Re: [fw-wiz] IPv6

There is much additional complexity in IPv6 regardless of security
architecture. And IPSec being "built in" is irreverent to the debate.

Outside of our government contracts - not even remotely thinking about
IPv6. Maybe in a few more years.


On Sun, Dec 26, 2010 at 2:20 PM, Devdas Bhagat <dvb@xxxxxxxxxxxxxxxxxxxxx>wrote:

On Sun, Dec 26, 2010 at 11:56:45AM -0500, Paul D. Robertson wrote:
Is anyone doing anything interesting with v6 and firewalls? We're
supposedly coming up on the year that v6 will break out, and most
organizations I know still don't even route it.

I am looking to start announcing IPv6 early next month. At this point,
Linux and *BSD boxes support IPv6 in their firewall rulesets.

There really shouldn't be much additional complexity with IPv6 in
any good security architecture. It's just another routed protocol,
with longer addresses and IPSec built in.

At the beginning though, we are likely to see simple IPv6 routing
with no AH/ESP.

What will be infinitely more interesting will be the combinations
of IPv4 to IPv6 mapping/NATing/routing which will happen.

Devdas Bhagat
firewall-wizards mailing list

Tim Shea, CISSP
firewall-wizards mailing list

Relevant Pages