FireBrick FB2700 User manual
FireBrick NULL
User Manual
FB2700 Versatile Network Appliance
FireBrick NULL User Manual
This User Manual documents Software version V1.28.000
Copyright © 2012-2013 FireBrick Ltd.
iv
Table of Contents
Preface .................................................................................................................................. xiii
1. Introduction .......................................................................................................................... 1
1.1. The FB2700 ............................................................................................................... 1
1.1.1. Where do I start? .............................................................................................. 1
1.1.2. What can it do? ................................................................................................ 1
1.1.3. Ethernet port capabilities .................................................................................... 2
1.1.4. Differences between the devices in the FB2x00 series .............................................. 2
1.1.5. Software features .............................................................................................. 2
1.1.6. Migration from previous FireBrick models ............................................................ 2
1.2. About this Manual ....................................................................................................... 3
1.2.1. Version ........................................................................................................... 3
1.2.2. Intended audience ............................................................................................. 3
1.2.3. Technical details ............................................................................................... 3
1.2.4. Document style ................................................................................................. 3
1.2.5. Document conventions ....................................................................................... 4
1.2.6. Comments and feedback .................................................................................... 4
1.3. Additional Resources ................................................................................................... 4
1.3.1. Technical Support ............................................................................................. 4
1.3.2. IRC Channel .................................................................................................... 5
1.3.3. Application Notes ............................................................................................. 5
1.3.4. White Papers .................................................................................................... 5
1.3.5. Training Courses ............................................................................................... 5
2. Getting Started ...................................................................................................................... 6
2.1. IP addressing .............................................................................................................. 6
2.2. Accessing the web-based user interface ........................................................................... 6
2.2.1. Add a new user ................................................................................................ 7
3. Configuration ........................................................................................................................ 9
3.1. The Object Hierarchy ................................................................................................... 9
3.2. The Object Model ....................................................................................................... 9
3.2.1. Formal definition of the object model ................................................................. 10
3.2.2. Common attributes .......................................................................................... 10
3.3. Configuration Methods ............................................................................................... 10
3.4. Web User Interface Overview ...................................................................................... 10
3.4.1. User Interface layout ........................................................................................ 11
3.4.1.1. Customising the layout .......................................................................... 11
3.4.2. Config pages and the object hierarchy ................................................................. 12
3.4.2.1. Configuration categories ......................................................................... 12
3.4.2.2. Object settings ...................................................................................... 13
3.4.3. Navigating around the User Interface .................................................................. 15
3.4.4. Backing up / restoring the configuration .............................................................. 16
3.5. Configuration using XML ........................................................................................... 16
3.5.1. Introduction to XML ........................................................................................ 16
3.5.2. The root element - <config> ............................................................................. 17
3.5.3. Viewing or editing XML .................................................................................. 17
3.5.4. Example XML configuration ............................................................................. 17
3.6. Downloading/Uploading the configuration ...................................................................... 19
3.6.1. Download ...................................................................................................... 19
3.6.2. Upload .......................................................................................................... 19
4. System Administration .......................................................................................................... 20
4.1. User Management ...................................................................................................... 20
4.1.1. Login level ..................................................................................................... 20
4.1.2. Configuration access level ................................................................................ 21
4.1.3. Login idle timeout ........................................................................................... 21
4.1.4. Restricting user logins ...................................................................................... 21
FireBrick NULL User Manual
v
4.1.4.1. Restrict by IP address ............................................................................ 21
4.1.4.2. Logged in IP address ............................................................................. 21
4.1.4.3. Restrict by profile ................................................................................. 22
4.2. General System settings .............................................................................................. 22
4.2.1. System name (hostname) .................................................................................. 22
4.2.2. Administrative details ...................................................................................... 22
4.2.3. System-level event logging control ..................................................................... 22
4.2.4. Home page web links ...................................................................................... 23
4.3. Software Upgrades ..................................................................................................... 23
4.3.1. Software release types ...................................................................................... 23
4.3.1.1. Breakpoint releases ............................................................................... 24
4.3.2. Identifying current software version .................................................................... 24
4.3.3. Internet-based upgrade process .......................................................................... 24
4.3.3.1. Manually initiating upgrades ................................................................... 25
4.3.3.2. Controlling automatic software updates ..................................................... 25
4.3.4. Manual upgrade .............................................................................................. 25
4.4. Boot Process ............................................................................................................. 26
4.4.1. LED indications .............................................................................................. 26
4.4.1.1. Power LED status indications ................................................................. 26
4.4.1.2. Port LEDs ........................................................................................... 26
5. Event Logging ..................................................................................................................... 28
5.1. Overview .................................................................................................................. 28
5.1.1. Log targets ..................................................................................................... 28
5.1.1.1. Logging to Flash memory ...................................................................... 28
