Firewall Wizards mailing list archives
Re: Quiet
From: David Hills <list () chippo net nz>
Date: Tue, 24 Jun 2014 14:05:28 +1200
Okay, I'll bite.
Thoughts on IPv6?
You mean you aren't doing this yet? You're still using Windows XP and Fax as well, right? Platforms like the XBox One are already using IPv6 almost exclusively for P2P communications. Even my 3 year old printer which barely does WiFi reached out for DHCPv6 and gave itself an IP address when V6 was turned on at home.
Thoughts on "Cloud Firewalls?"
I always use Cloud firewalls to protect my cloud assets. Otherwise those cloud bad actors might cloud my cloud product. My real IT though, uses real firewalls. Physical, Virtual, On-Site or in the Datacenter, frankly I don't care. But being "VMX" doesn't make you partly cloudy with a chance of rain.
Thoughts on Web Application Firewalls?
If they serve a purpose, SURE! They make great SSL offloadning and Load Balancing appliances. Wherever I can use the PCIDSS budget from the security team to make my customer experience better, that can't be a bad thing, right? Doesn't reduce the need for good code and server patching though.
1. Have any of you used the IPv6 IPSEC equivalent yet? Tunnel or
transport mode? Vendor hardware? Difficulties? Vendors that don't have IPv6 hardware in at least their ISP / Datacenter products are probably looking at some hard times ahead. Most of the u
2. I've pondered a cloud based service for web acceleration/filtering.
Perhaps it would use Riverbeds for bandwidth optimization via compression, dedupe, etc....? Anything like that out there? CloudFlare? Akamai? I think the Microsoft Azure CDN even offers much of this. The advantage in context for this list? Takes your IPv4 only Datacenter provider and makes your website IPv6 without you evening noticing. Woo!
3. If it doesn't do WAP, then it's an old fashioned firewall--and quite
possibly obsolete. These days, the firewall has to encompass the whole stack (except layer 8--the user). I guess you could make specific cases like for networks that don't exchange HTTP/S traffic. But seriously, if your firewall doesn't understand the protocols it is passing, if it doesn't enforce RFCs to some extent, if it doesn't do sanity checking on bounds, and true protocol inspection... then what is it doing? :-) UInless you've been asleep and you're still buying Cisco - all the big network security vendors have moved to this model. Fortinet barely advertise themselves as being a firewall anymore, it's all about "Application Control". In their case, they also have full parity in their UTM between both IPv4 and IPv6. It's a brave new world. So, my question then - Who's doing VoIP over IPv6? Are you seeing advantages once we get NAT out of the way? David On 24 June 2014 05:16, Paul D. Robertson <paul () compuwar net> wrote:
It's quiet here- I'd like to stir up some discussion... Thoughts on IPv6? Thoughts on "Cloud Firewalls?" Thoughts on Web Application Firewalls? Paul _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards