Hey Joe, I don't know how next-gen they'd be considered, but I've had reasonably good luck with Cisco ASA (v9+), and to a lesser degree Juniper ScreenOS (v6.3+). Modern-ish ASA does v6-only pretty well; ScreenOS has more v4-dependent nuances, that I've found.
I do like the NAT64 support in ASA (although it sadly doesn't support the Well-Known Prefix) -- no love in ScreenOS, as far as I've ever found. - Jima > On Apr 2, 2018, at 16:58, Joe Klein <jskl...@gmail.com> wrote: > > All, > > At security and network tradeshows over the last 15 years, I have asked > companies if their products supported "IPv6". They all claimed they did, > but were unable to verify any successful installations. Later they told me > it was on their "Roadmap" but were unable to provide an estimated year, > because it was a trade secret. > > Starting this last year at BlackHat US, I again visited every product > booth, asking if their products supported dual-stack or IPv6 only > operations. Receiving only the same unsupported answers, I decided to focus > on one product category. > > To the gurus of the NANOG community, What are your experiences with > installing and managing Next Generations firewalls? Do they support IPv6 > only environments? Details? Stories? > > If you prefer not to disparage those poor product companies, please contact > me off the list. > > Thanks, > > Joe Klein > > "inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1) > PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8
