Firebrick Fb2700 User manual

FireBrick TEST

User Manual

FB2700 Versatile Network Appliance

FireBrick TEST User Manual

This User Manual documents Software version V1.25.101

Table of Contents

Preface ................................................................................................................................ xviii

1. Introduction .......................................................................................................................... 1

1.1. The FB2700 ............................................................................................................... 1

1.1.1. Where do I start? .............................................................................................. 1

1.1.2. What can it do? ................................................................................................ 1

1.1.3. Ethernet port capabilities .................................................................................... 2

1.1.4. Differences between the devices in the FB2x00 series .............................................. 2

1.1.5. Software features .............................................................................................. 2

1.1.6. Migration from previous FireBrick models ............................................................ 2

1.2. About this Manual ....................................................................................................... 3

1.2.1. Version ........................................................................................................... 3

1.2.2. Intended audience ............................................................................................. 3

1.2.3. Technical details ............................................................................................... 3

1.2.4. Document style ................................................................................................. 3

1.2.5. Document conventions ....................................................................................... 4

1.2.6. Comments and feedback .................................................................................... 4

1.3. Additional Resources ................................................................................................... 4

1.3.1. Technical Support ............................................................................................. 4

1.3.2. IRC Channel .................................................................................................... 5

1.3.3. Application Notes ............................................................................................. 5

1.3.4. White Papers .................................................................................................... 5

1.3.5. Training Courses ............................................................................................... 5

2. Getting Started ...................................................................................................................... 6

2.1. IP addressing .............................................................................................................. 6

2.2. Accessing the web-based user interface ........................................................................... 6

2.2.1. Add a new user ................................................................................................ 7

3. Configuration ....................................................................................................................... 10

3.1. The Object Hierarchy ................................................................................................. 10

3.2. The Object Model ...................................................................................................... 10

3.2.1. Formal definition of the object model ................................................................. 11

3.2.2. Common attributes .......................................................................................... 11

3.3. Configuration Methods ............................................................................................... 11

3.4. Web User Interface Overview ...................................................................................... 11

3.4.1. User Interface layout ........................................................................................ 12

3.4.1.1. Customising the layout .......................................................................... 12

3.4.2. Config pages and the object hierarchy ................................................................. 13

3.4.2.1. Configuration categories ......................................................................... 13

3.4.2.2. Object settings ...................................................................................... 14

3.4.3. Navigating around the User Interface .................................................................. 15

3.4.4. Backing up / restoring the configuration .............................................................. 16

3.5. Configuration using XML ........................................................................................... 16

3.5.1. Introduction to XML ........................................................................................ 16

3.5.2. The root element - <config> ............................................................................. 18

3.5.3. Viewing or editing XML .................................................................................. 18

3.5.4. Example XML configuration ............................................................................. 18

3.6. Downloading/Uploading the configuration ...................................................................... 20

3.6.1. Download ...................................................................................................... 20

3.6.2. Upload .......................................................................................................... 20

4. System Administration .......................................................................................................... 21

4.1. User Management ...................................................................................................... 21

4.1.1. Login level ..................................................................................................... 22

4.1.2. Configuration access level ................................................................................ 22

4.1.3. Login idle timeout ........................................................................................... 22

4.1.4. Restricting user logins ...................................................................................... 22

FireBrick TEST User Manual

4.1.4.1. Restrict by IP address ............................................................................ 22

4.1.4.2. Restrict by profile ................................................................................. 23

4.2. General System settings .............................................................................................. 23

4.2.1. System name (hostname) .................................................................................. 23

4.2.2. Administrative details ...................................................................................... 23

4.2.3. System-level event logging control ..................................................................... 23

4.2.4. Home page web links ...................................................................................... 23

4.3. Software Upgrades ..................................................................................................... 24

4.3.1. Software release types ...................................................................................... 24

4.3.1.1. Breakpoint releases ............................................................................... 24

4.3.2. Identifying current software version .................................................................... 25

4.3.3. Internet-based upgrade process .......................................................................... 25

4.3.3.1. Manually initiating upgrades ................................................................... 25

4.3.3.2. Controlling automatic software updates ..................................................... 26

4.3.4. Manual upgrade .............................................................................................. 26

4.4. Boot Process ............................................................................................................. 27

4.4.1. LED indications .............................................................................................. 27

4.4.1.1. Power LED status indications ................................................................. 27

4.4.1.2. Port LEDs ........................................................................................... 27

5. Event Logging ..................................................................................................................... 28

5.1. Overview .................................................................................................................. 28

5.1.1. Log targets ..................................................................................................... 28

5.1.1.1. Logging to Flash memory ...................................................................... 28

5.1.1.2. Logging to the Console .......................................................................... 29

5.2. Enabling logging ....................................................................................................... 29

5.3. Logging to external destinations ................................................................................... 29

5.3.1. Syslog ........................................................................................................... 29

5.3.2. Email ............................................................................................................ 30

5.3.2.1. E-mail process logging .......................................................................... 31

5.4. Factory reset configuration log targets ........................................................................... 31

5.5. Performance .............................................................................................................. 31

5.6. Viewing logs ............................................................................................................. 31

5.6.1. Viewing logs in the User Interface ..................................................................... 31

5.6.2. Viewing logs in the CLI environment ................................................................. 32

5.7. System-event logging ................................................................................................. 32

5.8. Using Profiles ........................................................................................................... 32

6. Interfaces and Subnets .......................................................................................................... 33

6.1. Relationship between Interfaces and Physical Ports .......................................................... 33

6.1.1. Port groups .................................................................................................... 33

6.1.2. Interfaces ....................................................................................................... 33

6.2. Defining port groups .................................................................................................. 34

6.3. Defining an interface .................................................................................................. 35

6.3.1. Defining subnets ............................................................................................. 35

6.3.1.1. Using DHCP to configure a subnet .......................................................... 36

6.3.2. Setting up DHCP server parameters .................................................................... 36

6.3.2.1. Fixed/Static DHCP allocations ................................................................ 37

6.3.2.2. Partial-MAC-address based allocations ..................................................... 37

6.4. Physical port settings .................................................................................................. 38

