Hi Alan, Gert,
first of all - thanks for sharing!
On Fri, 9 Oct 2009, Alan Buxey wrote:
@all: does everyone (who does deal with firewalls+IPv6) have also the
almost identical IPv4 and IPv6 policies ?
pretty much so - why would the policy be any different? incoming port 80
E.g. if someone has the applications that they know are IPv4-only,
depending on the security policy one might either keep both v6 and v4
ports open, or only v4. I've seen much more v4-only policies than v4+v6,
so wanted to get a better picture.
traffic to a web server is same whether its v4 or v6 - the target must
be known and checked. likewise outgoing customer traffic etc. its just
a new way of delivering the same TCP/UDP data after all.
the only different we have is with respect to allowed multicast and ICMP
as IPv6 uses a lot of that to function properly :-)
Indeed. :-)
kind regards,
andrew
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/