5.1.1.2. Logging to the Console .......................................................................... 29
5.2. Enabling logging ....................................................................................................... 29
5.3. Logging to external destinations ................................................................................... 29
5.3.1. Syslog ........................................................................................................... 29
5.3.2. Email ............................................................................................................ 30
5.3.2.1. E-mail process logging .......................................................................... 31
5.4. Factory reset configuration log targets ........................................................................... 31
5.5. Performance .............................................................................................................. 31
5.6. Viewing logs ............................................................................................................. 31
5.6.1. Viewing logs in the User Interface ..................................................................... 31
5.6.2. Viewing logs in the CLI environment ................................................................. 32
5.7. System-event logging ................................................................................................. 32
5.8. Using Profiles ........................................................................................................... 32
6. Interfaces and Subnets .......................................................................................................... 33
6.1. Relationship between Interfaces and Physical Ports .......................................................... 33
6.1.1. Port groups .................................................................................................... 33
6.1.2. Interfaces ....................................................................................................... 33
6.2. Defining port groups .................................................................................................. 33
6.3. Defining an interface .................................................................................................. 34
6.3.1. Defining subnets ............................................................................................. 34
6.3.1.1. Using DHCP to configure a subnet .......................................................... 35
6.3.2. Setting up DHCP server parameters .................................................................... 35
6.3.2.1. Fixed/Static DHCP allocations ................................................................ 36
6.3.2.1.1. Special DHCP attributes .............................................................. 37
6.3.2.2. Partial-MAC-address based allocations ..................................................... 37
6.4. Physical port settings .................................................................................................. 37
6.4.1. Disabling auto-negotiation ................................................................................ 37
6.4.2. Setting port speed ............................................................................................ 38
6.4.3. Setting duplex mode ........................................................................................ 38
6.4.4. Defining port LED functions ............................................................................. 38
7. Routing .............................................................................................................................. 40
7.1. Routing logic ............................................................................................................ 40
FireBrick NULL User Manual
vi
7.2. Routing targets .......................................................................................................... 41
7.2.1. Subnet routes .................................................................................................. 41
7.2.2. Routing to an IP address (gateway route) ............................................................. 41
7.2.3. Special targets ................................................................................................ 42
7.3. Dynamic route creation / deletion ................................................................................. 42
7.4. Routing tables ........................................................................................................... 42
7.5. Bonding ................................................................................................................... 42
8. Profiles ............................................................................................................................... 44
8.1. Overview .................................................................................................................. 44
8.2. Creating/editing profiles .............................................................................................. 44
8.2.1. Timing control ................................................................................................ 44
8.2.2. Tests ............................................................................................................. 45
8.2.2.1. General tests ........................................................................................ 45
8.2.2.2. Time/date tests ..................................................................................... 45
8.2.2.3. Ping tests ............................................................................................. 45
8.2.3. Inverting overall test result ................................................................................ 45
8.2.4. Manual override .............................................................................................. 45
9. Traffic Shaping .................................................................................................................... 47
9.1. Graphs and Shapers ................................................................................................... 47
9.1.1. Graphs ........................................................................................................... 47
9.1.2. Shapers .......................................................................................................... 48
9.1.3. Ad hoc shapers ............................................................................................... 48
9.1.4. Long term shapers ........................................................................................... 48
9.2. Multiple shapers ........................................................................................................ 48
9.3. Basic principles ......................................................................................................... 49
10. System Services ................................................................................................................. 50
10.1. Protecting the FB2700 .............................................................................................. 50
10.2. Common settings ..................................................................................................... 50
10.3. HTTP Server configuration ........................................................................................ 51
10.3.1. Access control ............................................................................................... 51
10.3.1.1. Trusted addresses ................................................................................ 51
10.4. Telnet Server configuration ........................................................................................ 51
10.4.1. Access control ............................................................................................... 52
10.5. DNS configuration ................................................................................................... 52
10.5.1. Blocking DNS names ..................................................................................... 52
10.5.2. Local DNS responses ..................................................................................... 52
10.5.3. Auto DHCP DNS .......................................................................................... 52
10.6. NTP configuration .................................................................................................... 53
10.7. SNMP configuration ................................................................................................. 53
11. Network Diagnostic Tools .................................................................................................... 54
11.1. Access check ........................................................................................................... 54
11.2. Packet Dumping ...................................................................................................... 55
11.2.1. Dump parameters ........................................................................................... 55
11.2.2. Security settings required ................................................................................ 56
11.2.3. IP address matching ....................................................................................... 56
11.2.4. Packet types .................................................................................................. 56
11.2.5. Snaplen specification ...................................................................................... 56