6.4.1. Disabling auto-negotiation ................................................................................ 38

6.4.2. Setting port speed ............................................................................................ 38

6.4.3. Setting duplex mode ........................................................................................ 38

6.4.4. Defining port LED functions ............................................................................. 39

7. Session Handling ................................................................................................................. 41

7.1. Routing vs. Firewalling ............................................................................................... 41

7.2. Session Tracking ....................................................................................................... 41

7.2.1. Session termination .......................................................................................... 42

FireBrick TEST User Manual

7.3. Session Rules ............................................................................................................ 42

7.3.1. Overview ....................................................................................................... 42

7.3.2. Processing flow ............................................................................................... 43

7.3.3. Defining Rule-Sets and Rules ............................................................................ 46

7.3.3.1. Recommended method of implementing firewalling .................................... 46

7.3.3.2. Changes to session traffic ....................................................................... 48

7.3.3.3. Graphing and traffic shaping ................................................................... 48

7.3.3.4. Configuring session time-outs ................................................................. 49

8. Routing .............................................................................................................................. 50

8.1. Routing logic ............................................................................................................ 50

8.2. Routing targets .......................................................................................................... 51

8.2.1. Subnet routes .................................................................................................. 51

8.2.2. Routing to an IP address (gateway route) ............................................................. 51

8.2.3. Special targets ................................................................................................ 51

8.3. Dynamic route creation / deletion ................................................................................. 52

8.4. Routing tables ........................................................................................................... 52

8.5. Route overrides ......................................................................................................... 52

9. Profiles ............................................................................................................................... 54

9.1. Overview .................................................................................................................. 54

9.2. Creating/editing profiles .............................................................................................. 54

9.2.1. Timing control ................................................................................................ 54

9.2.2. Tests ............................................................................................................. 55

9.2.2.1. General tests ........................................................................................ 55

9.2.2.2. Time/date tests ..................................................................................... 55

9.2.2.3. Ping tests ............................................................................................. 55

9.2.3. Inverting overall test result ................................................................................ 55

9.2.4. Manual override .............................................................................................. 55

10. Traffic Shaping .................................................................................................................. 57

10.1. Graphs and Shapers .................................................................................................. 57

10.1.1. Graphs ......................................................................................................... 57

10.1.2. Shapers ........................................................................................................ 57

11. PPPoE .............................................................................................................................. 59

11.1. Types of DSL line and router in the United Kingdom ..................................................... 59

11.2. Definining PPPoE links ............................................................................................. 60

11.2.1. IPv6 ............................................................................................................ 60

11.2.2. Additional options ......................................................................................... 60

11.2.2.1. MTU and TCP fix ............................................................................... 60

11.2.2.2. Service and ac-name ............................................................................ 61

11.2.2.3. Logging ............................................................................................. 61

11.2.2.4. Speed and graphs ................................................................................ 61

12. Tunnels ............................................................................................................................. 62

12.1. FB105 tunnels ......................................................................................................... 62

12.1.1. Tunnel wrapper packets .................................................................................. 62

12.1.2. Setting up a tunnel ......................................................................................... 62

12.1.3. Viewing tunnel status ..................................................................................... 63

12.1.4. Dynamic routes ............................................................................................. 63

12.1.5. Tunnel bonding ............................................................................................. 63

12.1.6. Tunnels and NAT .......................................................................................... 64

12.1.6.1. FB2700 doing NAT ............................................................................. 64

12.1.6.2. Another device doing NAT ................................................................... 64

13. System Services ................................................................................................................. 66

13.1. Common settings ..................................................................................................... 66

13.2. HTTP Server configuration ........................................................................................ 67

13.2.1. Access control ............................................................................................... 67

13.2.1.1. Trusted addresses ................................................................................ 67

13.3. Telnet Server configuration ........................................................................................ 67

FireBrick TEST User Manual

vii

13.3.1. Access control ............................................................................................... 67

13.4. DNS configuration ................................................................................................... 68

13.4.1. Blocking DNS names ..................................................................................... 68

13.4.2. Local DNS responses ..................................................................................... 68

13.4.3. Auto DHCP DNS .......................................................................................... 68

13.5. NTP configuration .................................................................................................... 68

13.6. SNMP configuration ................................................................................................. 69

13.7. RADIUS configuration .............................................................................................. 69

13.7.1. RADIUS server (platform RADIUS) ................................................................. 69

13.7.2. RADIUS client .............................................................................................. 69

14. Network Diagnostic Tools .................................................................................................... 70

14.1. Firewalling check ..................................................................................................... 70

14.2. Access check ........................................................................................................... 71

14.3. Packet Dumping ...................................................................................................... 71

14.3.1. Dump parameters ........................................................................................... 72

14.3.2. Security settings required ................................................................................ 72

14.3.3. IP address matching ....................................................................................... 73

14.3.4. Packet types .................................................................................................. 73

14.3.5. Snaplen specification ...................................................................................... 73

14.3.6. Using the web interface .................................................................................. 73

14.3.7. Using an HTTP client .................................................................................... 74

14.3.7.1. Example using curl and tcpdump ........................................................... 74

15. VRRP ............................................................................................................................... 75

15.1. Virtual Routers ........................................................................................................ 75

15.2. Configuring VRRP ................................................................................................... 75

15.2.1. Advertisement Interval .................................................................................... 76

15.2.2. Priority ........................................................................................................ 76

15.3. Using a virtual router ................................................................................................ 76

15.4. VRRP versions ........................................................................................................ 76

15.4.1. VRRP version 2 ............................................................................................ 76

15.4.2. VRRP version 3 ............................................................................................ 76

15.5. Compatibility ........................................................................................................... 77

16. VoIP ................................................................................................................................. 78

16.1. What is VoIP? ......................................................................................................... 78

16.2. Registration and Proxies ............................................................................................ 78

16.2.1. Registrar ...................................................................................................... 78

16.2.2. Proxy ........................................................................................................... 78

16.3. Home/office phone system ......................................................................................... 79

16.4. Network Address Translation ..................................................................................... 79

16.5. Number plan ........................................................................................................... 80

16.6. Telephone handsets .................................................................................................. 80

16.7. VoIP call carriers ..................................................................................................... 81

