NetScreen Technologies has released a beta version of
firewall and virtual private network software
supporting IPv6, the next-generation network layer
protocol for the internet offering a far larger number of host
addresses.
ScreenOS, the software for NetScreen's integrated firewall and
VPN platforms, can detect and secure traffic which uses either IPv6
or IPv4, the existing cersion of IP, automatically. The beta
release is free to existing NetScreen customers.
IPv6 is not yet necessary for networks in North America, where
IP addresses are relatively plentiful, but is likely to be needed
soon in some Asian countries and for advanced applications such as
mobile data services and voice over IP, according to Dave Kosiur,
an analyst at The Burton Group.
A number of network routers from Cisco and other companies are
capable of handling traffic with IPv6 addresses, but the story
doesn't necessarily end there for network administrators.
"You don't need to have a firewall that routes IPv6 to run IPv6.
However, the way networks are run today, it's out of the question
to do it without security," said Alan Bavosa, a NetScreen product
manager.
Some enterprises and service providers that last year were
starting to use IPv6 were concerned that there were few security
tools, including firewalls, available for it. Another concern was
that because IPv6 would allow each system to have a unique IP
address, a hacker might be able to target a specific system in an
enterprise for attack.
The latest ScreenOS release provides encryption and firewall
capabilities, as well as protection against denial of service
attacks, for IPv6 traffic. It can encapsulate IPv6 traffic in IPv4,
allowing enterprises or service providers to operate an IPv6
network across a backbone that has not been configured to handle
the new kinds of packets, Bavosa said.
NetScreen expected to introduce a version of the IPv6-compatible
ScreenOS for pilot production networks, which will include more
advanced IPv6 features, in the first half of next year. A version
for production environments is expected in the second half of next
year. Prices have not yet been set.
Only last month Cisco Systems laid out plans to add packet
filtering of IPv6 to its software and hardware firewall products in
the first half of next year, and last October, Check Point Software
Technologies introduced IPv6 support for its software with the
release of Check Point VPN-1/FireWall-1 Next Generation, Feature
Pack 3.
Stephen Lawson writes for IDG News
Service