If you have a multi-vendor, multi-type firewall environment, the business case (i.e. time and cost savings) for automating firewall management should be extremely compelling. Look for tools that will help analyze IPv6 addresses, objects, rules and ACLs across networks and security devices. Additionally, look for network management tools that can provide reverse lookup for any IPv6 address to its human readable names. Do not be the person that gets stuck having to manually troubleshoot mistyped IPv6 addresses across multiple firewalls.
When upgrading or automating, leverage internal and external domain expertise: Chances are external people you are working with on your IPv6 migration efforts are working with others as well. Any tips or best practices specific to IPv6 migration or in general with the systems or products they work with should be welcomed to ensure that systems are optimized for future needs. The processes you automate are likely to stick for quite some time - take the time to set things up in a way that is just aligned with the strengths of the product(s) your deploying, standard operating procedures and the culture of your company and team.
While it may not be of consequence to end users, IPv6 migration will be a big deal to enterprise IT and particularly network and network security managers. IPv6 has been in use for many years, it has been deployed on relatively few networks. Because people are less familiar with it, they are less likely to spot mistakes. With IPv6, security practitioners have a chance to get ahead of the game and bake best practices into IPv6 processes and operations instead of bolting them on after the fact. Lessons learned and best practices will come from trial and error, information sharing, and by supporting industry initiatives. Let’s not waste the opportunity to do things right.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.