16.8. Hunt groups ............................................................................................................ 81

16.8.1. Ring Type .................................................................................................... 82

16.8.2. Ring order .................................................................................................... 82

16.8.3. Overflow ...................................................................................................... 82

16.8.4. Out of hours ................................................................................................. 82

16.9. Call pickup/steal ...................................................................................................... 82

16.10. Busy lamp field ..................................................................................................... 83

16.11. Using RADIUS ...................................................................................................... 83

16.11.1. RADIUS accounting ..................................................................................... 83

16.11.2. RADIUS authentication ................................................................................. 84

16.11.2.1. Call routing by RADIUS .................................................................... 84

16.12. Call recording ........................................................................................................ 85

16.13. Voicemail and IVR services ..................................................................................... 86

16.14. Call Data Records .................................................................................................. 86

FireBrick TEST User Manual

viii

16.15. Technical details .................................................................................................... 87

16.16. Custom tones ......................................................................................................... 87

17. BGP ................................................................................................................................. 89

17.1. What is BGP? ......................................................................................................... 89

17.2. Using BGP in an office network? ............................................................................... 89

18. L2TP ................................................................................................................................ 90

18.1. What is L2TP? ........................................................................................................ 90

18.2. Incoming L2TP connections ....................................................................................... 90

18.3. The importance of CQM graphs ................................................................................. 90

18.4. Local Authentication ................................................................................................. 90

18.5. Relaying L2TP connections ....................................................................................... 90

18.6. RADIUS Authentication and Accounting ..................................................................... 90

18.7. RADIUS Control messages ........................................................................................ 90

18.8. Outgoing L2TP connections ....................................................................................... 90

19. IPsec ................................................................................................................................ 91

19.1. What is IPsec? ......................................................................................................... 91

19.1.1. Authentication ............................................................................................... 91

19.1.2. Encryption .................................................................................................... 91

19.1.3. IKE ............................................................................................................. 91

19.2. Setting up a tunnel ................................................................................................... 92

19.2.1. IP endpoints .................................................................................................. 92

19.2.2. Manual Keying ............................................................................................. 92

19.2.3. Routing ........................................................................................................ 93

19.2.4. Other parameters ........................................................................................... 93

19.3. Tunnelling to a non-FireBrick device ........................................................................... 93

19.4. Remote connection - IPsec and L2TP .......................................................................... 94

19.5. Choice of algorithms ................................................................................................ 94

20. Command Line Interface ...................................................................................................... 95

A. Factory Reset Procedure ....................................................................................................... 96

B. CIDR and CIDR Notation ..................................................................................................... 98

C. MAC Addresses usage ........................................................................................................ 100

D. VLANs : A primer ............................................................................................................. 102

E. Supported L2TP Attribute/Value Pairs ................................................................................... 103

E.1. Start-Control-Connection-Request ............................................................................... 103

E.2. Start-Control-Connection-Reply .................................................................................. 103

E.3. Start-Control-Connection-Connected ........................................................................... 104

E.4. Stop-Control-Connection-Notification .......................................................................... 104

E.5. Hello ..................................................................................................................... 104

E.6. Incoming-Call-Request ............................................................................................. 104

E.7. Incoming-Call-Reply ................................................................................................ 105

E.8. Incoming-Call-Connected .......................................................................................... 105

E.9. Outgoing-Call-Request .............................................................................................. 105

E.10. Outgoing-Call-Reply ............................................................................................... 106

E.11. Outgoing-Call-Connected ........................................................................................ 106

E.12. Call-Disconnect-Notify ............................................................................................ 106

E.13. WAN-Error-Notify ................................................................................................. 106

E.14. Set-Link-Info ......................................................................................................... 106

E.15. Notes ................................................................................................................... 107

E.15.1. BT specific notes ......................................................................................... 107

E.15.2. IP over LCP ............................................................................................... 107

F. Supported RADIUS Attribute/Value Pairs for L2TP operation .................................................... 108

F.1. Authentication request .............................................................................................. 108

F.2. Authentication response ............................................................................................ 109

F.2.1. Accepted authentication .................................................................................. 109

F.2.1.1. Prefix Delegation ................................................................................ 110

F.2.2. Rejected authentication ................................................................................... 110

FireBrick TEST User Manual

F.3. Accounting Start ...................................................................................................... 110

F.4. Accounting Interim .................................................................................................. 111

F.5. Accounting Stop ...................................................................................................... 112

F.6. Disconnect .............................................................................................................. 113

F.7. Change of Authorisation ........................................................................................... 113

F.8. Filter ID ................................................................................................................. 114

F.9. Notes ..................................................................................................................... 115

F.9.1. L2TP relay ................................................................................................... 115

F.9.2. LCP echo and CQM graphs ............................................................................ 115

F.9.3. IP over LCP ................................................................................................. 116

F.9.4. Closed User Group ........................................................................................ 116

F.9.5. Routing table ................................................................................................ 116

G. Supported RADIUS Attribute/Value Pairs for VoIP operation .................................................... 117

G.1. Authentication request .............................................................................................. 117

G.2. Authentication response ............................................................................................ 118

G.2.1. Challenge authentication ................................................................................ 118

G.2.2. Accepted authentication (registration) ............................................................... 118

G.2.3. Accepted authentication (invite) ....................................................................... 118

G.2.4. Rejected authentication .................................................................................. 118

G.3. Accounting Start ..................................................................................................... 119

G.4. Accounting Interim .................................................................................................. 119

G.5. Accounting Stop ...................................................................................................... 120

G.6. Disconnect ............................................................................................................. 120

G.7. Change of Authorisation ........................................................................................... 120

H. Command line reference ..................................................................................................... 121

H.1. General commands .................................................................................................. 121

H.1.1. Trace off ..................................................................................................... 121

H.1.2. Trace on ...................................................................................................... 121

H.1.3. Uptime ........................................................................................................ 121

H.1.4. General status ............................................................................................... 121

H.1.5. Memory usage .............................................................................................. 121

H.1.6. Process/task usage ......................................................................................... 121

H.1.7. Login .......................................................................................................... 121

H.1.8. Logout ........................................................................................................ 122

H.1.9. See XML configuration .................................................................................. 122

