NG Firewalls & IPv6

• Previous message (by thread): NG Firewalls & IPv6
• Next message (by thread): NG Firewalls & IPv6
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just don't plan on using dhcp-pd on any of those anytime soon.

My understanding is that it is not even on the roadmap or even considered to have a need for it even though people have been wanting it for quite a while.

Robert

-----Original Message-----
From: NANOG <nanog-bounces at nanog.org> On Behalf Of Adam Kennedy via NANOG
Sent: Wednesday, April 4, 2018 11:27 AM
To: NANOG list <nanog at nanog.org>
Subject: Re: NG Firewalls & IPv6

We've deployed about a dozen Sophos SG and XG firewalls with IPv6 on WAN, LAN and VPN with great success. The XG is the firmware with the more modern appearance and a couple latest-gen features. But the SG is just as "next gen" and still has good IPv6 capability.

--

Adam Kennedy, Network & Systems Engineer

adamkennedy at watchcomm.net

*Watch Communications*

(866) 586-1518





On Wed, Apr 4, 2018 at 1:44 AM, Jima <nanog at jima.us> wrote:

> Hey Joe,
>
> I don't know how next-gen they'd be considered, but I've had 
> reasonably good luck with Cisco ASA (v9+), and to a lesser degree 
> Juniper ScreenOS (v6.3+). Modern-ish ASA does v6-only pretty well; 
> ScreenOS has more v4-dependent nuances, that I've found.
>
> I do like the NAT64 support in ASA (although it sadly doesn't support 
> the Well-Known Prefix) -- no love in ScreenOS, as far as I've ever found.
>
> - Jima
>
> > On Apr 2, 2018, at 16:58, Joe Klein <jsklein at gmail.com> wrote:
> >
> > All,
> >
> > At security and network tradeshows over the last 15 years, I have 
> > asked companies if their products supported "IPv6". They all claimed 
> > they did, but were unable to verify any successful installations. 
> > Later they told
> me
> > it was on their "Roadmap" but were unable to provide an estimated 
> > year, because it was a trade secret.
> >
> > Starting this last year at BlackHat US, I again visited every 
> > product booth, asking if their products supported dual-stack or IPv6 
> > only operations. Receiving only the same unsupported answers, I 
> > decided to
> focus
> > on one product category.
> >
> > To the gurus of the NANOG community, What are your experiences with 
> > installing and managing Next Generations firewalls? Do they support 
> > IPv6 only environments? Details? Stories?
> >
> > If you prefer not to disparage those poor product companies, please
> contact
> > me off the list.
> >
> > Thanks,
> >
> > Joe Klein
> >
> > "inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, 
> > Scene
> 1)
> > PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8
>

• Previous message (by thread): NG Firewalls & IPv6
• Next message (by thread): NG Firewalls & IPv6
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]