Re: [fw-wiz] IPv6 and IPSec

• Previous message: Peter Bruderer: "Re: [fw-wiz] Netscreen compatibility"
• In reply to: suren: "[fw-wiz] IPv6 and IPSec"
• Next in thread: Paul D. Robertson: "Re: [fw-wiz] IPv6 and IPSec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Sat, 28 Aug 2004 05:22:32 +0530

On 26/08/04 13:47 -0700, suren wrote:
> Hi,
> IPSec based security is MUST for IPv6. Due to this, I would
> assume that end systems would use IPSec to secure the traffic
> going out.
>
> Quite a number of times, organizations would like to filter out
> the connection(Firewall) run the data through centralized virus
> scanning/spam scanning engines. This requires clear traffic.
>
> With respect to these, I have questions on how the deployments
> going to be. One type of depolyments I can think of is:
>
> Central gateway implementing Firewall/Virus Scanning
> engine and also terminting IPSec tunnels from local PCs and
> creating tunnels from the gateway to ultimate destination.
> By doing this, the gateway gets hold of clear packets, can
> apply firewall rules, scan and any other operations.

Too complex. IPSec will not be a tunnel in IPv6. What you have referred
to above, is just an ALG. Just ask Marcus :)

> What other types of deployments would be required/considered by
> organizations having IPv6 networks?

Broken ones? Where simple packet filtering will continue to be used, and
then they will throw good money at IPS rather than using the firewall
for what it was designed to do.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Peter Bruderer: "Re: [fw-wiz] Netscreen compatibility"
• In reply to: suren: "[fw-wiz] IPv6 and IPSec"
• Next in thread: Paul D. Robertson: "Re: [fw-wiz] IPv6 and IPSec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]