11.2.6. Using the web interface .................................................................................. 57
11.2.7. Using an HTTP client .................................................................................... 57
11.2.7.1. Example using curl and tcpdump ........................................................... 57
12. VRRP ............................................................................................................................... 58
12.1. Virtual Routers ........................................................................................................ 58
12.2. Configuring VRRP ................................................................................................... 59
12.2.1. Advertisement Interval .................................................................................... 59
12.2.2. Priority ........................................................................................................ 59
12.3. Using a virtual router ................................................................................................ 59
FireBrick NULL User Manual
vii
12.4. VRRP versions ........................................................................................................ 59
12.4.1. VRRP version 2 ............................................................................................ 59
12.4.2. VRRP version 3 ............................................................................................ 60
12.5. Compatibility ........................................................................................................... 60
13. Command Line Interface ...................................................................................................... 61
A. Factory Reset Procedure ....................................................................................................... 62
B. CIDR and CIDR Notation ..................................................................................................... 64
C. MAC Addresses usage .......................................................................................................... 66
D. VLANs : A primer ............................................................................................................... 68
E. Command line reference ....................................................................................................... 69
E.1. General commands .................................................................................................... 69
E.1.1. Trace off ....................................................................................................... 69
E.1.2. Trace on ........................................................................................................ 69
E.1.3. Uptime .......................................................................................................... 69
E.1.4. General status ................................................................................................. 69
E.1.5. Memory usage ................................................................................................ 69
E.1.6. Process/task usage ........................................................................................... 69
E.1.7. Login ............................................................................................................ 69
E.1.8. Logout .......................................................................................................... 70
E.1.9. See XML configuration .................................................................................... 70
E.1.10. Load XML configuration ................................................................................ 70
E.1.11. Show profile status ........................................................................................ 70
E.1.12. Enable profile control switch ........................................................................... 70
E.1.13. Disable profile control switch .......................................................................... 70
E.1.14. Show RADIUS servers ................................................................................... 70
E.1.15. Show DNS resolvers ...................................................................................... 70
E.2. Networking commands ............................................................................................... 71
E.2.1. Subnets ......................................................................................................... 71
E.2.2. Ping and trace ................................................................................................ 71
E.2.3. Show a route from the routing table ................................................................... 71
E.2.4. List routes ..................................................................................................... 71
E.2.5. List routing next hops ...................................................................................... 71
E.2.6. See DHCP allocations ...................................................................................... 72
E.2.7. Clear DHCP allocations ................................................................................... 72
E.2.8. Lock DHCP allocations .................................................................................... 72
E.2.9. Unlock DHCP allocations ................................................................................. 72
E.2.10. Name DHCP allocations ................................................................................. 72
E.2.11. Show ARP/ND status ..................................................................................... 72
E.2.12. Show VRRP status ........................................................................................ 72
E.2.13. Send Wake-on-LAN packet ............................................................................. 72
E.2.14. Check access to services ................................................................................. 73
E.3. Advanced commands ................................................................................................. 73
E.3.1. Panic ............................................................................................................ 73
E.3.2. Reboot .......................................................................................................... 73
E.3.3. Screen width .................................................................................................. 73
E.3.4. Make outbound command session ...................................................................... 73
E.3.5. Show command sessions .................................................................................. 73
E.3.6. Kill command session ...................................................................................... 73
E.3.7. Flash memory list ........................................................................................... 74
E.3.8. Delete block from flash .................................................................................... 74
E.3.9. Boot log ........................................................................................................ 74
E.3.10. Flash log ...................................................................................................... 74
F. Constant Quality Monitoring - technical details ......................................................................... 75
F.1. Access to graphs and csvs ........................................................................................... 75
F.1.1. Trusted access ................................................................................................ 75
F.1.2. Dated information ........................................................................................... 75
FireBrick NULL User Manual
viii
F.1.3. Authenticated access ........................................................................................ 76
F.2. Graph display options ................................................................................................. 76
F.2.1. Data points .................................................................................................... 76
F.2.2. Additional text ................................................................................................ 76
F.2.3. Other colours and spacing ................................................................................ 77
F.3. Overnight archiving ................................................................................................... 77
F.3.1. Full URL format ............................................................................................. 77
F.3.2. load handling .................................................................................................. 78
F.4. Graph scores ............................................................................................................. 78
F.5. Creating graphs, and graph names ................................................................................ 78
G. Configuration Objects .......................................................................................................... 80
G.1. Top level ................................................................................................................. 80
G.1.1. config: Top level config .................................................................................. 80
G.2. Objects .................................................................................................................... 80
