nanog mailing list archives

Re: IPv6 uptake (was: The Reg does 240/4)

From: William Herrin <bill () herrin us>
Date: Sat, 17 Feb 2024 10:53:41 -0800

On Sat, Feb 17, 2024 at 10:22 AM Justin Streiner <streinerj () gmail com> wrote:

Getting back to the recently revised topic of this thread - IPv6
uptake - what have peoples' experiences been related to
crafting sane v6 firewall rulesets in recent products from the
major firewall players (Palo Alto, Cisco, Fortinet, etc)?


Hi Justin,

It's been years since I used anything other than Linux to build
someone a firewall. It has such a superior toolset, not just for
setting rules but for diagnosing things that don't work as expected.
The COTS products aren't just painful for IPv6, they're painful for
IPv4.

I especially despised the Cisco PIX/ASA line. I did use Fortinet's WAF
product for a while and it was okay. I only used it as a reverse proxy
to a web server, and then only because it was a security compliance
requirement for that project.

Regards,
Bill Herrin



-- 
William Herrin
bill () herrin us
https://bill.herrin.us/

Current thread:

RE: IPv6 uptake (was: The Reg does 240/4), (continued)
- - - RE: IPv6 uptake (was: The Reg does 240/4) Howard, Lee via NANOG (Feb 19)
    - Re: IPv6 uptake (was: The Reg does 240/4) William Herrin (Feb 19)
    - Re: IPv6 uptake (was: The Reg does 240/4) Michael Thomas (Feb 18)
    - Re: IPv6 uptake (was: The Reg does 240/4) John Levine (Feb 16)
    - Re: IPv6 uptake (was: The Reg does 240/4) William Herrin (Feb 16)
    - Re: IPv6 uptake (was: The Reg does 240/4) John R. Levine (Feb 16)
    - Re: IPv6 uptake (was: The Reg does 240/4) William Herrin (Feb 16)
    - Re: IPv6 uptake (was: The Reg does 240/4) Ryan Hamel (Feb 16)
    - Re: IPv6 uptake (was: The Reg does 240/4) Justin Streiner (Feb 17)
    - Re: IPv6 uptake (was: The Reg does 240/4) Owen DeLong via NANOG (Feb 17)
    - Re: IPv6 uptake (was: The Reg does 240/4) William Herrin (Feb 17)
    - Re: IPv6 uptake (was: The Reg does 240/4) Steven Sommars (Feb 18)
    - Re: IPv6 uptake Stephen Satchell (Feb 17)
    - Re: IPv6 uptake (was: The Reg does 240/4) Tom Beecher (Feb 17)
    - Re: IPv6 uptake (was: The Reg does 240/4) Owen DeLong via NANOG (Feb 17)
    - Re: IPv6 uptake (was: The Reg does 240/4) Owen DeLong via NANOG (Feb 17)
    - RE: IPv6 uptake (was: The Reg does 240/4) Howard, Lee via NANOG (Feb 19)
    - Re: IPv6 uptake (was: The Reg does 240/4) William Herrin (Feb 19)
    - Re: IPv6 uptake (was: The Reg does 240/4) Jay R. Ashworth (Feb 16)
    - Re: IPv6 uptake (was: The Reg does 240/4) Owen DeLong via NANOG (Feb 17)
    - Re: IPv6 uptake (was: The Reg does 240/4) Matthew Walster via NANOG (Feb 18)

(Thread continues...)