6
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We've deployed about a dozen Sophos SG and XG firewalls with IPv6 on WAN,
LAN and VPN with great success. The XG is the firmware with the more modern
appearance and a couple latest-gen features. But the SG is just as "next
gen" and still has good IPv6 capability.

--

Adam Kennedy, Network & Systems Engineer

adamkennedy at watchcomm.net

*Watch Communications*

(866) 586-1518





On Wed, Apr 4, 2018 at 1:44 AM, Jima <nanog at jima.us> wrote:

> Hey Joe,
>
> I don't know how next-gen they'd be considered, but I've had reasonably
> good luck with Cisco ASA (v9+), and to a lesser degree Juniper ScreenOS
> (v6.3+). Modern-ish ASA does v6-only pretty well; ScreenOS has more
> v4-dependent nuances, that I've found.
>
> I do like the NAT64 support in ASA (although it sadly doesn't support the
> Well-Known Prefix) -- no love in ScreenOS, as far as I've ever found.
>
> - Jima
>
> > On Apr 2, 2018, at 16:58, Joe Klein <jsklein at gmail.com> wrote:
> >
> > All,
> >
> > At security and network tradeshows over the last 15 years, I have asked
> > companies if their products supported "IPv6". They all claimed they did,
> > but were unable to verify any successful installations. Later they told
> me
> > it was on their "Roadmap" but were unable to provide an estimated year,
> > because it was a trade secret.
> >
> > Starting this last year at BlackHat US, I again visited every product
> > booth, asking if their products supported dual-stack or IPv6 only
> > operations. Receiving only the same unsupported answers, I decided to
> focus
> > on one product category.
> >
> > To the gurus of the NANOG community, What are your experiences with
> > installing and managing Next Generations firewalls? Do they support IPv6
> > only environments? Details? Stories?
> >
> > If you prefer not to disparage those poor product companies, please
> contact
> > me off the list.
> >
> > Thanks,
> >
> > Joe Klein
> >
> > "inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene
> 1)
> > PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8
>

• Previous message (by thread): NG Firewalls & IPv6
• Next message (by thread): NG Firewalls & IPv6
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]