Firebrick Fb2700 User manual

Other manuals for FB2700

Table of contents

Other FireBrick Network Hardware manuals

FireBrick

FireBrick FB2700 User manual

FireBrick

FireBrick FB6000 Series User manual

FireBrick

FireBrick FB2900 User manual

Popular Network Hardware manuals by other brands

Matrix Switch Corporation

Matrix Switch Corporation MSC-HD161DEL product manual

B&B Electronics

B&B Electronics ZXT9-IO-222R2 product manual

Yudor

Yudor YDS-16 user manual

D-Link

D-Link ShareCenter DNS-320L datasheet

Samsung

Samsung ES1642dc Hardware user manual

Honeywell Home

Honeywell Home LTEM-PV Installation and setup guide

evertz

evertz 7700 Series manual

D-Link

D-Link ShareCenter DNS-343 Quick installation guide

Asante

Asante AsanteBridge 1012 user guide

Audiovox Electronics

Audiovox Electronics ARWH2T user manual

ADC

ADC DSX-1 Operational Procedures Guide

NetComm

NetComm NF2 user guide

Alcatel-Lucent

Alcatel-Lucent 5620 user guide

Dell EMC

Dell EMC XC6420 Series Solution guide

Lanner

Lanner NCA-1020A user manual

Allied Telesis

Allied Telesis AT-TN121-A Specifications

Lanner

Lanner NCA-1525 user manual

Cantek

Cantek NR310-4 user manual

FireBrick TEST

User Manual

FB2700 Versatile Network Appliance

FireBrick TEST User Manual

This User Manual documents Software version V1.25.101

Table of Contents

Preface ................................................................................................................................ xviii

1. Introduction .......................................................................................................................... 1

1.1. The FB2700 ............................................................................................................... 1

1.1.1. Where do I start? .............................................................................................. 1

1.1.2. What can it do? ................................................................................................ 1

1.1.3. Ethernet port capabilities .................................................................................... 2

1.1.4. Differences between the devices in the FB2x00 series .............................................. 2

1.1.5. Software features .............................................................................................. 2

1.1.6. Migration from previous FireBrick models ............................................................ 2

1.2. About this Manual ....................................................................................................... 3

1.2.1. Version ........................................................................................................... 3

1.2.2. Intended audience ............................................................................................. 3

1.2.3. Technical details ............................................................................................... 3

1.2.4. Document style ................................................................................................. 3

1.2.5. Document conventions ....................................................................................... 4

1.2.6. Comments and feedback .................................................................................... 4

1.3. Additional Resources ................................................................................................... 4

1.3.1. Technical Support ............................................................................................. 4

1.3.2. IRC Channel .................................................................................................... 5

1.3.3. Application Notes ............................................................................................. 5

1.3.4. White Papers .................................................................................................... 5

1.3.5. Training Courses ............................................................................................... 5

2. Getting Started ...................................................................................................................... 6

2.1. IP addressing .............................................................................................................. 6

2.2. Accessing the web-based user interface ........................................................................... 6

2.2.1. Add a new user ................................................................................................ 7

3. Configuration ....................................................................................................................... 10

3.1. The Object Hierarchy ................................................................................................. 10

3.2. The Object Model ...................................................................................................... 10

3.2.1. Formal definition of the object model ................................................................. 11

3.2.2. Common attributes .......................................................................................... 11

3.3. Configuration Methods ............................................................................................... 11

3.4. Web User Interface Overview ...................................................................................... 11

3.4.1. User Interface layout ........................................................................................ 12

3.4.1.1. Customising the layout .......................................................................... 12

3.4.2. Config pages and the object hierarchy ................................................................. 13

3.4.2.1. Configuration categories ......................................................................... 13

3.4.2.2. Object settings ...................................................................................... 14

3.4.3. Navigating around the User Interface .................................................................. 15

3.4.4. Backing up / restoring the configuration .............................................................. 16

3.5. Configuration using XML ........................................................................................... 16

3.5.1. Introduction to XML ........................................................................................ 16

3.5.2. The root element - <config> ............................................................................. 18

3.5.3. Viewing or editing XML .................................................................................. 18

3.5.4. Example XML configuration ............................................................................. 18

3.6. Downloading/Uploading the configuration ...................................................................... 20

3.6.1. Download ...................................................................................................... 20