G.2.1. system: System settings ................................................................................... 80
G.2.2. link: Web links .............................................................................................. 81
G.2.3. user: Admin users ........................................................................................... 81
G.2.4. log: Log target controls ................................................................................... 82
G.2.5. log-syslog: Syslog logger settings ...................................................................... 82
G.2.6. log-email: Email logger settings ........................................................................ 83
G.2.7. services: System services ................................................................................. 83
G.2.8. snmp-service: SNMP service settings ................................................................. 84
G.2.9. ntp-service: NTP service settings ....................................................................... 84
G.2.10. telnet-service: Telnet service settings ................................................................ 85
G.2.11. http-service: HTTP service settings .................................................................. 85
G.2.12. dns-service: DNS service settings .................................................................... 86
G.2.13. dns-host: Fixed local DNS host settings ............................................................ 87
G.2.14. dns-block: Fixed local DNS blocks .................................................................. 87
G.2.15. ethernet: Physical port controls ........................................................................ 87
G.2.16. portdef: Port grouping and naming ................................................................... 88
G.2.17. interface: Port-group/VLAN interface settings .................................................... 88
G.2.18. subnet: Subnet settings ................................................................................... 89
G.2.19. vrrp: VRRP settings ...................................................................................... 90
G.2.20. dhcps: DHCP server settings ........................................................................... 90
G.2.21. dhcp-attr-hex: DHCP server attributes (hex) ....................................................... 91
G.2.22. dhcp-attr-string: DHCP server attributes (string) ................................................. 91
G.2.23. dhcp-attr-number: DHCP server attributes (numeric) ........................................... 92
G.2.24. dhcp-attr-ip: DHCP server attributes (IP) ........................................................... 92
G.2.25. route: Static routes ........................................................................................ 92
G.2.26. blackhole: Dead end networks ......................................................................... 93
G.2.27. loopback: Locally originated networks .............................................................. 93
G.2.28. cqm: Constant Quality Monitoring settings ........................................................ 93
G.2.29. ip-group: IP Group ........................................................................................ 95
G.3. Data types ............................................................................................................... 96
G.3.1. autoloadtype: Type of s/w auto load .................................................................. 96
G.3.2. config-access: Type of access user has to config .................................................. 96
G.3.3. user-level: User login level ............................................................................... 96
G.3.4. syslog-severity: Syslog severity ......................................................................... 96
G.3.5. syslog-facility: Syslog facility ........................................................................... 97
G.3.6. month: Month name (3 letter) ........................................................................... 97
G.3.7. day: Day name (3 letter) .................................................................................. 98
G.3.8. port: Physical port .......................................................................................... 98
G.3.9. Crossover: Crossover configuration .................................................................... 98
G.3.10. LinkSpeed: Physical port speed ....................................................................... 99
G.3.11. LinkDuplex: Physical port duplex setting .......................................................... 99
G.3.12. LinkFlow: Physical port flow control setting ...................................................... 99
FireBrick NULL User Manual
ix
G.3.13. LinkClock: Physical port Gigabit clock master/slave setting .................................. 99
G.3.14. LinkLED: LED settings ................................................................................. 99
G.3.15. LinkPower: PHY power saving options ........................................................... 100
G.3.16. LinkFault: Link fault type to send .................................................................. 100
G.3.17. ramode: IPv6 route announce level ................................................................. 101
G.3.18. dhcpv6control: Control for RA and DHCPv6 bits .............................................. 101
G.3.19. sfoption: Source filter option ......................................................................... 101
G.4. Basic types ............................................................................................................. 101
Index .................................................................................................................................... 104
x
List of Figures
2.1. Initial web page in factory reset state ...................................................................................... 7
2.2. Initial "Users" page .............................................................................................................. 7
2.3. Setting up a new user .......................................................................................................... 8
2.4. Configuration being stored .................................................................................................... 8
3.1. Main menu ....................................................................................................................... 11
3.2. Icons for layout controls ..................................................................................................... 12
3.3. Icons for configuration categories ......................................................................................... 12
3.4. The "Setup" category .......................................................................................................... 13
3.5. Editing an "Interface" object ................................................................................................ 14
3.6. Show hidden attributes ....................................................................................................... 14
3.7. Attribute definitions ........................................................................................................... 14
3.8. Navigation controls ............................................................................................................ 15
4.1. Setting up a new user ......................................................................................................... 20
4.2. Software upgrade available notification ................................................................................. 25
4.3. Manual Software upload ..................................................................................................... 26
C.1. Product label showing MAC address range ............................................................................ 66
xi
List of Tables
2.1. IP addresses for computer ..................................................................................................... 6
2.2. IP addresses to access the FireBrick ....................................................................................... 6
2.3. IP addresses to access the FireBrick ....................................................................................... 6
3.1. Special character sequences ................................................................................................. 17
4.1. User login levels ............................................................................................................... 21
4.2. Configuration access levels .................................................................................................. 21
4.3. General administrative details attributes ................................................................................. 22
4.4. Attributes controlling auto-upgrades ...................................................................................... 25
4.5. Power LED status indications .............................................................................................. 26
5.1. Logging attributes .............................................................................................................. 29
5.2. System-Event Logging attributes .......................................................................................... 32
6.1. Port LED functions ............................................................................................................ 38
