nanog mailing list archives
Re: NG Firewalls & IPv6
From: Adam Kennedy via NANOG <nanog () nanog org>
Date: Thu, 5 Apr 2018 11:46:20 -0400
We've been using DHCP-PD with Sophos SG/XG on a couple Comcast connections and it works fine. It will even go through all your firewall objects and automatically change the IPv6 prefix from the old to new if the prefix from PD changes. -- Adam Kennedy, Network & Systems Engineer adamkennedy () watchcomm net *Watch Communications* (866) 586-1518 On Wed, Apr 4, 2018 at 2:41 PM, Chuck Anderson <cra () wpi edu> wrote:
Also, IPv6 BGP support was only introduced in PanOS 8. But everything works fine here too. On Wed, Apr 04, 2018 at 10:47:45AM +0000, Dan Kitchen wrote:We run PaloAlto dual stack with no problems at all, that’s full dynamicrouting with OSPF and BGP, web filtering, IPS, VPN access using GlobalProtect, etc.I must admit GlobalProtect IPv6 support was only introduced in PanOS 8which was a little late in my opinion – but it was delivered and works.Dan Kitchen Managing Director razorblue | IT Solutions for Business ddi:0330 122 7143 | t: 0333 344 6 344 | e: dkitchen () razorblue com<mailto:dkitchen () razorblue com> | w: razorblue.comLegal and address information for all Razorblue Group companies can befoundat www.razorblue.com/contact. From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Joe Klein Sent: 02 April 2018 23:58 To: NANOG list <nanog () nanog org> Subject: NG Firewalls & IPv6 WARNING: This e-mail originated from outside the Razorblue Groupcorporate networkAll, At security and network tradeshows over the last 15 years, I have asked companies if their products supported "IPv6". They all claimed they did, but were unable to verify any successful installations. Later they toldmeit was on their "Roadmap" but were unable to provide an estimated year, because it was a trade secret. Starting this last year at BlackHat US, I again visited every product booth, asking if their products supported dual-stack or IPv6 only operations. Receiving only the same unsupported answers, I decided tofocuson one product category. To the gurus of the NANOG community, What are your experiences with installing and managing Next Generations firewalls? Do they support IPv6 only environments? Details? Stories? If you prefer not to disparage those poor product companies, pleasecontactme off the list. Thanks, Joe Klein
Current thread:
- NG Firewalls & IPv6 Joe Klein (Apr 02)
- Re: NG Firewalls & IPv6 David Hubbard (Apr 02)
- Re: NG Firewalls & IPv6 Saku Ytti (Apr 03)
- Re: NG Firewalls & IPv6 Jean | ddostest.me via NANOG (Apr 03)
- Re: NG Firewalls & IPv6 Saku Ytti (Apr 03)
- Re: NG Firewalls & IPv6 Jima (Apr 03)
- Re: NG Firewalls & IPv6 Adam Kennedy via NANOG (Apr 04)
- RE: NG Firewalls & IPv6 Robert Webb (Apr 04)
- Re: NG Firewalls & IPv6 Adam Kennedy via NANOG (Apr 04)
- RE: NG Firewalls & IPv6 Dan Kitchen (Apr 04)
- Re: NG Firewalls & IPv6 Chuck Anderson (Apr 04)
- Re: NG Firewalls & IPv6 Adam Kennedy via NANOG (Apr 05)
- RE: NG Firewalls & IPv6 Robert Webb (Apr 05)
- Re: NG Firewalls & IPv6 Chuck Anderson (Apr 04)
- Re: NG Firewalls & IPv6 David Hubbard (Apr 02)
- Re: NG Firewalls & IPv6 Blake Hudson (Apr 05)
- Re: NG Firewalls & IPv6 Keith Stokes (Apr 05)