3.6.2. Upload .......................................................................................................... 20

4. System Administration .......................................................................................................... 21

4.1. User Management ...................................................................................................... 21

4.1.1. Login level ..................................................................................................... 22

4.1.2. Configuration access level ................................................................................ 22

4.1.3. Login idle timeout ........................................................................................... 22

4.1.4. Restricting user logins ...................................................................................... 22

FireBrick TEST User Manual

4.1.4.1. Restrict by IP address ............................................................................ 22

4.1.4.2. Restrict by profile ................................................................................. 23

4.2. General System settings .............................................................................................. 23

4.2.1. System name (hostname) .................................................................................. 23

4.2.2. Administrative details ...................................................................................... 23

4.2.3. System-level event logging control ..................................................................... 23

4.2.4. Home page web links ...................................................................................... 23

4.3. Software Upgrades ..................................................................................................... 24

4.3.1. Software release types ...................................................................................... 24

4.3.1.1. Breakpoint releases ............................................................................... 24

4.3.2. Identifying current software version .................................................................... 25

4.3.3. Internet-based upgrade process .......................................................................... 25

4.3.3.1. Manually initiating upgrades ................................................................... 25

4.3.3.2. Controlling automatic software updates ..................................................... 26

4.3.4. Manual upgrade .............................................................................................. 26

4.4. Boot Process ............................................................................................................. 27

4.4.1. LED indications .............................................................................................. 27

4.4.1.1. Power LED status indications ................................................................. 27

4.4.1.2. Port LEDs ........................................................................................... 27

5. Event Logging ..................................................................................................................... 28

5.1. Overview .................................................................................................................. 28

5.1.1. Log targets ..................................................................................................... 28

5.1.1.1. Logging to Flash memory ...................................................................... 28

5.1.1.2. Logging to the Console .......................................................................... 29

5.2. Enabling logging ....................................................................................................... 29

5.3. Logging to external destinations ................................................................................... 29

5.3.1. Syslog ........................................................................................................... 29

5.3.2. Email ............................................................................................................ 30

5.3.2.1. E-mail process logging .......................................................................... 31

5.4. Factory reset configuration log targets ........................................................................... 31

5.5. Performance .............................................................................................................. 31

5.6. Viewing logs ............................................................................................................. 31

5.6.1. Viewing logs in the User Interface ..................................................................... 31

5.6.2. Viewing logs in the CLI environment ................................................................. 32

5.7. System-event logging ................................................................................................. 32

5.8. Using Profiles ........................................................................................................... 32

6. Interfaces and Subnets .......................................................................................................... 33

6.1. Relationship between Interfaces and Physical Ports .......................................................... 33

6.1.1. Port groups .................................................................................................... 33

6.1.2. Interfaces ....................................................................................................... 33

6.2. Defining port groups .................................................................................................. 34

6.3. Defining an interface .................................................................................................. 35

6.3.1. Defining subnets ............................................................................................. 35

6.3.1.1. Using DHCP to configure a subnet .......................................................... 36

6.3.2. Setting up DHCP server parameters .................................................................... 36

6.3.2.1. Fixed/Static DHCP allocations ................................................................ 37

6.3.2.2. Partial-MAC-address based allocations ..................................................... 37

6.4. Physical port settings .................................................................................................. 38

6.4.1. Disabling auto-negotiation ................................................................................ 38

6.4.2. Setting port speed ............................................................................................ 38

6.4.3. Setting duplex mode ........................................................................................ 38

6.4.4. Defining port LED functions ............................................................................. 39

7. Session Handling ................................................................................................................. 41

7.1. Routing vs. Firewalling ............................................................................................... 41

7.2. Session Tracking ....................................................................................................... 41

7.2.1. Session termination .......................................................................................... 42

FireBrick TEST User Manual

7.3. Session Rules ............................................................................................................ 42

7.3.1. Overview ....................................................................................................... 42

7.3.2. Processing flow ............................................................................................... 43

