[6bone] Security over IPv6 networks

Hank Nussbacher hank@att.net.il
Fri, 14 Mar 2003 08:12:06 +0200


At 12:38 AM 14-03-03 +0000, Tim Chown wrote:

Since it is based on Checkpoint's FP4 it will probably have these IPv6 
features:

- Dual stack IPv4 and IPv6 firewall running on either Solaris 8/9 or Nokia
IPSO 3.7
- IPv6 access control with accept/drop/reject/log actions.
- Simple TCP and UDP IPv6 services - http, telnet, ICMPv6, etc.
- IPv6 FTP service (active and passive)
- IPv6 Host and Network objects
- IPv6 & IPv4 objects in rulebase. Mixing of IPv6 and IPv4 objects is
allowed in the rulebase.
- IPv6 logging and IPv6 filters
- Implied rules for enabling traffic needed for IPv6 discovery
- IPv6 fragments

It will not have yet these features:
- Anti spoofing
- Boot policy
- NAT
- VPN
- IPv6 rules with resources (Security Servers)
- IPv6 addresses resolving in SmartView tracker
- IPv6 option headers other than fragmentation

-Hank

>When will it be available of the shelf, and where's the spec of the
>functionality?  (Very keen as a potential buyer with money in the bank :)
>
>Tim
>
>On Thu, Mar 13, 2003 at 12:15:02PM -0800, David Kessens wrote:
> >
> > Tim,
> >
> > On Thu, Mar 13, 2003 at 02:10:30PM +0000, Tim Chown wrote:
> > >
> > > Does anyone know if the Nokia firewalls will also be on the same path 
> soon?
> >
> > Yes - I already have a beta version of the IPv6 Checkpoint/IPSO Nokia
> > firewall in my network.
> >
> > David K.
> > ---
> > _______________________________________________
> > 6bone mailing list
> > 6bone@mailman.isi.edu
> > http://mailman.isi.edu/mailman/listinfo/6bone
>_______________________________________________
>6bone mailing list
>6bone@mailman.isi.edu
>http://mailman.isi.edu/mailman/listinfo/6bone