Just don't plan on using dhcp-pd on any of those anytime soon. My understanding is that it is not even on the roadmap or even considered to have a need for it even though people have been wanting it for quite a while.
Robert -----Original Message----- From: NANOG <nanog-boun...@nanog.org> On Behalf Of Adam Kennedy via NANOG Sent: Wednesday, April 4, 2018 11:27 AM To: NANOG list <nanog@nanog.org> Subject: Re: NG Firewalls & IPv6 We've deployed about a dozen Sophos SG and XG firewalls with IPv6 on WAN, LAN and VPN with great success. The XG is the firmware with the more modern appearance and a couple latest-gen features. But the SG is just as "next gen" and still has good IPv6 capability. -- Adam Kennedy, Network & Systems Engineer adamkenn...@watchcomm.net *Watch Communications* (866) 586-1518 On Wed, Apr 4, 2018 at 1:44 AM, Jima <na...@jima.us> wrote: > Hey Joe, > > I don't know how next-gen they'd be considered, but I've had > reasonably good luck with Cisco ASA (v9+), and to a lesser degree > Juniper ScreenOS (v6.3+). Modern-ish ASA does v6-only pretty well; > ScreenOS has more v4-dependent nuances, that I've found. > > I do like the NAT64 support in ASA (although it sadly doesn't support > the Well-Known Prefix) -- no love in ScreenOS, as far as I've ever found. > > - Jima > > > On Apr 2, 2018, at 16:58, Joe Klein <jskl...@gmail.com> wrote: > > > > All, > > > > At security and network tradeshows over the last 15 years, I have > > asked companies if their products supported "IPv6". They all claimed > > they did, but were unable to verify any successful installations. > > Later they told > me > > it was on their "Roadmap" but were unable to provide an estimated > > year, because it was a trade secret. > > > > Starting this last year at BlackHat US, I again visited every > > product booth, asking if their products supported dual-stack or IPv6 > > only operations. Receiving only the same unsupported answers, I > > decided to > focus > > on one product category. > > > > To the gurus of the NANOG community, What are your experiences with > > installing and managing Next Generations firewalls? Do they support > > IPv6 only environments? Details? Stories? > > > > If you prefer not to disparage those poor product companies, please > contact > > me off the list. > > > > Thanks, > > > > Joe Klein > > > > "inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, > > Scene > 1) > > PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8 >