7.3.3. Defining Rule-Sets and Rules ............................................................................ 46

7.3.3.1. Recommended method of implementing firewalling .................................... 46

7.3.3.2. Changes to session traffic ....................................................................... 48

7.3.3.3. Graphing and traffic shaping ................................................................... 48

7.3.3.4. Configuring session time-outs ................................................................. 49

8. Routing .............................................................................................................................. 50

8.1. Routing logic ............................................................................................................ 50

8.2. Routing targets .......................................................................................................... 51

8.2.1. Subnet routes .................................................................................................. 51

8.2.2. Routing to an IP address (gateway route) ............................................................. 51

8.2.3. Special targets ................................................................................................ 51

8.3. Dynamic route creation / deletion ................................................................................. 52

8.4. Routing tables ........................................................................................................... 52

8.5. Route overrides ......................................................................................................... 52

9. Profiles ............................................................................................................................... 54

9.1. Overview .................................................................................................................. 54

9.2. Creating/editing profiles .............................................................................................. 54

9.2.1. Timing control ................................................................................................ 54

9.2.2. Tests ............................................................................................................. 55

9.2.2.1. General tests ........................................................................................ 55

9.2.2.2. Time/date tests ..................................................................................... 55

9.2.2.3. Ping tests ............................................................................................. 55

9.2.3. Inverting overall test result ................................................................................ 55

9.2.4. Manual override .............................................................................................. 55

10. Traffic Shaping .................................................................................................................. 57

10.1. Graphs and Shapers .................................................................................................. 57

10.1.1. Graphs ......................................................................................................... 57

10.1.2. Shapers ........................................................................................................ 57

11. PPPoE .............................................................................................................................. 59

11.1. Types of DSL line and router in the United Kingdom ..................................................... 59

11.2. Definining PPPoE links ............................................................................................. 60

11.2.1. IPv6 ............................................................................................................ 60

11.2.2. Additional options ......................................................................................... 60

11.2.2.1. MTU and TCP fix ............................................................................... 60

11.2.2.2. Service and ac-name ............................................................................ 61

11.2.2.3. Logging ............................................................................................. 61

11.2.2.4. Speed and graphs ................................................................................ 61

12. Tunnels ............................................................................................................................. 62

12.1. FB105 tunnels ......................................................................................................... 62

12.1.1. Tunnel wrapper packets .................................................................................. 62

12.1.2. Setting up a tunnel ......................................................................................... 62

12.1.3. Viewing tunnel status ..................................................................................... 63

12.1.4. Dynamic routes ............................................................................................. 63

12.1.5. Tunnel bonding ............................................................................................. 63

12.1.6. Tunnels and NAT .......................................................................................... 64

12.1.6.1. FB2700 doing NAT ............................................................................. 64

12.1.6.2. Another device doing NAT ................................................................... 64

13. System Services ................................................................................................................. 66

13.1. Common settings ..................................................................................................... 66

13.2. HTTP Server configuration ........................................................................................ 67

13.2.1. Access control ............................................................................................... 67

13.2.1.1. Trusted addresses ................................................................................ 67

13.3. Telnet Server configuration ........................................................................................ 67

FireBrick TEST User Manual

vii

13.3.1. Access control ............................................................................................... 67

13.4. DNS configuration ................................................................................................... 68

13.4.1. Blocking DNS names ..................................................................................... 68

13.4.2. Local DNS responses ..................................................................................... 68

13.4.3. Auto DHCP DNS .......................................................................................... 68

13.5. NTP configuration .................................................................................................... 68

13.6. SNMP configuration ................................................................................................. 69

13.7. RADIUS configuration .............................................................................................. 69

13.7.1. RADIUS server (platform RADIUS) ................................................................. 69

13.7.2. RADIUS client .............................................................................................. 69

14. Network Diagnostic Tools .................................................................................................... 70

14.1. Firewalling check ..................................................................................................... 70

14.2. Access check ........................................................................................................... 71

14.3. Packet Dumping ...................................................................................................... 71

14.3.1. Dump parameters ........................................................................................... 72

14.3.2. Security settings required ................................................................................ 72

14.3.3. IP address matching ....................................................................................... 73

14.3.4. Packet types .................................................................................................. 73