H.1.10. Load XML configuration .............................................................................. 122

H.1.11. Show profile status ...................................................................................... 122

H.1.12. Show RADIUS servers ................................................................................. 122

H.1.13. Show DNS resolvers .................................................................................... 122

H.2. Networking commands ............................................................................................. 122

H.2.1. Subnets ....................................................................................................... 122

H.2.2. Ping and trace .............................................................................................. 123

H.2.3. Show a route from the routing table ................................................................. 123

H.2.4. List routes ................................................................................................... 123

H.2.5. List routing next hops .................................................................................... 123

H.2.6. See DHCP allocations .................................................................................... 123

H.2.7. Clear DHCP allocations ................................................................................. 123

H.2.8. Lock DHCP allocations .................................................................................. 124

H.2.9. Unlock DHCP allocations ............................................................................... 124

H.2.10. Name DHCP allocations ............................................................................... 124

H.2.11. Show ARP/ND status ................................................................................... 124

H.2.12. Show VRRP status ...................................................................................... 124

H.2.13. Send Wake-on-LAN packet ........................................................................... 124

H.3. Firewalling commands ............................................................................................. 124

H.3.1. Check access to services ................................................................................ 124

H.3.2. Check firewall logic ...................................................................................... 124

FireBrick TEST User Manual

H.4. L2TP commands ..................................................................................................... 125

H.5. BGP commands ...................................................................................................... 125

H.6. OSPF commands ..................................................................................................... 125

H.7. GGSN commands .................................................................................................... 125

H.8. PPPoE commands .................................................................................................... 125

H.9. VoIP commands ...................................................................................................... 125

H.10. Advanced commands .............................................................................................. 125

H.10.1. Panic ......................................................................................................... 125

H.10.2. Reboot ....................................................................................................... 126

H.10.3. Screen width .............................................................................................. 126

H.10.4. Make outbound command session .................................................................. 126

H.10.5. Show command sessions .............................................................................. 126

H.10.6. Kill command session .................................................................................. 126

H.10.7. Flash memory list ........................................................................................ 126

H.10.8. Delete block from flash ................................................................................ 126

H.10.9. Boot log .................................................................................................... 127

H.10.10. Flash log .................................................................................................. 127

I. Configuration Objects .......................................................................................................... 128

I.1. Top level ................................................................................................................. 128

I.1.1. config: Top level config .................................................................................. 128

I.2. Objects ................................................................................................................... 129

I.2.1. system: System settings ................................................................................... 129

I.2.2. link: Web links .............................................................................................. 130

I.2.3. user: Admin users .......................................................................................... 130

I.2.4. log: Log target controls ................................................................................... 130

I.2.5. log-syslog: Syslog logger settings ..................................................................... 131

I.2.6. log-email: Email logger settings ........................................................................ 131

I.2.7. services: System services ................................................................................. 132

I.2.8. snmp-service: SNMP service settings ................................................................. 132

I.2.9. ntp-service: NTP service settings ...................................................................... 133

I.2.10. telnet-service: Telnet service settings ............................................................... 134

I.2.11. http-service: HTTP service settings .................................................................. 134

I.2.12. dns-service: DNS service settings .................................................................... 135

I.2.13. dns-host: Fixed local DNS host settings ............................................................ 135

I.2.14. dns-block: Fixed local DNS blocks .................................................................. 136

I.2.15. radius-service: RADIUS service definition ........................................................ 136

I.2.16. radius-service-match: Matching rules for RADIUS service ................................... 137

I.2.17. radius-server: RADIUS server settings ............................................................. 138

I.2.18. ethernet: Physical port controls ....................................................................... 139

I.2.19. portdef: Port grouping and naming .................................................................. 139

I.2.20. interface: Port-group/VLAN interface settings .................................................... 140

I.2.21. subnet: Subnet settings .................................................................................. 141

I.2.22. vrrp: VRRP settings ...................................................................................... 142

I.2.23. dhcps: DHCP server settings .......................................................................... 142

I.2.24. dhcp-attr-hex: DHCP server attributes (hex) ...................................................... 143

I.2.25. dhcp-attr-string: DHCP server attributes (string) ................................................. 143

I.2.26. dhcp-attr-number: DHCP server attributes (numeric) ........................................... 144

I.2.27. dhcp-attr-ip: DHCP server attributes (IP) .......................................................... 144

I.2.28. pppoe: PPPoE settings ................................................................................... 144

I.2.29. ppp-route: PPP routes .................................................................................... 145

I.2.30. ggsn: GTP GGSN settings ............................................................................. 146

I.2.31. usb: USB 3G/dongle settings .......................................................................... 146

I.2.32. dongle: 3G/dongle settings ............................................................................. 147

I.2.33. route: Static routes ........................................................................................ 148

I.2.34. network: Locally originated networks ............................................................... 148

I.2.35. blackhole: Dead end networks ........................................................................ 149

FireBrick TEST User Manual

I.2.36. loopback: Locally originated networks ............................................................. 149

I.2.37. ospf: Overall OSPF settings ........................................................................... 150

I.2.38. bgp: Overall BGP settings .............................................................................. 150

I.2.39. bgppeer: BGP peer definitions ........................................................................ 151

I.2.40. bgpmap: Mapping and filtering rules of BGP prefixes ......................................... 152

I.2.41. bgprule: Individual mapping/filtering rule ......................................................... 153

I.2.42. cqm: Constant Quality Monitoring settings ........................................................ 153

I.2.43. l2tp: L2TP settings ....................................................................................... 155

I.2.44. l2tp-outgoing: L2TP settings for outgoing L2TP connections ................................ 155

I.2.45. l2tp-incoming: L2TP settings for incoming L2TP connections ............................... 157

I.2.46. l2tp-relay: Relay and local authentication rules for L2TP ..................................... 158

I.2.47. fb105: FB105 tunnel definition ....................................................................... 159

I.2.48. fb105-route: FB105 routes ............................................................................. 160

I.2.49. ipsec: IPsec onfiguration ................................................................................ 160

I.2.50. ipsec-route: IPsec tunnel routes ....................................................................... 162

I.2.51. ping: Ping/graph definition ............................................................................. 162

