I’ve been using PfSense @ home dual-stack on Cox for a year or two. As far as I
can tell any IPv6 problems are Cox issues.
On Apr 5, 2018, at 12:12 PM, Blake Hudson
mailto:bl...@ispn.net>> wrote:
I've used pfSense (BSD firewall) in a dual stack setup. Not all features
are at parity with v4 (th
configuration from their site you could send off
list? Or on list if anyone else is interested.
Thanks,
Robert
-Original Message-
From: NANOG On Behalf Of Adam Kennedy via NANOG
Sent: Thursday, April 5, 2018 11:46 AM
To: NANOG list
Subject: Re: NG Firewalls & IPv6
We've been usin
I've used pfSense (BSD firewall) in a dual stack setup. Not all features
are at parity with v4 (the captive portal doesn't support v6, for
example), but the core features of stateful firewall, DHCPv6, etc seemed
to work without any fuss.
Joe Klein wrote on 4/2/2018 5:58 PM:
> All,
>
> At security
We've been using DHCP-PD with Sophos SG/XG on a couple Comcast connections
and it works fine. It will even go through all your firewall objects and
automatically change the IPv6 prefix from the old to new if the prefix from
PD changes.
--
Adam Kennedy, Network & Systems Engineer
adamkenn...@watc
Also, IPv6 BGP support was only introduced in PanOS 8. But everything works
fine here too.
On Wed, Apr 04, 2018 at 10:47:45AM +, Dan Kitchen wrote:
> We run PaloAlto dual stack with no problems at all, that’s full dynamic
> routing with OSPF and BGP, web filtering, IPS, VPN access using
>
We run PaloAlto dual stack with no problems at all, that’s full dynamic routing
with OSPF and BGP, web filtering, IPS, VPN access using GlobalProtect, etc.
I must admit GlobalProtect IPv6 support was only introduced in PanOS 8 which
was a little late in my opinion – but it was delivered and work
y via NANOG
Sent: Wednesday, April 4, 2018 11:27 AM
To: NANOG list
Subject: Re: NG Firewalls & IPv6
We've deployed about a dozen Sophos SG and XG firewalls with IPv6 on WAN, LAN
and VPN with great success. The XG is the firmware with the more modern
appearance and a couple latest-gen
We've deployed about a dozen Sophos SG and XG firewalls with IPv6 on WAN,
LAN and VPN with great success. The XG is the firmware with the more modern
appearance and a couple latest-gen features. But the SG is just as "next
gen" and still has good IPv6 capability.
--
Adam Kennedy, Network & System
Hey Joe,
I don't know how next-gen they'd be considered, but I've had reasonably good
luck with Cisco ASA (v9+), and to a lesser degree Juniper ScreenOS (v6.3+).
Modern-ish ASA does v6-only pretty well; ScreenOS has more v4-dependent
nuances, that I've found.
I do like the NAT64 support in ASA
If by NextGen you meant performance, then I recommend to have a look at
kipfw over Netmap driver on a FreeBSD 11 box. You buy a couple of
Chelsio 40 Gbps or 100 Gbps NIC and you are in business.
It was mentioned here in NANOG couple of years ago. Very good stuff, but
you will need to invest a
Done Checkpoint, Netscreen, SRX , iptables, nftables IPv6 FW all with
dynamic routing, but only under extreme duress, like I'm sure everyone
who is forced to touch stateful firewalls. Send help.
Seems to me this has mostly worked for over decade, worked in context
where stateful FW can be said to
I’ve been doing dual stack through Fortinet products for many years without
issue. Well, no issue from a technical perspective. Sometimes you have to dig
for a bit to find the equivalent v6 CLI commands, and occasionally there’s GUI
stuff missing that requires CLI where the v4 equivalent didn’
12 matches
Mail list logo
