NetScreen puts IPv6 in firewall beta

NetScreen Technologies has released a beta version of firewall and virtual private network software supporting IPv6, the...

NetScreen Technologies has released a beta version of firewall and virtual private network software supporting IPv6, the next-generation network layer protocol for the internet offering a far larger number of host addresses.

ScreenOS, the software for NetScreen's integrated firewall and VPN platforms, can detect and secure traffic which uses either IPv6 or IPv4, the existing cersion of IP, automatically. The beta release is free to existing NetScreen customers.

IPv6 is not yet necessary for networks in North America, where IP addresses are relatively plentiful, but is likely to be needed soon in some Asian countries and for advanced applications such as mobile data services and voice over IP, according to Dave Kosiur, an analyst at The Burton Group.

A number of network routers from Cisco and other companies are capable of handling traffic with IPv6 addresses, but the story doesn't necessarily end there for network administrators.

"You don't need to have a firewall that routes IPv6 to run IPv6. However, the way networks are run today, it's out of the question to do it without security," said Alan Bavosa, a NetScreen product manager.

Some enterprises and service providers that last year were starting to use IPv6 were concerned that there were few security tools, including firewalls, available for it. Another concern was that because IPv6 would allow each system to have a unique IP address, a hacker might be able to target a specific system in an enterprise for attack.

The latest ScreenOS release provides encryption and firewall capabilities, as well as protection against denial of service attacks, for IPv6 traffic. It can encapsulate IPv6 traffic in IPv4, allowing enterprises or service providers to operate an IPv6 network across a backbone that has not been configured to handle the new kinds of packets, Bavosa said.

NetScreen expected to introduce a version of the IPv6-compatible ScreenOS for pilot production networks, which will include more advanced IPv6 features, in the first half of next year. A version for production environments is expected in the second half of next year. Prices have not yet been set.

Only last month Cisco Systems laid out plans to add packet filtering of IPv6 to its software and hardware firewall products in the first half of next year, and last October, Check Point Software Technologies introduced IPv6 support for its software with the release of Check Point VPN-1/FireWall-1 Next Generation, Feature Pack 3.

Stephen Lawson writes for IDG News Service

Read more on IT operations management and IT support