14.3.5. Snaplen specification ...................................................................................... 73

14.3.6. Using the web interface .................................................................................. 73

14.3.7. Using an HTTP client .................................................................................... 74

14.3.7.1. Example using curl and tcpdump ........................................................... 74

15. VRRP ............................................................................................................................... 75

15.1. Virtual Routers ........................................................................................................ 75

15.2. Configuring VRRP ................................................................................................... 75

15.2.1. Advertisement Interval .................................................................................... 76

15.2.2. Priority ........................................................................................................ 76

15.3. Using a virtual router ................................................................................................ 76

15.4. VRRP versions ........................................................................................................ 76

15.4.1. VRRP version 2 ............................................................................................ 76

15.4.2. VRRP version 3 ............................................................................................ 76

15.5. Compatibility ........................................................................................................... 77

16. VoIP ................................................................................................................................. 78

16.1. What is VoIP? ......................................................................................................... 78

16.2. Registration and Proxies ............................................................................................ 78

16.2.1. Registrar ...................................................................................................... 78

16.2.2. Proxy ........................................................................................................... 78

16.3. Home/office phone system ......................................................................................... 79

16.4. Network Address Translation ..................................................................................... 79

16.5. Number plan ........................................................................................................... 80

16.6. Telephone handsets .................................................................................................. 80

16.7. VoIP call carriers ..................................................................................................... 81

16.8. Hunt groups ............................................................................................................ 81

16.8.1. Ring Type .................................................................................................... 82

16.8.2. Ring order .................................................................................................... 82

16.8.3. Overflow ...................................................................................................... 82

16.8.4. Out of hours ................................................................................................. 82

16.9. Call pickup/steal ...................................................................................................... 82

16.10. Busy lamp field ..................................................................................................... 83

16.11. Using RADIUS ...................................................................................................... 83

16.11.1. RADIUS accounting ..................................................................................... 83

16.11.2. RADIUS authentication ................................................................................. 84

16.11.2.1. Call routing by RADIUS .................................................................... 84

16.12. Call recording ........................................................................................................ 85

16.13. Voicemail and IVR services ..................................................................................... 86

16.14. Call Data Records .................................................................................................. 86

FireBrick TEST User Manual

viii

16.15. Technical details .................................................................................................... 87

16.16. Custom tones ......................................................................................................... 87

17. BGP ................................................................................................................................. 89

17.1. What is BGP? ......................................................................................................... 89

17.2. Using BGP in an office network? ............................................................................... 89

18. L2TP ................................................................................................................................ 90

18.1. What is L2TP? ........................................................................................................ 90

18.2. Incoming L2TP connections ....................................................................................... 90

18.3. The importance of CQM graphs ................................................................................. 90

18.4. Local Authentication ................................................................................................. 90

18.5. Relaying L2TP connections ....................................................................................... 90

18.6. RADIUS Authentication and Accounting ..................................................................... 90

18.7. RADIUS Control messages ........................................................................................ 90

18.8. Outgoing L2TP connections ....................................................................................... 90

19. IPsec ................................................................................................................................ 91

19.1. What is IPsec? ......................................................................................................... 91

19.1.1. Authentication ............................................................................................... 91

19.1.2. Encryption .................................................................................................... 91

19.1.3. IKE ............................................................................................................. 91

19.2. Setting up a tunnel ................................................................................................... 92

19.2.1. IP endpoints .................................................................................................. 92

19.2.2. Manual Keying ............................................................................................. 92

19.2.3. Routing ........................................................................................................ 93

19.2.4. Other parameters ........................................................................................... 93

19.3. Tunnelling to a non-FireBrick device ........................................................................... 93

19.4. Remote connection - IPsec and L2TP .......................................................................... 94

19.5. Choice of algorithms ................................................................................................ 94

20. Command Line Interface ...................................................................................................... 95

A. Factory Reset Procedure ....................................................................................................... 96

B. CIDR and CIDR Notation ..................................................................................................... 98

C. MAC Addresses usage ........................................................................................................ 100

D. VLANs : A primer ............................................................................................................. 102

E. Supported L2TP Attribute/Value Pairs ................................................................................... 103

E.1. Start-Control-Connection-Request ............................................................................... 103

