IPV6 and Pix firewalls

Posted on 2011-04-20
Last Modified: 2012-05-11
I need an expert opinion not just regurgitated facts.

Will Pix firewalls be able to handle the increased traffic generated from IPv6 traffic? So for example

If I am using a 515 Pix for my small business, I know I don't have a lot of traffic maybe 10k users are logged on at a time due to multiple website hosting.
Will the 515 Pix handle the IPV6 or would you think the next best thing would be to upgrade to an ASA-5510?

The 515 has served my company well and of course it's a logical step in the upgrade direction, but is it really needed?
Question by:NetNinja
    LVL 24

    Accepted Solution

    The PIX 515 has a performance pps limitation of 40000 packets per second @ 64 byte packets with a firewall forwarding rate of 190Mbps. Where are you at now in relations to this information with IPv4. IPv6 adds an additional  overhead of 20 bytes; so at 64 byte packets you will have much more of a less efficient packet. so your max pps at 64bytes will be much less, maybe more around 32000 pps with IPv6; however, utilizing 1500 byte packets, you will be able to get the same performance of around 15000 pps for both IPv4 and IPv6 (note the 15k came from 190000000/8/1500). So to be honest, you need to gather additional information and then make the determination based on the information provided. I would highly recommend that you upgrade to and ASA so that you can have support for both hardware and IPv6

    Good luck


    Author Closing Comment

    You da man!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    This video discusses moving either the default database or any database to a new volume.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now