RE: NG Firewalls & IPv6

[Robert Webb <rwebb () ropeguru com>]

Really?? I was looking to install and use as a vm to test with and everything I was reading said it was not implemented 
and was not on the horizon.

Only version I found from Sophos that was capable was the old Astaro version. I may have to take a second look.

Do you have any links to the configuration from their site you could send off list? Or on list if anyone else is 
interested.

Thanks,
Robert

-----Original Message-----
From: NANOG <nanog-bounces () nanog org> On Behalf Of Adam Kennedy via NANOG
Sent: Thursday, April 5, 2018 11:46 AM
To: NANOG list <nanog () nanog org>
Subject: Re: NG Firewalls & IPv6

We've been using DHCP-PD with Sophos SG/XG on a couple Comcast connections and it works fine. It will even go through 
all your firewall objects and automatically change the IPv6 prefix from the old to new if the prefix from PD changes.

--

Adam Kennedy, Network & Systems Engineer

adamkennedy () watchcomm net

*Watch Communications*

(866) 586-1518





On Wed, Apr 4, 2018 at 2:41 PM, Chuck Anderson <cra () wpi edu> wrote:

> Also, IPv6 BGP support was only introduced in PanOS 8.  But everything 
> works fine here too.
>
> On Wed, Apr 04, 2018 at 10:47:45AM +0000, Dan Kitchen wrote:
> > We run PaloAlto dual stack with no problems at all, that’s full 
> > dynamic
> routing with OSPF and BGP, web filtering, IPS, VPN access using 
> GlobalProtect, etc.
> > I must admit GlobalProtect IPv6 support was only introduced in PanOS 
> > 8
> which was a little late in my opinion – but it was delivered and works.
> > Dan Kitchen
> > Managing Director
> > razorblue | IT Solutions for Business
> >
> > ddi:0330 122 7143 |  t: 0333 344 6 344 | e: dkitchen () razorblue com
> <mailto:dkitchen () razorblue com> | w: razorblue.com
> > Legal and address information for all Razorblue Group companies can 
> > be
> found
> > at www.razorblue.com/contact.
> >
> > From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Joe Klein
> > Sent: 02 April 2018 23:58
> > To: NANOG list <nanog () nanog org>
> > Subject: NG Firewalls & IPv6
> >
> > WARNING: This e-mail originated from outside the Razorblue Group
> corporate network
> > All,
> >
> > At security and network tradeshows over the last 15 years, I have 
> > asked companies if their products supported "IPv6". They all claimed 
> > they did, but were unable to verify any successful installations. 
> > Later they told
> me
> > it was on their "Roadmap" but were unable to provide an estimated 
> > year, because it was a trade secret.
> >
> > Starting this last year at BlackHat US, I again visited every 
> > product booth, asking if their products supported dual-stack or IPv6 
> > only operations. Receiving only the same unsupported answers, I 
> > decided to
> focus
> > on one product category.
> >
> > To the gurus of the NANOG community, What are your experiences with 
> > installing and managing Next Generations firewalls? Do they support 
> > IPv6 only environments? Details? Stories?
> >
> > If you prefer not to disparage those poor product companies, please
> contact
> > me off the list.
> >
> > Thanks,
> >
> > Joe Klein