HW firewall for home that supports IPV6 PD of /48 or /56 with DHCPV6

/dev/null

/dev/null

[H]F Junkie
Joined
Mar 31, 2001
Messages
15,182
I have an Cisco asa 5505 and none support dhcpv6. Anyone have suggestions for a sub $500 firewall that do dhcpv6 on the wan interface with prefix delegation of /48 or /56?
 
You could look at the EdgeRouter, it could probably do.

Not sure why you want dhcpv6 on your router/firewall though...
 
MysticRyuujin said:
You could look at the EdgeRouter, it could probably do.

Not sure why you want dhcpv6 on your router/firewall though...
Click to expand...

i need to assign an address via dhcpv6 on my outside/wan interface as that is all comcast supports.
 
My guess is the OP is needing to accept a PD via DHCPv6 which the 5505 does not support.

The edge router will do it but you gotta take to cli to make it happen and then, how good a firewall is it really? OP could put the edge router in front of the ASA and use transparent firewalling...

A prebuilt or DIY pfsense box will do the job if that's an option you'd consider. Also, I'd be curious to see what Juniper has to offer. The 5505 is getting long in the tooth and Cisco really needs to release a refresh like they've already done for the rest of the line.
 
Ehren8879 said:
My guess is the OP is needing to accept a PD via DHCPv6 which the 5505 does not support.

The edge router will do it but you gotta take to cli to make it happen and then, how good a firewall is it really? OP could put the edge router in front of the ASA and use transparent firewalling...

A prebuilt or DIY pfsense box will do the job if that's an option you'd consider. Also, I'd be curious to see what Juniper has to offer. The 5505 is getting long in the tooth and Cisco really needs to release a refresh like they've already done for the rest of the line.
Click to expand...

I've got a 5505 in transparent mode now (it is free from work for testing). None of the 55xx support this AFAIK. I had multiple issues with pfsense (2.x) doing dhcpv6 where it would end up using 100% cpu when I enabled it. At that time it was a known bug. What juniper product should I be looking at?

Comcast either will send me a /64 or I can send a hint for a /56 & they should honor it. I need something that will send a hint, get the /56 and assign it.
 
OpenWRT supports all the IPv6 stuff you're asking for in the latest release. Buy any router supported by that version of OpenWRT. Personally I use an alix 2d13, works great.
 
Ehren8879 said:
The edge router will do it but you gotta take to cli to make it happen and then, how good a firewall is it really? OP could put the edge router in front of the ASA and use transparent firewalling...
Click to expand...

EdgeRouter uses iptables under the covers, it works fine as a firewall.
 
Robstar said:
I've got a 5505 in transparent mode now (it is free from work for testing). None of the 55xx support this AFAIK. I had multiple issues with pfsense (2.x) doing dhcpv6 where it would end up using 100% cpu when I enabled it. At that time it was a known bug. What juniper product should I be looking at?

Comcast either will send me a /64 or I can send a hint for a /56 & they should honor it. I need something that will send a hint, get the /56 and assign it.
Click to expand...

What router is at the edge of your network currently? A router capable of DHCPv6 with PD will receive a WAN /128 address and then assign the PD to its LAN interface(s) where then internal DHCPv6 or SLAAC can be used to configure clients and subnets amongst vlans.

If the 5505 remains transparent behind your router it should function fine as a v6 firewall.

In that case a router that supports OpenWRT will meet your needs. Unless you want something more business/enterprise-y.
 
The asa5505 is at the edge right now. I was hoping to keep a firewall/router/all-in-one as the edge rather than have two devices, if possible.
 
Not sure on comparable juniper models. Might be something in your price range and v6 PD is supported with the current junos I believe
 
I'm running an Electric Hurricane IPv6 tunnel on my EdgeRouter Lite, and it works great,
 
Ehren8879 said:
Not sure on comparable juniper models. Might be something in your price range and v6 PD is supported with the current junos I believe
Click to expand...

Juniper SRX220 or SRX210 is what you are looking for.

210 is slightly below, the 220 is slightly above the ASA5505
 
Robstar said:
I'm ordered one & have set it up. I kind of like it, although I haven't got the ipv6-pd working yet. I did get firewalling, interfaces, nat & policy-routing setup, however for ipv4.
Click to expand...

Can you report back if/when you have a chance to test PD?

I've been considering an ER for my network, but IPv6 compatibility is a big requirement before investing.
 
stevewm said:
Asus' RT series routers with the Merlin-Wrt firmware (https://www.mediafire.com/folder/bkfq2a6aebq68//Asuswrt-Merlin) specifically support Comcast's native IPv6 setup.
Click to expand...

Most current Netgear and Linksys consumer routers support it as well. With Netgear you still have the enable it, but with Linksys it's on by default.

with the afformentioned routers you're limited to a /64 as you're unable to send and hints. I don't know about the Merlin firmware, but if it's anything like OpenWRT you may be able to request a PD size greater than a single /64.
 
You must log in or register to reply here.
Back
Top