I.2.52. profile: Control profile .................................................................................. 162

I.2.53. profile-date: Test passes if within any of the time ranges specified ......................... 164

I.2.54. profile-time: Test passes if within any of the date/time ranges specified .................. 164

I.2.55. profile-ping: Test passes if any addresses are pingable ......................................... 164

I.2.56. shaper: Traffic shaper .................................................................................... 164

I.2.57. shaper-override: Traffic shaper override based on profile ..................................... 165

I.2.58. ip-group: IP Group ....................................................................................... 165

I.2.59. route-override: Routing override rules .............................................................. 166

I.2.60. session-route-rule: Routing override rule ........................................................... 166

I.2.61. session-route-share: Route override load sharing ................................................ 167

I.2.62. rule-set: Firewall/mapping rule set ................................................................... 167

I.2.63. session-rule: Firewall rules ............................................................................. 168

I.2.64. session-share: Firewall load sharing ................................................................. 169

I.2.65. voip: Voice over IP config ............................................................................. 170

I.2.66. carrier: VoIP carrier details ............................................................................ 171

I.2.67. telephone: VoIP telephone authentication user details .......................................... 172

I.2.68. tone: Tone definitions .................................................................................... 173

I.2.69. ringgroup: Ring groups .................................................................................. 173

I.2.70. etun: Ether tunnel (experimental) ..................................................................... 174

I.3. Data types ............................................................................................................... 174

I.3.1. autoloadtype: Type of s/w auto load .................................................................. 174

I.3.2. config-access: Type of access user has to config .................................................. 174

I.3.3. user-level: User login level .............................................................................. 174

I.3.4. syslog-severity: Syslog severity ........................................................................ 175

I.3.5. syslog-facility: Syslog facility ........................................................................... 175

I.3.6. month: Month name (3 letter) ........................................................................... 176

I.3.7. day: Day name (3 letter) .................................................................................. 176

I.3.8. radiuspriority: Options for controlling platform RADIUS response priority tagging ..... 177

I.3.9. radiustype: Type of RADIUS server .................................................................. 177

I.3.10. port: Physical port ........................................................................................ 177

I.3.11. Crossover: Crossover configuration .................................................................. 177

I.3.12. LinkSpeed: Physical port speed ....................................................................... 178

I.3.13. LinkDuplex: Physical port duplex setting .......................................................... 178

I.3.14. LinkFlow: Physical port flow control setting ..................................................... 178

I.3.15. LinkClock: Physical port Gigabit clock master/slave setting ................................. 178

I.3.16. LinkLED: LED settings ................................................................................. 178

I.3.17. LinkPower: PHY power saving options ............................................................ 179

I.3.18. LinkFault: Link fault type to send ................................................................... 179

I.3.19. ramode: IPv6 route announce level .................................................................. 180

I.3.20. dhcpv6control: Control for RA and DHCPv6 bits ............................................... 180

FireBrick TEST User Manual

xii

I.3.21. bgpmode: BGP announcement mode ................................................................ 180

I.3.22. sfoption: Source filter option .......................................................................... 180

I.3.23. pppoe-mode: Type of PPPoE connection .......................................................... 180

I.3.24. ggsn-calling: Calling number options for GGSN ................................................. 181

I.3.25. ggsn-called: Called number options for GGSN ................................................... 181

I.3.26. ggsn-username: What to use as username .......................................................... 181

I.3.27. pdp-context-type: Type of IP connection ........................................................... 181

I.3.28. peertype: BGP peer type ................................................................................ 181

I.3.29. ipsec-type: IPsec encapsulation type ................................................................. 182

I.3.30. ipsec-mode: IPsec encapsulation mode ............................................................. 182

I.3.31. ipsec-auth-algorithm: IPsec authentication algorithm ........................................... 182

I.3.32. ipsec-crypt-algorithm: IPsec encryption algorithm .............................................. 182

I.3.33. firewall-action: Firewall action ........................................................................ 183

I.3.34. voip-format: Number presentation format .......................................................... 183

I.3.35. uknumberformat: Number formatting option ...................................................... 183

I.3.36. recordoption: Recording option ....................................................................... 183

I.3.37. ring-group-order: Order of ring ....................................................................... 184

I.3.38. ring-group-type: Type of ring when one call in queue .......................................... 184

I.4. Basic types .............................................................................................................. 184

Index .................................................................................................................................... 187

xiii

List of Figures

2.1. Initial web page in factory reset state ...................................................................................... 7

2.2. Initial "Users" page .............................................................................................................. 7

2.3. Setting up a new user .......................................................................................................... 8

2.4. Configuration being stored .................................................................................................... 8

3.1. Main menu ....................................................................................................................... 12

3.2. Icons for layout controls ..................................................................................................... 13

3.3. Icons for configuration categories ......................................................................................... 13

3.4. The "Setup" category .......................................................................................................... 14

3.5. Editing an "Interface" object ................................................................................................ 14

3.6. Show hidden attributes ....................................................................................................... 15

3.7. Attribute definitions ........................................................................................................... 15

3.8. Navigation controls ............................................................................................................ 16

4.1. Setting up a new user ......................................................................................................... 21

4.2. Software upgrade available notification ................................................................................. 25

4.3. Manual Software upload ..................................................................................................... 26

7.1. Example sessions created by drop and reject actions ................................................................ 43

7.2. Processing flow chart for rule-sets and session-rules ................................................................ 45

C.1. Product label showing MAC address range .......................................................................... 100

xiv

List of Tables

2.1. IP addresses for computer ..................................................................................................... 6

2.2. IP addresses to access the FireBrick ....................................................................................... 6

2.3. IP addresses to access the FireBrick ....................................................................................... 6

3.1. Special character sequences ................................................................................................. 17

4.1. User login levels ............................................................................................................... 22

4.2. Configuration access levels .................................................................................................. 22

4.3. General administrative details attributes ................................................................................. 23

4.4. Attributes controlling auto-upgrades ...................................................................................... 26

4.5. Power LED status indications .............................................................................................. 27

5.1. Logging attributes .............................................................................................................. 29

5.2. System-Event Logging attributes .......................................................................................... 32

6.1. Physical port usage options ................................................................................................. 33

