The Juniper ScreenOS firewall is one of the seldom firewalls that implements DHCPv6 Prefix Delegation (DHCPv6-PD). It therefore fits for testing my dual stack ISP connection from Deutsche Telekom, Germany. (Refer to this post for details about this dual stack procedure.)
It was *really* hard to get the correct configuration in place. I was not able to do this by myself at all. Also Google did not help that much. Finally, I opened a case by Juniper to help me finding the configuration error. After four weeks of the opened case, I was told which command was wrong. Now it’s working. ;) Here we go.
Continue reading Juniper ScreenOS: DHCPv6 Prefix Delegation
When explaining IPv6 I am always showing a few Wireshark screenshots to give a feeling on how IPv6 looks like. Basically the stateless autoconfiguration feature (SLAAC), DHCPv6, Neighbor Discovery, and a simple ping should be seen/understood by any network administrator before using the new protocol.
Therefore I captured the basic IPv6 autoconfiguration with a Knoppix Linux behind a Telekom Speedport router (German ISP, dual-stack) and publish this capture file here. I am using this capture to explain the basic IPv6 features.
Continue reading Basic IPv6 Messages: Wireshark Capture
Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration capabilities, they vary significantly.
Here comes my short evaluation of the IPv6 functions on the following four firewalls: Cisco ASA, Fortinet FortiGate, Juniper SSG, and Palo Alto.
Continue reading Firewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo
with this post I want to publish my own master thesis which I finished on February 2013 about the topic “IPv6 Security Test Laboratory”. (I studied the Master of IT-Security at the Ruhr-Uni Bochum.) I explained many IPv6 security issues in detail and tested three firewalls (Cisco ASA, Juniper SSG, Palo Alto PA) against all these IPv6 security attacks.
[UPDATE]Before reading the huge master thesis, this overview of IPv6 Security may be a good starting point for IPv6 security issues.[/UPDATE]
Continue reading IPv6 Security Master Thesis