I probably could arrange for a Linux box strapped to our FWSM in a v6 environment[1] to be made available to NetCitadel as we have about 20 spare contexts floating around that could be used for experimentation. I hope it would give the developers an opportunity to fix up and make more functional the v4 support and see if there is a way to work with the multiple context functionality[2]?
Bear in mind, the FWSM apparently only does IPv6 filtering in software and is a general pain in the rear so the OP should be planning to set fire to the blades and pushing them out of a top floor window. One problem I ran into is that you cannot use protocol groups and logging rules together, plus RPF looks like a no-go; unless you do not mind all your logs filling up with grumblings that fe80::/10 -> ip6-multicast is 'hacking' you :-/
Cheers
[1] due to contraints in the FWSM, only non-SCP access could be granted :(
[2] straight vanilla SCP is not available as only SCP to a single global context (which dumps things in disk:/). You then log in, *change* context and then 'copy disk:/foobar.fw running-config'. Currently I am using the FWSM functionality in non-SCP mode, but working on an external helper script to sort it out properly
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I probably could arrange for a Linux box strapped to our FWSM in a v6 environment[1] to be made available to NetCitadel as we have about 20 spare contexts floating around that could be used for experimentation. I hope it would give the developers an opportunity to fix up and make more functional the v4 support and see if there is a way to work with the multiple context functionality[2]?
Bear in mind, the FWSM apparently only does IPv6 filtering in software and is a general pain in the rear so the OP should be planning to set fire to the blades and pushing them out of a top floor window. One problem I ran into is that you cannot use protocol groups and logging rules together, plus RPF looks like a no-go; unless you do not mind all your logs filling up with grumblings that fe80::/10 -> ip6-multicast is 'hacking' you :-/
Cheers
[1] due to contraints in the FWSM, only non-SCP access could be granted :(
[2] straight vanilla SCP is not available as only SCP to a single global context (which dumps things in disk:/). You then log in, *change* context and then 'copy disk:/foobar.fw running-config'. Currently I am using the FWSM functionality in non-SCP mode, but working on an external helper script to sort it out properly