6.2. Port LED functions ............................................................................................................ 39

6.3. Example modified Port LED functions .................................................................................. 39

7.1. Action attribute values ........................................................................................................ 43

8.1. Route targets ..................................................................................................................... 51

13.1. List of system services ...................................................................................................... 66

13.2. List of system services ...................................................................................................... 66

14.1. Packet dump parameters .................................................................................................... 72

14.2. Packet types that can be captured ........................................................................................ 73

16.1. Ring Type ....................................................................................................................... 82

16.2. Ring Order ...................................................................................................................... 82

16.3. Access-Accept ................................................................................................................. 85

16.4. Default tones ................................................................................................................... 87

19.1. IPsec algorithm key lengths ............................................................................................... 92

C.1. DHCP client names used .................................................................................................. 101

E.1. SCCRQ .......................................................................................................................... 103

E.2. SCCRP .......................................................................................................................... 103

E.3. SCCCN .......................................................................................................................... 104

E.4. StopCCN ........................................................................................................................ 104

E.5. HELLO .......................................................................................................................... 104

E.6. ICRQ ............................................................................................................................. 104

E.7. ICRP ............................................................................................................................. 105

E.8. ICCN ............................................................................................................................. 105

E.9. OCRQ ........................................................................................................................... 105

E.10. OCRP .......................................................................................................................... 106

E.11. OCCN .......................................................................................................................... 106

E.12. CDN ............................................................................................................................ 106

E.13. WEN ........................................................................................................................... 106

E.14. SLI .............................................................................................................................. 106

F.1. Access-request ................................................................................................................. 108

F.2. Access-Accept ................................................................................................................. 109

F.3. Access-Reject .................................................................................................................. 110

F.4. Accounting-Start .............................................................................................................. 110

F.5. Accounting-Interim .......................................................................................................... 111

F.6. Accounting-Stop .............................................................................................................. 112

F.7. Disconnect ...................................................................................................................... 113

F.8. Change-of-Authorisation ................................................................................................... 113

F.9. Filter-ID ......................................................................................................................... 114

G.1. Access-request ................................................................................................................ 117

G.2. Access-Challenge ............................................................................................................ 118

G.3. Access-Accept ................................................................................................................ 118

G.4. Access-Accept ................................................................................................................ 118

G.5. Access-Reject ................................................................................................................. 118

FireBrick TEST User Manual

G.6. Accounting-Start ............................................................................................................. 119

G.7. Accounting-Interim .......................................................................................................... 119

G.8. Accounting-Stop .............................................................................................................. 120

G.9. Disconnect ..................................................................................................................... 120

G.10. Change-of-Authorisation ................................................................................................. 120

I.1. config: Attributes .............................................................................................................. 128

I.2. config: Elements ............................................................................................................... 128

I.3. system: Attributes ............................................................................................................. 129

I.4. system: Elements .............................................................................................................. 129

I.5. link: Attributes ................................................................................................................. 130

I.6. user: Attributes ................................................................................................................. 130

I.7. log: Attributes .................................................................................................................. 130

I.8. log: Elements ................................................................................................................... 131

I.9. log-syslog: Attributes ........................................................................................................ 131

I.10. log-email: Attributes ........................................................................................................ 131

I.11. services: Elements ........................................................................................................... 132

I.12. snmp-service: Attributes ................................................................................................... 132

I.13. ntp-service: Attributes ...................................................................................................... 133

I.14. telnet-service: Attributes ................................................................................................... 134

I.15. http-service: Attributes ..................................................................................................... 134

I.16. dns-service: Attributes ..................................................................................................... 135

I.17. dns-service: Elements ...................................................................................................... 135

I.18. dns-host: Attributes ......................................................................................................... 135

I.19. dns-block: Attributes ....................................................................................................... 136

I.20. radius-service: Attributes .................................................................................................. 136

I.21. radius-service: Elements ................................................................................................... 137

I.22. radius-service-match: Attributes ......................................................................................... 137

I.23. radius-server: Attributes ................................................................................................... 138

I.24. ethernet: Attributes .......................................................................................................... 139

I.25. portdef: Attributes ........................................................................................................... 139

I.26. interface: Attributes ......................................................................................................... 140

I.27. interface: Elements .......................................................................................................... 141

I.28. subnet: Attributes ............................................................................................................ 141

I.29. vrrp: Attributes ............................................................................................................... 142

I.30. dhcps: Attributes ............................................................................................................. 142

I.31. dhcps: Elements .............................................................................................................. 143

I.32. dhcp-attr-hex: Attributes ................................................................................................... 143

I.33. dhcp-attr-string: Attributes ................................................................................................ 143

I.34. dhcp-attr-number: Attributes ............................................................................................. 144

I.35. dhcp-attr-ip: Attributes ..................................................................................................... 144

I.36. pppoe: Attributes ............................................................................................................ 144

I.37. pppoe: Elements ............................................................................................................. 145

I.38. ppp-route: Attributes ........................................................................................................ 145

I.39. ggsn: Attributes .............................................................................................................. 146

I.40. usb: Attributes ................................................................................................................ 146

I.41. usb: Elements ................................................................................................................. 147

I.42. dongle: Attributes ............................................................................................................ 147

I.43. dongle: Elements ............................................................................................................ 148

I.44. route: Attributes .............................................................................................................. 148

I.45. network: Attributes .......................................................................................................... 148

I.46. blackhole: Attributes ........................................................................................................ 149

I.47. loopback: Attributes ........................................................................................................ 149

I.48. ospf: Attributes ............................................................................................................... 150

I.49. bgp: Attributes ................................................................................................................ 150

I.50. bgp: Elements ................................................................................................................ 151

I.51. bgppeer: Attributes .......................................................................................................... 151

FireBrick TEST User Manual

xvi

I.52. bgppeer: Elements ........................................................................................................... 152

I.53. bgpmap: Attributes .......................................................................................................... 152

I.54. bgpmap: Elements ........................................................................................................... 153

I.55. bgprule: Attributes .......................................................................................................... 153

I.56. cqm: Attributes ............................................................................................................... 153

I.57. l2tp: Attributes ............................................................................................................... 155