6.2. Example modified Port LED functions .................................................................................. 39
7.1. Example route targets ......................................................................................................... 41
10.1. List of system services ...................................................................................................... 50
10.2. List of system services ...................................................................................................... 50
11.1. Packet dump parameters .................................................................................................... 55
11.2. Packet types that can be captured ........................................................................................ 56
C.1. DHCP client names used .................................................................................................... 67
F.1. File types ......................................................................................................................... 75
F.2. Colours ............................................................................................................................ 76
F.3. Text ................................................................................................................................ 76
F.4. Text ................................................................................................................................ 77
F.5. URL formats ..................................................................................................................... 78
G.1. config: Attributes .............................................................................................................. 80
G.2. config: Elements ............................................................................................................... 80
G.3. system: Attributes ............................................................................................................. 80
G.4. system: Elements .............................................................................................................. 81
G.5. link: Attributes ................................................................................................................. 81
G.6. user: Attributes ................................................................................................................. 81
G.7. log: Attributes .................................................................................................................. 82
G.8. log: Elements ................................................................................................................... 82
G.9. log-syslog: Attributes ......................................................................................................... 82
G.10. log-email: Attributes ........................................................................................................ 83
G.11. services: Elements ........................................................................................................... 83
G.12. snmp-service: Attributes ................................................................................................... 84
G.13. ntp-service: Attributes ...................................................................................................... 84
G.14. telnet-service: Attributes ................................................................................................... 85
G.15. http-service: Attributes ..................................................................................................... 85
G.16. dns-service: Attributes ...................................................................................................... 86
G.17. dns-service: Elements ....................................................................................................... 86
G.18. dns-host: Attributes .......................................................................................................... 87
G.19. dns-block: Attributes ........................................................................................................ 87
G.20. ethernet: Attributes .......................................................................................................... 87
G.21. portdef: Attributes ........................................................................................................... 88
G.22. interface: Attributes ......................................................................................................... 88
G.23. interface: Elements .......................................................................................................... 89
G.24. subnet: Attributes ............................................................................................................ 89
G.25. vrrp: Attributes ............................................................................................................... 90
G.26. dhcps: Attributes ............................................................................................................. 90
G.27. dhcps: Elements .............................................................................................................. 91
G.28. dhcp-attr-hex: Attributes ................................................................................................... 91
G.29. dhcp-attr-string: Attributes ................................................................................................ 91
G.30. dhcp-attr-number: Attributes .............................................................................................. 92
FireBrick NULL User Manual
xii
G.31. dhcp-attr-ip: Attributes ..................................................................................................... 92
G.32. route: Attributes .............................................................................................................. 92
G.33. blackhole: Attributes ........................................................................................................ 93
G.34. loopback: Attributes ......................................................................................................... 93
G.35. cqm: Attributes ............................................................................................................... 94
G.36. ip-group: Attributes ......................................................................................................... 95
G.37. autoloadtype: Type of s/w auto load ................................................................................... 96
G.38. config-access: Type of access user has to config ................................................................... 96
G.39. user-level: User login level ............................................................................................... 96
G.40. syslog-severity: Syslog severity ......................................................................................... 96
G.41. syslog-facility: Syslog facility ............................................................................................ 97
G.42. month: Month name (3 letter) ............................................................................................ 97
G.43. day: Day name (3 letter) ................................................................................................... 98
G.44. port: Physical port ........................................................................................................... 98
G.45. Crossover: Crossover configuration .................................................................................... 98
G.46. LinkSpeed: Physical port speed ......................................................................................... 99
G.47. LinkDuplex: Physical port duplex setting ............................................................................. 99
G.48. LinkFlow: Physical port flow control setting ........................................................................ 99
G.49. LinkClock: Physical port Gigabit clock master/slave setting .................................................... 99
G.50. LinkLED: LED settings .................................................................................................... 99
G.51. LinkPower: PHY power saving options ............................................................................. 100
G.52. LinkFault: Link fault type to send .................................................................................... 100
G.53. ramode: IPv6 route announce level ................................................................................... 101
G.54. dhcpv6control: Control for RA and DHCPv6 bits ................................................................ 101
G.55. sfoption: Source filter option ........................................................................................... 101
G.56. Basic data types ............................................................................................................ 101
xiii
Preface
The FB2700 device is the result of several years of intensive effort to create products based on state of the
art processing platforms, featuring an entirely new operating system and IPv6-capable networking software,
written from scratch in-house by the FireBrick team. Custom designed hardware, manufactured in the UK, hosts
the new software, and ensures FireBrick are able to maximise performance from the hardware, and maintain
exceptional levels of quality and reliability.
