Search .SE

Registrations

Today 437
Total 961599

Domain and contact search

  • Is the domain available?
  • Domain holder?
  • Contact search (contact-ID)

Tests: IPv6 support works well in firewalls

2009-11-03

Recently, the risk of hidden IPv6 traffic that can pass unnoticed through firewalls lacking IPv6 support has been pointed out. This makes it a good idea for all businesses to look into firewalls supporting IPv6. To get people started, .SE (The Internet Infrastructure Foundation) is publishing a test report about firewalls available on the market today.

The addresses in the old Internet protocol IPv4 are running out. The solution to this problem is IPv6 but, so far, most people are not yet ready to put in the work necessary for implementing the new protocol. Today, however, many computers and other equipment are delivered with support for IPv6 turned on. Therefore, there is a risk that malevolent Internet users exploit the lacking security for IPv6 traffic. For example, it could be used as a way to get inside a company’s firewalls and hijack computing capacity for so-called botnets. 

“You can actually have IPv6 traffic in your network without having planned for it. That’s why all organisations should look into this and establish an IPv6 policy. One solution is to shut down IPv6 completely in your network, but within a not too distant future we will all need to be reachable also via IPv6. Therefore, my advice is to revise your firewalls and start working on implementing IPv6 already now,” says Håkan Lindberg of B3IT, who has written the report together with IDG’s Tomas Gilså.

As fast and mature as IPv4

The report IPv6 support in firewalls – workshop 2009 presents results and conclusions from a test workshop organised by .SE in September 2009. The purpose of the testing was to establish the status of IPv6 readiness among vendors. Apart from tests of IPv6 traffic, a mixed IPv4/IPv6 environment was also included in the testing. All the tested firewalls from six different vendors – Checkpoint, Cisco, Fortinet, H3C, Halon and Juniper – worked well. IPv6 could be handled through the graphic user interface for the firewalls and found in the logs. The conclusion is that IPv6 is as fast as IPv4 and practically as mature, at the basic level.

Set-up available for tests

The workshop was not only a way of testing firewalls, but also an excellent way for the participants to get some hands-on experience. IPv6 is different from IPv4 and you can’t just copy the same settings and policies that are used in IPv4. To give others the opportunity of using it as well, the workshop test set-up is available at .SE for testing and verification also after this specific workshop. Anyone interested can feel free to contact .SE via ipv6@iis.se.

The full report IPv6 support in firewalls – workshop 2009 can be downloaded at http://www.iis.se/docs/IPv6-firewalls.pdf

For more information, please contact:
Maria Ekelund, head of PR and information at .SE
Phone: +46-8-452 35 27, +46-70-777 44 87
E-mail: maria.ekelund@iis.se

Jörgen Eriksson, project manager for IPv6 at .SE
Phone: +46-8-452 35 36, +46-708-48 96 00
E-mail: jorgen.eriksson@iis.se

About .SE
.SE  (The Internet Infrastructure Foundation) is an independent utility that acts to promote positive development of the Internet in Sweden. .SE is responsible for the Internet´s Swedish top-level domain, .se, encompassing domain name registration and administration, as well as the technical operation of the national domain name register. Profits from domain name registrations are used to support projects that contribute to Internet development in Sweden. For more information, see www.iis.se

Puff för publikationer

News