E.2. Start-Control-Connection-Reply .................................................................................. 103

E.3. Start-Control-Connection-Connected ........................................................................... 104

E.4. Stop-Control-Connection-Notification .......................................................................... 104

E.5. Hello ..................................................................................................................... 104

E.6. Incoming-Call-Request ............................................................................................. 104

E.7. Incoming-Call-Reply ................................................................................................ 105

E.8. Incoming-Call-Connected .......................................................................................... 105

E.9. Outgoing-Call-Request .............................................................................................. 105

E.10. Outgoing-Call-Reply ............................................................................................... 106

E.11. Outgoing-Call-Connected ........................................................................................ 106

E.12. Call-Disconnect-Notify ............................................................................................ 106

E.13. WAN-Error-Notify ................................................................................................. 106

E.14. Set-Link-Info ......................................................................................................... 106

E.15. Notes ................................................................................................................... 107

E.15.1. BT specific notes ......................................................................................... 107

E.15.2. IP over LCP ............................................................................................... 107

F. Supported RADIUS Attribute/Value Pairs for L2TP operation .................................................... 108

F.1. Authentication request .............................................................................................. 108

F.2. Authentication response ............................................................................................ 109

F.2.1. Accepted authentication .................................................................................. 109

F.2.1.1. Prefix Delegation ................................................................................ 110

F.2.2. Rejected authentication ................................................................................... 110

FireBrick TEST User Manual

F.3. Accounting Start ...................................................................................................... 110

F.4. Accounting Interim .................................................................................................. 111

F.5. Accounting Stop ...................................................................................................... 112

F.6. Disconnect .............................................................................................................. 113

F.7. Change of Authorisation ........................................................................................... 113

F.8. Filter ID ................................................................................................................. 114

F.9. Notes ..................................................................................................................... 115

F.9.1. L2TP relay ................................................................................................... 115

F.9.2. LCP echo and CQM graphs ............................................................................ 115

F.9.3. IP over LCP ................................................................................................. 116

F.9.4. Closed User Group ........................................................................................ 116

F.9.5. Routing table ................................................................................................ 116

G. Supported RADIUS Attribute/Value Pairs for VoIP operation .................................................... 117

G.1. Authentication request .............................................................................................. 117

G.2. Authentication response ............................................................................................ 118

G.2.1. Challenge authentication ................................................................................ 118

G.2.2. Accepted authentication (registration) ............................................................... 118

G.2.3. Accepted authentication (invite) ....................................................................... 118

G.2.4. Rejected authentication .................................................................................. 118

G.3. Accounting Start ..................................................................................................... 119

G.4. Accounting Interim .................................................................................................. 119

G.5. Accounting Stop ...................................................................................................... 120

G.6. Disconnect ............................................................................................................. 120

G.7. Change of Authorisation ........................................................................................... 120

H. Command line reference ..................................................................................................... 121

H.1. General commands .................................................................................................. 121

H.1.1. Trace off ..................................................................................................... 121

H.1.2. Trace on ...................................................................................................... 121

H.1.3. Uptime ........................................................................................................ 121

H.1.4. General status ............................................................................................... 121

H.1.5. Memory usage .............................................................................................. 121

H.1.6. Process/task usage ......................................................................................... 121

H.1.7. Login .......................................................................................................... 121

H.1.8. Logout ........................................................................................................ 122

H.1.9. See XML configuration .................................................................................. 122

H.1.10. Load XML configuration .............................................................................. 122

H.1.11. Show profile status ...................................................................................... 122

H.1.12. Show RADIUS servers ................................................................................. 122

H.1.13. Show DNS resolvers .................................................................................... 122

H.2. Networking commands ............................................................................................. 122

H.2.1. Subnets ....................................................................................................... 122

H.2.2. Ping and trace .............................................................................................. 123

H.2.3. Show a route from the routing table ................................................................. 123

H.2.4. List routes ................................................................................................... 123

H.2.5. List routing next hops .................................................................................... 123

H.2.6. See DHCP allocations .................................................................................... 123

H.2.7. Clear DHCP allocations ................................................................................. 123

H.2.8. Lock DHCP allocations .................................................................................. 124

