I see people demanding central stateful firewalls for IPv6. And because there's no masquerading / NAPT nobody designed something equivalent to the NAT traversal protocols we have in IPv4. It's sad.
So what those stateful firewalls do is the same as for IPv4: deep packet inspection to get the endpoints out of the packets (think of SIP signaling) and allowing them to communicate. Which fails horribly with any sort of encryption and new protocols the firewall does not understand. Also you're lucky if the firewall lets IPsec/ESP through at all, given that such traffic cannot be inspected and would need to be passed through verbatim and unchecked, which is what you're trying to avoid with stateful firewalls in the first place.
I don't see end-to-end communication happening with IPv6 and I'm not sure what to do about it. Even CPEs like AVM's FritzBox are now shipped with stateful firewalls by default.