IPv6 is the writing on the firewall.
If there's any enterprise UTM firewall that's ready to be used to support IPv6, the Nokia IP290 running Nokia's IPSO operating system and Check Point's VPN-1 firewall software are definitely it. Nokia's strong IPv6 support includes interfaces on the platform, dynamic routing using RIP next generation (RIPng) and OSPF v3, and several types of tunneling. Add to this Check Point's support for IPv6 in firewall rules, in its SmartDefense IPS and in its SmartDashboard GUI, and the result is a usable IPv6 firewall.
Crossbeam, IBM, and Check Point's own UTM appliances are based on Check Point'sSecure Platform, which has limited support for IPv6 at this time, requiring considerable manual configuration and an additional (free) license. Check Point fans who want to explore IPv6 should keep an eye on Secure Platform, but should start with the Nokia IPSO platform, which has a greater commitment to IPv6 support at this time.
Next up in the IPv6 capability level is Juniper, which includes IPv6 support in the latest versions of its ScreenOS software. Juniper's IPv6 support is slightly more limited than Nokia's, offering RIPng only for dynamic routing. The big "gotcha" with Juniper's IPv6 support is that you can't get at it using the company's centralized management tool, NetScreen Security Manager. In fact, it's worse than that: You must disable IPv6 on the security gateway in order for NetScreen Security Manager to properly manage the gateway.
This means that IPv6 support in Juniper firewalls, at this point, is limited to either local Web-based GUI configuration or command-line control.
Cisco's ASA5540 and Fortinet's FortiGate firewalls both have IPv6 support, but it is visible only via the local command-line interface. Cisco's IPv6 support includes not only interfaces with IPv6 addresses and IPv6 firewall rules, but also firewall inspection of FTP, HTTP, ICMP, SMTP, TCP and UDP traffic running over IPv6. At this time, Cisco doesn't include any IPv6 dynamic-routing protocols in the ASA firmware. Fortinet's FortiGate software includes support for IPv6 similar to Cisco's, with configuration capabilities also limited to the command-line interface.
Secure Computing's Sidewinder, SonicWall's SonicOS, WatchGuard's Firebox X Peak, IBM/ISS' Proventia MX5010 and Astaro's ASG don't support IPv6 at this time.
Read related articles:
Check Point UTM management falters; Cisco, Juniper gain
UTM performance takes a hit
Juniper, Cisco all-in-1 devices hit on intrusion-prevention
VPN capabilities vary widely across UTM firewall devices
Tracking UTM high availability
A closer look at UTM hardware architecture
UTMs require routing for flexibility's sake
Watts up with power consumption?
AV's place is not in the all-in-one security box
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Customer Experience Management: Improving the Consistency and Quality of Customer Interactions
Reducing the risk of insider abuse
Wireless LANs: Is My Enterprise At Risk?
How to Pick the Best Master Data Management Solution for Your Organisation
5 steps to getting started with data loss prevention
Best Practices in Lifecycle Management
Technology Requirements for a Successful Master Data Exchange
Top 10 Ways to Increase IT ROI Without Adding Staff
Zones provide focussed content from Computerworld and leading technology partners.
Comments
Post new comment