Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Quiet
From: David Hills <list () chippo net nz>
Date: Tue, 24 Jun 2014 14:05:28 +1200

Okay, I'll bite.

Thoughts on IPv6?
You mean you aren't doing this yet? You're still using Windows XP and Fax
as well, right?

Platforms like the XBox One are already using IPv6 almost exclusively for
P2P communications. Even my 3 year old printer which barely does WiFi
reached out for DHCPv6 and gave itself an IP address when V6 was turned on
at home.

Thoughts on "Cloud Firewalls?"
I always use Cloud firewalls to protect my cloud assets. Otherwise those
cloud bad actors might cloud my cloud product.

My real IT though, uses real firewalls. Physical, Virtual, On-Site or in
the Datacenter, frankly I don't care. But being "VMX" doesn't make you
partly cloudy with a chance of rain.

Thoughts on Web Application Firewalls?
If they serve a purpose, SURE! They make great SSL offloadning and Load
Balancing appliances. Wherever I can use the PCIDSS budget from the
security team to make my customer experience better, that can't be a bad
thing, right?

Doesn't reduce the need for good code and server patching though.

1. Have any of you used the IPv6 IPSEC equivalent yet?  Tunnel or
transport mode?  Vendor hardware?  Difficulties?
Vendors that don't have IPv6 hardware in at least their ISP / Datacenter
products are probably looking at some hard times ahead. Most of the u

2.  I've pondered a cloud based service for web acceleration/filtering.
 Perhaps it would use Riverbeds for bandwidth optimization via compression,
dedupe, etc....?  Anything like that out there?
CloudFlare? Akamai? I think the Microsoft Azure CDN even offers much of
this. The advantage in context for this list? Takes your IPv4 only
Datacenter provider and makes your website IPv6 without you evening
noticing. Woo!

3.  If it doesn't do WAP, then it's an old fashioned firewall--and quite
possibly obsolete.  These days, the firewall has to encompass the whole
stack (except layer 8--the user).  I guess you could make specific cases
like for networks that don't exchange HTTP/S traffic.  But seriously, if
your firewall doesn't understand the protocols it is passing, if it doesn't
enforce RFCs to some extent, if it doesn't do sanity checking on bounds,
and true protocol inspection... then what is it doing?  :-)
UInless you've been asleep and you're still buying Cisco - all the big
network security vendors have moved to this model. Fortinet barely
advertise themselves as being a firewall anymore, it's all about
"Application Control". In their case, they also have full parity in their
UTM between both IPv4 and IPv6.

It's a brave new world.

So, my question then - Who's doing VoIP over IPv6? Are you seeing
advantages once we get NAT out of the way?


On 24 June 2014 05:16, Paul D. Robertson <paul () compuwar net> wrote:

It's quiet here- I'd like to stir up some discussion...

Thoughts on IPv6?
Thoughts on "Cloud Firewalls?"
Thoughts on Web Application Firewalls?

firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
  • Quiet Paul D. Robertson (Jun 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]