On Sat, Feb 17, 2024 at 10:22 AM Justin Streiner <strein...@gmail.com> wrote: > Getting back to the recently revised topic of this thread - IPv6 > uptake - what have peoples' experiences been related to > crafting sane v6 firewall rulesets in recent products from the > major firewall players (Palo Alto, Cisco, Fortinet, etc)?
Hi Justin, It's been years since I used anything other than Linux to build someone a firewall. It has such a superior toolset, not just for setting rules but for diagnosing things that don't work as expected. The COTS products aren't just painful for IPv6, they're painful for IPv4. I especially despised the Cisco PIX/ASA line. I did use Fortinet's WAF product for a while and it was okay. I only used it as a reverse proxy to a web server, and then only because it was a security compliance requirement for that project. Regards, Bill Herrin -- William Herrin b...@herrin.us https://bill.herrin.us/