The result is a product that has the feature set and performance to handle the tasks encountered in today's office
networking environments, where new access technologies such as Fibre To The Cabinet (FTTC) deliver faster
connections than ever before.
The new software is closely related to that which runs on FireBrick's 'big-box' product, the FB6000, a carrier-
grade product that has been proven in the field for a number of years, effortlessly handling huge volumes of
traffic, and thousands of customer connections.
The software is constantly being improved and new features added, so please check that you are reading the
manual appropriate to the version of software you are using. This manual is for version V1.28.000.
1
Chapter 1. Introduction
1.1. The FB2700
1.1.1. Where do I start?
The FB2700 is shipped in a factory reset state. This means it has a default configuration that allows the unit
to be attached directly to a computer, or into an existing network, and is accessible via a web browser on a
known IP address for further configuration.
Besides allowing initial web access to the unit, the factory reset configuration provides a starting point for you
to develop a bespoke configuration that meets your requirements.
A printed copy of the QuickStart Guide is included with your FB2700 and covers the basic set up required to
gain access to the web based user interface. If you have already followed the steps in the QuickStart guide, and
are able to access the FB2700 via a web browser, you can begin to work with the factory reset configuration
by referring to Chapter 3.
Initial set up is also covered in this manual, so if you have not already followed the QuickStart Guide, please
start at Chapter 2.
Tip
The FB2700's configuration can be restored to the state it was in when shipped from the factory. The
procedure requires physical access to the FB2700, and can be applied if you have made configuration
changes that have resulted in loss of access to the web user interface, or any other situation where
it is appropriate to start from scratch - for example, commissioning an existing unit for a different
role, or where you've forgotten an administrative user password. It is also possible to temporarily reset
the FB2700 to allow you to recover and edit a broken configuration (though you still need to know
the password you had). You can also go back one step in the config. For details on the factory reset
procedure please refer to Appendix A, or consult the QuickStart Guide.
The remainder of this chapter provides an overview of the FB2700's capabilities, and covers your product
support options.
Tip
The latest version of the QuickStart guide for the FB2700 can be obtained from the FireBrick website
at : http://www.firebrick.co.uk/pdfs/quickstart-2700.pdf
1.1.2. What can it do?
The FB2700 is an extremely versatile network appliance which you can think of as something akin to a Swiss
army knife for networking.
It can :
• act as a firewall, to protect your network from direct attack over the Internet.
• allocate network addresses to machines on your network (e.g. DHCP)
• manage multiple networks at once
• modify traffic passing though to do address and protocol-port mapping
Introduction
2
• control the speed of different types of traffic (traffic shaping)
• handle IPv6 - ready for the day that all five regional Internet registries (RIRs) exhaust their allocations!
• provide 3G dongle support for mobile internet or DSL backup
and much more...
1.1.3. Ethernet port capabilities
The FB2700 has four Ethernet network ports that can operate at 10Mb/s, 100Mb/s, or 1Gb/s. The ports
implement auto-negotiation by default, but operation can be fine-tuned to suit specific circumstances. The
function of these ports is very flexible, and defined by the device's configuration. The ports implement one or
more interfaces, and each interface can span either a single port or a user-defined group of ports.
When a port group is defined, the ports in the group work as a conventional Layer 2 network switch, directly
transferring traffic at wire-speed that is destined for a Layer 2 address that is present on one of the other ports
in the group.
Conversely, multiple interfaces can be implemented on a single physical port via support for IEEE 802.1Q
VLANs, ideal for using the FB2700 with VLAN-capable network switches. In this case, a single physical
connection can be made between a VLAN-capable switch and the FB2700, and with the switch configured
appropriately, this physical connection will carry traffic to/from multiple VLANs, and the FB2700 can do Layer
3 processing (routing/firewalling etc.) between nodes on two or more VLANs.
1.1.4. Differences between the devices in the FB2x00
series
The main difference between the two devices in the series is that the FB2500 can route traffic at up to only
100Mb/s, whilst the FB2700 is faster - typically up to 350Mb/s.
The other advantage the FB2700 offers is that you can directly attach an ordinary 3G dongle via the USB port
on the front, and use a mobile data connection - this is typically used as a back up for a DSL line.
1.1.5. Software features
The FB2700 has a simple two level software-feature-set. Devices are graded as "base" models or "fully-loaded"
models. The base model lacks a few of the features such as BGP, L2TP and various bonding and tunnelling
features.
You can use the base model for routing packets, filtering (firewalling) or arranging a 3G fallback for your
DSL line.
The "fully-loaded" model is useful for bonding multiple lines, tunnelling and more obscure features such as
announcing addresses to an upstream provider by BGP.
It is possible to upgrade from "base" to "fully-loaded" at a later date if you wish. Contact your dealer for details.