I.58. l2tp: Elements ................................................................................................................ 155

I.59. l2tp-outgoing: Attributes .................................................................................................. 155

I.60. l2tp-outgoing: Elements ................................................................................................... 157

I.61. l2tp-incoming: Attributes .................................................................................................. 157

I.62. l2tp-incoming: Elements ................................................................................................... 158

I.63. l2tp-relay: Attributes ........................................................................................................ 158

I.64. fb105: Attributes ............................................................................................................. 159

I.65. fb105: Elements .............................................................................................................. 160

I.66. fb105-route: Attributes ..................................................................................................... 160

I.67. ipsec: Attributes .............................................................................................................. 161

I.68. ipsec: Elements ............................................................................................................... 162

I.69. ipsec-route: Attributes ...................................................................................................... 162

I.70. ping: Attributes ............................................................................................................... 162

I.71. profile: Attributes ............................................................................................................ 163

I.72. profile: Elements ............................................................................................................. 163

I.73. profile-date: Attributes ..................................................................................................... 164

I.74. profile-time: Attributes ..................................................................................................... 164

I.75. profile-ping: Attributes ..................................................................................................... 164

I.76. shaper: Attributes ............................................................................................................ 164

I.77. shaper: Elements ............................................................................................................. 165

I.78. shaper-override: Attributes ................................................................................................ 165

I.79. ip-group: Attributes ......................................................................................................... 166

I.80. route-override: Attributes .................................................................................................. 166

I.81. route-override: Elements .................................................................................................. 166

I.82. session-route-rule: Attributes ............................................................................................. 166

I.83. session-route-rule: Elements .............................................................................................. 167

I.84. session-route-share: Attributes ........................................................................................... 167

I.85. rule-set: Attributes ........................................................................................................... 167

I.86. rule-set: Elements ............................................................................................................ 168

I.87. session-rule: Attributes ..................................................................................................... 168

I.88. session-rule: Elements ...................................................................................................... 169

I.89. session-share: Attributes ................................................................................................... 169

I.90. voip: Attributes ............................................................................................................... 170

I.91. voip: Elements ................................................................................................................ 171

I.92. carrier: Attributes ............................................................................................................ 171

I.93. telephone: Attributes ........................................................................................................ 172

I.94. tone: Attributes ............................................................................................................... 173

I.95. ringgroup: Attributes ....................................................................................................... 173

I.96. etun: Attributes ............................................................................................................... 174

I.97. autoloadtype: Type of s/w auto load ................................................................................... 174

I.98. config-access: Type of access user has to config ................................................................... 174

I.99. user-level: User login level ............................................................................................... 175

I.100. syslog-severity: Syslog severity ....................................................................................... 175

I.101. syslog-facility: Syslog facility .......................................................................................... 175

I.102. month: Month name (3 letter) .......................................................................................... 176

I.103. day: Day name (3 letter) ................................................................................................. 176

I.104. radiuspriority: Options for controlling platform RADIUS response priority tagging .................... 177

I.105. radiustype: Type of RADIUS server ................................................................................. 177

I.106. port: Physical port ......................................................................................................... 177

I.107. Crossover: Crossover configuration .................................................................................. 177

FireBrick TEST User Manual

xvii

I.108. LinkSpeed: Physical port speed ....................................................................................... 178

I.109. LinkDuplex: Physical port duplex setting ........................................................................... 178

I.110. LinkFlow: Physical port flow control setting ...................................................................... 178

I.111. LinkClock: Physical port Gigabit clock master/slave setting .................................................. 178

I.112. LinkLED: LED settings .................................................................................................. 178

I.113. LinkPower: PHY power saving options ............................................................................. 179

I.114. LinkFault: Link fault type to send .................................................................................... 179

I.115. ramode: IPv6 route announce level ................................................................................... 180

I.116. dhcpv6control: Control for RA and DHCPv6 bits ................................................................ 180

I.117. bgpmode: BGP announcement mode ................................................................................. 180

I.118. sfoption: Source filter option ........................................................................................... 180

I.119. pppoe-mode: Type of PPPoE connection ........................................................................... 180

I.120. ggsn-calling: Calling number options for GGSN ................................................................. 181

I.121. ggsn-called: Called number options for GGSN ................................................................... 181

I.122. ggsn-username: What to use as username .......................................................................... 181

I.123. pdp-context-type: Type of IP connection ........................................................................... 181

I.124. peertype: BGP peer type ................................................................................................. 182

I.125. ipsec-type: IPsec encapsulation type ................................................................................. 182

I.126. ipsec-mode: IPsec encapsulation mode .............................................................................. 182

I.127. ipsec-auth-algorithm: IPsec authentication algorithm ............................................................ 182

I.128. ipsec-crypt-algorithm: IPsec encryption algorithm ............................................................... 182

I.129. firewall-action: Firewall action ........................................................................................ 183

I.130. voip-format: Number presentation format .......................................................................... 183

I.131. uknumberformat: Number formatting option ...................................................................... 183

I.132. recordoption: Recording option ........................................................................................ 183

I.133. ring-group-order: Order of ring ........................................................................................ 184

I.134. ring-group-type: Type of ring when one call in queue .......................................................... 184

I.135. Basic data types ............................................................................................................ 184

xviii

Preface

The FB2700 device is the result of several years of intensive effort to create products based on state of the

art processing platforms, featuring an entirely new operating system and IPv6-capable networking software,

written from scratch in-house by the FireBrick team. Custom designed hardware, manufactured in the UK, hosts

the new software, and ensures FireBrick are able to maximise performance from the hardware, and maintain

exceptional levels of quality and reliability.

The result is a product that has the feature set and performance to handle the tasks encountered in today's office

networking environments, where new access technologies such as Fibre To The Cabinet (FTTC) deliver faster

connections than ever before.

The new software is closely related to that which runs on FireBrick's 'big-box' product, the FB6000, a carrier-

grade product that has been proven in the field for a number of years, effortlessly handling huge volumes of

traffic, and thousands of customer connections.

The software is constantly being improved and new features added, so please check that you are reading the

manual appropriate to the version of software you are using. This manual is for version V1.25.101.

