[6bone] Security over IPv6 networks
Hank Nussbacher
hank@att.net.il
Mon, 17 Mar 2003 09:21:26 +0200
At 12:30 PM 14-03-03 -0800, David Carmean wrote:
The response I got back from Checkpoint IPv6 development was "Yes. We have
that ability, but we don't do this by ourselves - we rely on the OS to do
the tunneling. If the machine is the endpoint of IPv6 traffic encapsulated
in IPv6 tunnel (IPv4 protocol number 41), we are able to inspect both IPv6
and IPv4 packets."
Hope that helps,
-Hank
>Do you know if/think it will have the ability to be a tunnel endpoint?
>
>
>
>On Fri, Mar 14, 2003 at 08:12:06AM +0200, Hank Nussbacher wrote:
> > At 12:38 AM 14-03-03 +0000, Tim Chown wrote:
> >
> > Since it is based on Checkpoint's FP4 it will probably have these IPv6
> > features:
> >
> > - Dual stack IPv4 and IPv6 firewall running on either Solaris 8/9 or Nokia
> > IPSO 3.7
> > - IPv6 access control with accept/drop/reject/log actions.
> > - Simple TCP and UDP IPv6 services - http, telnet, ICMPv6, etc.
> > - IPv6 FTP service (active and passive)
> > - IPv6 Host and Network objects
> > - IPv6 & IPv4 objects in rulebase. Mixing of IPv6 and IPv4 objects is
> > allowed in the rulebase.
> > - IPv6 logging and IPv6 filters
> > - Implied rules for enabling traffic needed for IPv6 discovery
> > - IPv6 fragments
> >
> > It will not have yet these features:
> > - Anti spoofing
> > - Boot policy
> > - NAT
> > - VPN
> > - IPv6 rules with resources (Security Servers)
> > - IPv6 addresses resolving in SmartView tracker
> > - IPv6 option headers other than fragmentation
> >
> > -Hank
> >
> > >When will it be available of the shelf, and where's the spec of the
> > >functionality? (Very keen as a potential buyer with money in the bank :)
> > >
> > >Tim
> > >
> > >On Thu, Mar 13, 2003 at 12:15:02PM -0800, David Kessens wrote:
> > > >
> > > > Tim,
> > > >
> > > > On Thu, Mar 13, 2003 at 02:10:30PM +0000, Tim Chown wrote:
> > > > >
> > > > > Does anyone know if the Nokia firewalls will also be on the same
> path
> > > soon?
> > > >
> > > > Yes - I already have a beta version of the IPv6 Checkpoint/IPSO Nokia
> > > > firewall in my network.
> > > >
> > > > David K.
> > > > ---
> > > > _______________________________________________
> > > > 6bone mailing list
> > > > 6bone@mailman.isi.edu
> > > > http://mailman.isi.edu/mailman/listinfo/6bone
> > >_______________________________________________
> > >6bone mailing list
> > >6bone@mailman.isi.edu
> > >http://mailman.isi.edu/mailman/listinfo/6bone
> >
> > _______________________________________________
> > 6bone mailing list
> > 6bone@mailman.isi.edu
> > http://mailman.isi.edu/mailman/listinfo/6bone