1.1.6. Migration from previous FireBrick models
Many FB2700 users may well be migrating from earlier FireBrick products, such as the FireBrick 105, to take
advantage of the significantly higher performance of the FB2700, and perhaps to use features that simply didn't
exist on the FB105. As you will see from reading Chapter 3, the new range of FireBrick products introduce
a modern, well structured configuration based on an underlying XML file. The User Interface is intentionally
closely coupled with the XML structures, and this will likely be the most apparent visual difference for users
experienced with the FB105.
Introduction
3
To aid the transition, a translator is provided which will generate an FB2700 XML configuration file from an
FB105 configuration file, mapping features and functionality across as closely as is possible ; the converted
configuration should be treated as a starting point for using your FB2700 in place of your FB105, as the result
from the converter may be incomplete, or there may be aspects that cannot be carried over. The translator can
be accessed at : http://www.firebrick.co.uk/fb105-2700.php
If you have one or more FB105 devices in your network, you'll be pleased to know that the fully-loaded FB2700
supports the FB105 tunnel protocol, and will interwork seemlessly, allowing you to upgrade devices as time
and budgets allow.
Your dealer can also give you advice on converting configurations from older FB105 based networks.
1.2. About this Manual
1.2.1. Version
Every major FB2700 software release is accompanied by a release-specific version of this manual. This manual
documents software version V1.28.000 - please refer to Section 4.3 to find out more about software releases,
and to see how to identify which software version your FB2700 is currently running.
If your FB2700 is running a different version of system software, then please consult the version of this manual
that documents that specific version, as there may be significant differences between the software versions.
Also bear in mind that if you are not reading the latest version of the manual (and using the latest software
release), references in this manual to external resources, such as the FireBrick website, may be out of date.
You can find the latest revision of a manual for a specific software version on the FB2700 software downloads
website [http://www.firebrick.co.uk/software.php?PRODUCT=2700]. This includes the revision history for all
software releases.
1.2.2. Intended audience
This manual is intended to guide FB2700 owners in configuring their units for their specific applications. We
try to make no significant assumption about the reader's knowledge of FireBrick products, but as might be
expected given the target market for the products, it is assumed the reader has a reasonable working knowledge
of common IP and Ethernet networking concepts. So, whether you've used FireBrick products for years, or
have purchased one for the very first time, and whether you're a novice or a network guru, this Manual sets out
to be an easy to read, definitive guide to FireBrick product configuration for all FireBrick customers.
1.2.3. Technical details
There are a number of useful technical details included in the apendices. These are intended to be a reference
guild for key features.
1.2.4. Document style
At FireBrick, we appreciate that different people learn in different ways - some like to dive in, hands-on,
working with examples and tweaking them until they work the way they want, referring to documentation
as required. Other people prefer to build their knowledge up from first principles, and gain a thorough
understandingofwhatthey'reworkingwith.Mostpeoplewesuspectfallsomewherebetweenthesetwolearning
styles.
This Manual aims to be highly usable regardless of your learning style - material is presented in an order that
startswith fundamental concepts, andbuilds to more complexoperation of your FireBrick.At all stages wehope
to provide a well-written description of how to configure each aspect of the FireBrick, and - where necessary
- provide enough insight into the FireBrick's internal operation that you understand why the configuration
achieves what it does.
Introduction
4
1.2.5. Document conventions
Various typefaces and presentation styles are used in this document as follows :-
• Text that would be typed as-is, for example a command, or an XML attribute name is shown in
monospaced_font
• Program (including XML) listings, or fragments of listings are shown thus :-
/* this is an example program listing*/
printf("Hello World!\n");
• Text as it would appear on-screen is shown thus :-
This is an example of some text that would
appear on screen.
Note that for documentation purposes additional
line-breaks may be present that would not be in the on-screen text
• Notes of varying levels of significance are represented thus (colour schemes may differ depending on
signficance) :-
Note
This is an example note.
The significance is identified by the heading text and can be one of : Tip - general hints and tips, for example
to point out a useful feature related to the current discussion ; Note - a specific, but not critical, point relating
to the surrounding text ; Caution - a potentially critical point that you should pay attention to, failure to do
so may result in loss of data, security issues, loss of network connectivity etc.
1.2.6. Comments and feedback
If you'd like to make any comments on this Manual, point out errors, make suggestions for improvement or
1.3. Additional Resources
1.3.1. Technical Support
Technical support is available, in the first instance, via the reseller from which you purchased your FireBrick.
FireBrick provide extensive training and support to resellers and you will find them experts in FireBrick
products.
However, before contacting them, please ensure you have :-
• upgraded your FB2700 to the latest version of software (see Section 4.3) and
• are using the latest revision of the manual applicable to that software version and
• have attempted to answer your query using the material in this manual
Introduction
5
Many FireBrick resellers also offer general IT support, including installation, configuration, maintenance, and
training. You may be able to get your reseller to develop FB2700 configurations for you - although this will
typically be chargeable, you may well find this cost-effective, especially if you are new to FireBrick products.