Chapter 1. Introduction

1.1. The FB2700

1.1.1. Where do I start?

The FB2700 is shipped in a factory reset state. This means it has a default configuration that allows the unit

to be attached directly to a computer, or into an existing network, and is accessible via a web browser on a

known IP address for further configuration.

Besides allowing initial web access to the unit, the factory reset configuration provides a starting point for you

to develop a bespoke configuration that meets your requirements.

A printed copy of the QuickStart Guide is included with your FB2700 and covers the basic set up required to

gain access to the web based user interface. If you have already followed the steps in the QuickStart guide, and

are able to access the FB2700 via a web browser, you can begin to work with the factory reset configuration

by referring to Chapter 3.

Initial set up is also covered in this manual, so if you have not already followed the QuickStart Guide, please

start at Chapter 2.

Tip

The FB2700's configuration can be restored to the state it was in when shipped from the factory. The

procedure requires physical access to the FB2700, and can be applied if you have made configuration

changes that have resulted in loss of access to the web user interface, or any other situation where

it is appropriate to start from scratch - for example, commissioning an existing unit for a different

role, or where you've forgotten an administrative user password. It is also possible to temporarily reset

the FB2700 to allow you to recover and edit a broken configuration. For details on the factory reset

procedure please refer to Appendix A, or consult the QuickStart Guide.

The remainder of this chapter provides an overview of the FB2700's capabilities, and covers your product

support options.

Tip

The latest version of the QuickStart guide for the FB2700 can be obtained from the FireBrick website

at : http://www.firebrick.co.uk/pdfs/quickstart-2700.pdf

1.1.2. What can it do?

The FB2700 is an extremely versatile network appliance which you can think of as something akin to a Swiss

army knife for networking.

It can :

• act as a firewall, to protect your network from direct attack over the Internet.

• allocate network addresses to machines on your network (e.g. DHCP)

• manage multiple networks at once

• modify traffic passing though to do address and protocol-port mapping

• control the speed of different types of traffic (traffic shaping)

Introduction

• handle IPv6 - ready for the day that all five regional Internet registries (RIRs) exhaust their allocations!

• 3G dongle support for mobile internet or DSL backup

and much more...

1.1.3. Ethernet port capabilities

The FB2700 has four Ethernet network ports that can operate at 10Mb/s, 100Mb/s, or 1Gb/s. The ports

implement auto-negotiation by default, but operation can be fine-tuned to suit specific circumstances. The

function of these ports is very flexible, and defined by the device's configuration. The ports implement one or

more interfaces, and each interface can span either a single port or a user-defined group of ports.

When a port group is defined, the ports in the group work as a conventional Layer 2 network switch, directly

transferring traffic at wire-speed that is destined for a Layer 2 address that is present on one of the other ports

in the group.

Conversely, multiple interfaces can be implemented on a single physical port via support for IEEE 802.1Q

VLANs, ideal for using the FB2700 with VLAN-capable network switches. In this case, a single physical

connection can be made between a VLAN-capable switch and the FB2700, and with the switch configured

appropriately, this physical connection will carry traffic to/from multiple VLANs, and the FB2700 can do Layer

3 processing (routing/firewalling etc.) between nodes on two or more VLANs.

1.1.4. Differences between the devices in the FB2x00

series

The main difference between the two devices in the series is that the FB2500 can route traffic at up to 100Mb/

s, whilst the FB2700 is faster - typically up to 350Mb/s.

The other advantage the FB2700 offers is that you can directly attach an ordinary 3G dongle via the USB port

on the front, and use a mobile data connection - this is typically used as a back up for a DSL line.

1.1.5. Software features

The FB2700 has a simple two level software-feature-set. Devices are either "base" model or a "fully-loaded"

model. The base model lacks a few of the features such as BGP, L2TP and various bonding features.

You can use the basic features such as routing packets, filtering (firewalling) or arranging a 3G fallback for

your DSL line.

The "fully-loaded" model is useful for bonding multiple lines, and more obscure features such as announcing

addresses to an upstream provider by BGP.

It is possible to upgrade from "base" to "fully-loaded" at a later date if you wish. Contact your delay for details.

1.1.6. Migration from previous FireBrick models

Many FB2700 users may well be migrating from earlier FireBrick products, such as the FireBrick 105, to take

advantage of the significantly higher performance of the FB2700, and perhaps to use features that simply didn't

exist on the FB105. As you will see from reading Chapter 3, the new range of FireBrick products introduce

a modern, well structured configuration based on an underlying XML file. The User Interface is intentionally

closely coupled with the XML structures, and this will likely be the most apparent visual difference for users

experienced with the FB105.

To aid the transition, a translator is provided which will generate an FB2700 XML configuration file from an

FB105 configuration file, mapping features and functionality across as closely as is possible ; the converted

Other manuals for FB2700

Table of contents

Other FireBrick Network Hardware manuals

FireBrick

FireBrick FB2900 User manual

FireBrick

FireBrick FB2700 User manual

FireBrick

FireBrick FB6000 Series User manual

Popular Network Hardware manuals by other brands

Fortinet

Fortinet FortiAP 431G quick start guide

WIN Enterprises

WIN Enterprises PL-10390 user manual

One Stop Systems

One Stop Systems PE3R manual

Synology

Synology DiskStation DS216 Quick installation guide

Cisco

Cisco C8510MSR-SKIT-DC - Catalyst 8510 Multiservice Switch... Getting started

Vertiv

Vertiv Avocent ACS8000 Installer/user guide

FS S3700-24T4F Configuration guide

Accusys

Accusys ExaSAN SW16 user guide

Siemens

Siemens SIMATIC NET S7-CPs manual

IEI Technology

IEI Technology ECK-3699GH user manual

RP-EyeP

RP-EyeP Guard user manual

ASRock Industrial

ASRock Industrial iEP-9000 Series user manual

Sonos

Sonos BRIDGE Product guide

Cisco

Cisco ONS 15454 Series Procedure guide

Renkforce

Renkforce 2435414 operating instructions

ADTRAN

ADTRAN 1200312L5 user manual

Nortel

Nortel BayStack 450 Switch Installation

Panasonic

Panasonic Schottky Barrier Diodes MA27E02 Specification sheet