www.eftps.gov contact

Andre Grueneberg list.ipv6ops at grueneberg.de
Wed Dec 19 22:41:57 CET 2012


Hi,

Sander Steffann wrote:
> > Lately I've experienced a similar issue where the ICMPv6 PTB didn't
> > make it's way back due to some Juniper (SSG) firewall having the
> > screening option for "big ICMP" packets enabled. This feature is a
> > total no-go if you'd like to have working IPv6.
> I reported this to Juniper approximately 2 years ago. It's
> disappointing to see that they still haven't fixed that bug...

Oh, it seems they're not going to fix it. At least now they are going to
document it in their knowledge base. In a way it makes sense. If you
want to break your connectivity with a firewall, it's your problem. The
only real alternative is to completely remove this non-sense screening
option -- but I believe there must be some customers out there who
believe that breaking ICMP is a feature.

Andre
-- 
NOBODY expects the Spanish Inquisition!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20121219/3ed56023/attachment.sig>


More information about the ipv6-ops mailing list