If you are not satisfied with the support you are getting from your reseller, please contact us [http://
www.firebrick.co.uk/contact.php].
1.3.2. IRC Channel
A public IRC channel is available for FireBrick discussion - the IRC server is irc.z.je, and the channel
is #firebrick.
1.3.3. Application Notes
FireBrick are building a library of Application Note documents that you can refer to - each Application Note
describes how to use and configure a FireBrick in specific scenarios, such as using the device in a multi-tenant
Serviced Office environment, or using the FireBrick to bond multiple WAN connections together.
1.3.4. White Papers
FireBrick White Papers cover topics that deserve specific discussion - they are not related to specific
Applications, rather they aim to educate interested readers regarding networking protocols, common/best
practice, and real-world issues encountered.
1.3.5. Training Courses
FireBrick provide training courses for the FB2x00 series products, and also training course on general IP
networking that are useful if you are new to networking with IP.
To obtain information about upcoming courses, please contact us via e-mail at :
6
Chapter 2. Getting Started
2.1. IP addressing
You can configure your FireBrick using a web browser - to do this, you need IP connectivity between your
computer and the FireBrick. For a new FB2700 or one that has been factory reset, there are three methods
to set this up, as described below - select the method that you prefer, or that best suits your current network
architecture.
•Method 1 - use the FireBrick's DHCP server to configure a computer.
If your computer is already configured (as many are) to get an IP address automatically, you can connect
your computer to port 1 on the FireBrick, and the FireBrick's inbuilt DHCP server should give it an IPv4
and IPv6 address.
•Method 2 - configure a computer with a fixed IP address.
Alternatively, you can connect a computer to port 1 on the FireBrick, and manually configure your computer
to have the fixed IP address(es) shown below :-
Table 2.1. IP addresses for computer
IPv6 IPv4
2001:DB8::2/64 10.0.0.2 ; subnet mask : 255.255.255.0
•Method 3 - use an existing DHCP server to configure the FireBrick.
If your LAN already has a DHCP server, you can connect port 4 of your FireBrick to your LAN, and it
will get an address. Port 4 is configured, by default, not to give out any addresses and as such it should not
interfere with your existing network. You would need to check your DHCP server to find what address has
been assigend to the FB2700.
2.2. Accessing the web-based user interface
If you used Method 1, you should browse to the FireBrick's web interface as follows, or you can use the IP
addresses detailed:-
Table 2.2. IP addresses to access the FireBrick
URL
http://my.firebrick.co.uk/
If you used Method 2, you should browse to the FireBrick's IP address as listed below:-
Table 2.3. IP addresses to access the FireBrick
IPv6 IPv4
http://[2001:DB8::1] http://10.0.0.1
If you used Method 3, you will need to be able to access a list of allocations made by the DHCP server in
order to identify which IP address has been allocated to the FB2700, and then browse this address from your
computer. If your DHCP server shows the client name that was supplied in the DHCP request, then you will
see FB2700 in the client name field (assuming a factory reset configuration) - if you only have one FB2700 in
factory reset state on your network, then it will be immediately obvious via this client name. Otherwise, you
will need to locate the allocation by cross-referring with the MAC address range used by the FB2700 you are
Getting Started
7
interested in - if necessary, refer to Appendix C to see how to determine which MAC address you are looking
for in the list of allocations.
Once you are connected to the FB2700, you should see a page with "Configuration needed" prominently
displayed, as shown below :-
Figure 2.1. Initial web page in factory reset state
Click on the "edit the configuration" link (red text), which will take you to the main user interface page for
managing the configuration.
2.2.1. Add a new user
You now need to add a new user with a password in order to gain full access to the FireBrick's user interface.
Click on the "Users" icon, then click on the "Add" link to add a user. The "Users" page is shown below, with
the "Add" link highlighted:-
Figure 2.2. Initial "Users" page
Entera suitable username inthe "Name" box, andenter a password (passwordsare mandatory), as shownbelow.
Leave all other checkboxes un-ticked, but see the Tip below regarding the timeout setting.
Note
Take care to enter the password carefully, as the FB2700 does not prompt you for confirmation of
the password.
Other manuals for FB2700
3
Table of contents
Other FireBrick Network Hardware manuals
Popular Network Hardware manuals by other brands
EnGenius
EnGenius ECB9300 user manual
evertz
evertz X-9504 instruction manual
Bosch
Bosch VIDEOJET X40 Installation & operating manual
Bosch
Bosch VIP X1600 Module Installation and operating manual
EdgeWave
EdgeWave iPrism Web Security Administration guide
JDS Uniphase
JDS Uniphase IP Video Test Option HST-3000 Specifications