North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Cool IPv6 Stuff
Sander Steffann wrote: Hi,I think that rather than attempting to educate their customers about security firewall vendors will probably just sell a NAT capable IPv6 firewall. It's the path of least resistance to profit. (A lot of mainstream vendors have helped push the idea that NAT is synonymous with firewalling. Take the Cisco PIX as an example, where up until very recently you had to configure NAT to allow traffic through the device.) Even people I have spoken that understand the difference between firewalling/reachability and NATing are still in favour of NAT. The argument basically goes "Yes, I understand that have a public address does not neccessarily mean being publically reachable. But having a private address means that [inbound] public reachability is simply not possible without explicit configuration to enable it". i.e. NAT is seen as a extra layer of security. I want NAT to die but I think it won't. S
|