NG Firewalls & IPv6

Thu Apr 5 18:02:21 UTC 2018

Really?? I was looking to install and use as a vm to test with and everything I was reading said it was not implemented and was not on the horizon.

Only version I found from Sophos that was capable was the old Astaro version. I may have to take a second look.

Do you have any links to the configuration from their site you could send off list? Or on list if anyone else is interested.

Thanks,
Robert

-----Original Message-----
From: NANOG <nanog-bounces at nanog.org> On Behalf Of Adam Kennedy via NANOG
Sent: Thursday, April 5, 2018 11:46 AM
To: NANOG list <nanog at nanog.org>
Subject: Re: NG Firewalls & IPv6

We've been using DHCP-PD with Sophos SG/XG on a couple Comcast connections and it works fine. It will even go through all your firewall objects and automatically change the IPv6 prefix from the old to new if the prefix from PD changes.

--

Adam Kennedy, Network & Systems Engineer

adamkennedy at watchcomm.net

*Watch Communications*

(866) 586-1518

On Wed, Apr 4, 2018 at 2:41 PM, Chuck Anderson <cra at wpi.edu> wrote:

> Also, IPv6 BGP support was only introduced in PanOS 8.  But everything 
> works fine here too.
>
> On Wed, Apr 04, 2018 at 10:47:45AM +0000, Dan Kitchen wrote:
> > We run PaloAlto dual stack with no problems at all, that’s full 
> > dynamic
> routing with OSPF and BGP, web filtering, IPS, VPN access using 
> GlobalProtect, etc.
> >
> > I must admit GlobalProtect IPv6 support was only introduced in PanOS 
> > 8
> which was a little late in my opinion – but it was delivered and works.
> >
> >
> >
> >
> > Dan Kitchen
> > Managing Director
> > razorblue | IT Solutions for Business
> >
> > ddi:0330 122 7143 |  t: 0333 344 6 344 | e: dkitchen at razorblue.com
> <mailto:dkitchen at razorblue.com> | w: razorblue.com
> >
> > Legal and address information for all Razorblue Group companies can 
> > be
> found
> > at www.razorblue.com/contact.
> >
> > From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Joe Klein
> > Sent: 02 April 2018 23:58
> > To: NANOG list <nanog at nanog.org>
> > Subject: NG Firewalls & IPv6
> >
> > WARNING: This e-mail originated from outside the Razorblue Group
> corporate network
> >
> > All,
> >
> > At security and network tradeshows over the last 15 years, I have 
> > asked companies if their products supported "IPv6". They all claimed 
> > they did, but were unable to verify any successful installations. 
> > Later they told
> me
> > it was on their "Roadmap" but were unable to provide an estimated 
> > year, because it was a trade secret.
> >
> > Starting this last year at BlackHat US, I again visited every 
> > product booth, asking if their products supported dual-stack or IPv6 
> > only operations. Receiving only the same unsupported answers, I 
> > decided to
> focus
> > on one product category.
> >
> > To the gurus of the NANOG community, What are your experiences with 
> > installing and managing Next Generations firewalls? Do they support 
> > IPv6 only environments? Details? Stories?
> >
> > If you prefer not to disparage those poor product companies, please
> contact
> > me off the list.
> >
> > Thanks,
> >
> > Joe Klein
>