IPv6 is the writing on the firewall.
If there's any enterprise UTM firewall that's ready to be used to support IPv6, the Nokia IP290 running Nokia's IPSO operating system and Check Point's VPN-1 firewall software are definitely it. Nokia's strong IPv6 support includes interfaces on the platform, dynamic routing using RIP next generation (RIPng) and OSPF v3, and several types of tunneling. Add to this Check Point's support for IPv6 in firewall rules, in its SmartDefense IPS and in its SmartDashboard GUI, and the result is a usable IPv6 firewall.
Crossbeam, IBM, and Check Point's own UTM appliances are based on Check Point'sSecure Platform, which has limited support for IPv6 at this time, requiring considerable manual configuration and an additional (free) license. Check Point fans who want to explore IPv6 should keep an eye on Secure Platform, but should start with the Nokia IPSO platform, which has a greater commitment to IPv6 support at this time.
Next up in the IPv6 capability level is Juniper, which includes IPv6 support in the latest versions of its ScreenOS software. Juniper's IPv6 support is slightly more limited than Nokia's, offering RIPng only for dynamic routing. The big "gotcha" with Juniper's IPv6 support is that you can't get at it using the company's centralized management tool, NetScreen Security Manager. In fact, it's worse than that: You must disable IPv6 on the security gateway in order for NetScreen Security Manager to properly manage the gateway.
This means that IPv6 support in Juniper firewalls, at this point, is limited to either local Web-based GUI configuration or command-line control.
Cisco's ASA5540 and Fortinet's FortiGate firewalls both have IPv6 support, but it is visible only via the local command-line interface. Cisco's IPv6 support includes not only interfaces with IPv6 addresses and IPv6 firewall rules, but also firewall inspection of FTP, HTTP, ICMP, SMTP, TCP and UDP traffic running over IPv6. At this time, Cisco doesn't include any IPv6 dynamic-routing protocols in the ASA firmware. Fortinet's FortiGate software includes support for IPv6 similar to Cisco's, with configuration capabilities also limited to the command-line interface.
Secure Computing's Sidewinder, SonicWall's SonicOS, WatchGuard's Firebox X Peak, IBM/ISS' Proventia MX5010 and Astaro's ASG don't support IPv6 at this time.
Read related articles:
Check Point UTM management falters; Cisco, Juniper gain
UTM performance takes a hit
Juniper, Cisco all-in-1 devices hit on intrusion-prevention
VPN capabilities vary widely across UTM firewall devices
Tracking UTM high availability
A closer look at UTM hardware architecture
UTMs require routing for flexibility's sake
Watts up with power consumption?
AV's place is not in the all-in-one security box
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Solve Exchange Mailbox Storage Issues Once and for All
Gaining Competitive Advantage Through Enterprise Planning
The state of Middleware
Taking On Demand CRM Integration to the Next Level
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
How to improve employee productivity in small and medium businesses
CRM your salespeople will love
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
FrontRange Solutions launches HEAT Plus Mobile to reduce help desk costs and improve service management productivity 2008-12-02 15:15:00+11
AARNet Helps to Advance Indigenous Health 2008-12-02 12:44:00+11
Orbis selects Telstra International as its data centre partner for the UK, Europe and Middle East Region 2008-12-02 11:23:00+11
ComOps Deploys Corporate Performance Reporting Solution For Healthcare Test Manufacturer 2008-12-02 10:09:00+11
Mornington Peninsula Shire implements Objective to manage knowledge and deliver service excellence 2008-12-02 09:56:00+11
How to Beef Up Your Sales Pipeline
Our economy may be heading towards a recession. Sales rates are dropping. Promotional campaigns are proving less effective than you would like. So how do you continue to grow your business and bring home the sales in such an environment? Download this white paper now to find the answers.
Buying Guides
Latest Products
Buying Guides