H.2.9. Unlock DHCP allocations ............................................................................... 124

H.2.10. Name DHCP allocations ............................................................................... 124

H.2.11. Show ARP/ND status ................................................................................... 124

H.2.12. Show VRRP status ...................................................................................... 124

H.2.13. Send Wake-on-LAN packet ........................................................................... 124

H.3. Firewalling commands ............................................................................................. 124

H.3.1. Check access to services ................................................................................ 124

H.3.2. Check firewall logic ...................................................................................... 124

FireBrick TEST User Manual

H.4. L2TP commands ..................................................................................................... 125

H.5. BGP commands ...................................................................................................... 125

H.6. OSPF commands ..................................................................................................... 125

H.7. GGSN commands .................................................................................................... 125

H.8. PPPoE commands .................................................................................................... 125

H.9. VoIP commands ...................................................................................................... 125

H.10. Advanced commands .............................................................................................. 125

H.10.1. Panic ......................................................................................................... 125

H.10.2. Reboot ....................................................................................................... 126

H.10.3. Screen width .............................................................................................. 126

H.10.4. Make outbound command session .................................................................. 126

H.10.5. Show command sessions .............................................................................. 126

H.10.6. Kill command session .................................................................................. 126

H.10.7. Flash memory list ........................................................................................ 126

H.10.8. Delete block from flash ................................................................................ 126

H.10.9. Boot log .................................................................................................... 127

H.10.10. Flash log .................................................................................................. 127

I. Configuration Objects .......................................................................................................... 128

I.1. Top level ................................................................................................................. 128

I.1.1. config: Top level config .................................................................................. 128

I.2. Objects ................................................................................................................... 129

I.2.1. system: System settings ................................................................................... 129

I.2.2. link: Web links .............................................................................................. 130

I.2.3. user: Admin users .......................................................................................... 130

I.2.4. log: Log target controls ................................................................................... 130

I.2.5. log-syslog: Syslog logger settings ..................................................................... 131

I.2.6. log-email: Email logger settings ........................................................................ 131

I.2.7. services: System services ................................................................................. 132

I.2.8. snmp-service: SNMP service settings ................................................................. 132

I.2.9. ntp-service: NTP service settings ...................................................................... 133

I.2.10. telnet-service: Telnet service settings ............................................................... 134

I.2.11. http-service: HTTP service settings .................................................................. 134

I.2.12. dns-service: DNS service settings .................................................................... 135

I.2.13. dns-host: Fixed local DNS host settings ............................................................ 135

I.2.14. dns-block: Fixed local DNS blocks .................................................................. 136

I.2.15. radius-service: RADIUS service definition ........................................................ 136

I.2.16. radius-service-match: Matching rules for RADIUS service ................................... 137

I.2.17. radius-server: RADIUS server settings ............................................................. 138

I.2.18. ethernet: Physical port controls ....................................................................... 139

I.2.19. portdef: Port grouping and naming .................................................................. 139

I.2.20. interface: Port-group/VLAN interface settings .................................................... 140

I.2.21. subnet: Subnet settings .................................................................................. 141

I.2.22. vrrp: VRRP settings ...................................................................................... 142

I.2.23. dhcps: DHCP server settings .......................................................................... 142

I.2.24. dhcp-attr-hex: DHCP server attributes (hex) ...................................................... 143

I.2.25. dhcp-attr-string: DHCP server attributes (string) ................................................. 143

I.2.26. dhcp-attr-number: DHCP server attributes (numeric) ........................................... 144

I.2.27. dhcp-attr-ip: DHCP server attributes (IP) .......................................................... 144

I.2.28. pppoe: PPPoE settings ................................................................................... 144

I.2.29. ppp-route: PPP routes .................................................................................... 145

I.2.30. ggsn: GTP GGSN settings ............................................................................. 146

I.2.31. usb: USB 3G/dongle settings .......................................................................... 146

I.2.32. dongle: 3G/dongle settings ............................................................................. 147

I.2.33. route: Static routes ........................................................................................ 148

I.2.34. network: Locally originated networks ............................................................... 148

I.2.35. blackhole: Dead end networks ........................................................................ 149