Re: [afripv6-discuss] IPv6 on NetASQ firewall U450-A‏

Nishal Goburdhan ndg at ieee.org
Thu Jul 25 12:56:32 SAST 2013


On 24 Jul 2013, at 1:41 PM, sara at suin.edu.sd wrote:

> Hi every one

hi sara,

> I'm looking for some helping in getting some equipment in our network IPv6 enabled. 
> 
> In our organisation we have a NetASQ firewall U450-A. Software version 9.0.1.
> And, of course, we want to enable IPv6 on it, os that we can connect the rest of our network...
> We already know that IPv6 Routing of IPv6 packets is now supported on this software version, but this option appears to be disabled by default and can only be configured in the CLI.
> I'm not certain of the best approach to doing this; one thing that worries me, is that hacking around in the CLI might not necessarily produce the results that we need.
> 
> I've written to the NetASQ support team twice now for assistance, as I can't seem to find any documentation online to support what I'd need.
> Sadly, they have not responded yet.
> So, I thought I'd reach out to the community for assistance. 
> Does anyone have here have contacts at NetASQ, or experience using this device for IPv6 ?

i don't.  and i agree - it's probably not a good idea to chance the CLI without vendor assistance, as future upgrade could easily nullify your work.
i don't have experience with that, and, sadly, don't know anyone that has, either.

what i could suggest:
* do you have a spare device like this, that you can run tests on?  that sounds obvious, but if you do, and if you can get it online in some sort of controlled lab environment, perhaps the good folks here can assist.  i know a few folks that wouldn't mind poking around on new/different hardware...
* my google-fu says that 9.0.1 is the last version of code for your platform;  i'm *always* wary of advising folks to use the "newest and greatest" in their production environments.  operational clue says that you let this bake in for a while before use.  in your case, my worry for you would be that there doesn't seem to be a later release available for you;  so if you do run into a service affecting problem, you don't have any other recourse. 

it's disappointing that your vendor isn't responding.  have you tried your reseller (the person you purchased this from) ? 
(i wonder if vendors truly realise the detriment that they create through non-support in today's well-connected society :-/)

my usual rule of:  vote with your wallet, is probably useful to apply here  ;-)
have you considered an alternative - say FreeBSD + pf, or is that not an option? 


--n.


More information about the afripv6-discuss mailing list