well, the doc didn't help but it did prompt me with an idea that solved it!
under policy conditions all documentation use Windows-Groups
I added a second condition: Client-Friendly-Name where I type the router\switch host name
it's working great with the one exception (I must complain about something, right?!) - I can't use a policy for more then 1 router (so I'll have to create a policy for each new router\switch I want to authenticate)
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...