When we looked at IPv6 support, we were disappointed to discover very weak features in all products. While Barracuda's NG Firewall handled IPv6 on the LAN fairly well, probably because of the underlying Linux operating system, their HTTP and HTTPS proxies did not include IPv6 support, making the NG Firewall useless in any IPv6 firewalling environment. Check Point's Security Gateway did almost as well in LAN support, and does allow IPv6 addresses in firewall rules, but has not included IPv6 support in either their dynamic routing engine or, more importantly, their next-generation firewall application identification and control rules.
SonicOS didn't pass our IPv6 testing because the software build that we were testing didn't have IPv6 support — although other, older, SonicOS software versions do include IPv6 support, and SonicWall told us that they were putting a working IPv6 back in to the next software build. We also found the FortiGate missing features you'd need to make it the firewall handling an IPv6 network, signaling the need for more work to make the FortiGate truly IPv6-ready.
Our evaluation of the traditional firewall features didn't really upset any long-held beliefs. Check Point's Security Gateway, the oldest enterprise firewall in our testing, also shows the greatest maturity. SonicWall and Fortinet, both traditionally strong in the mid-sized organization market, excelled in the features needed in those areas, while the Barracuda NG Firewall, a relative newcomer, displays the rough edges you'd expect of a new product with a shorter development history.
Read more about wide area network in Network World's Wide Area Network section.