Chapter 1. Introduction

Table of Contents

1.1. The FB2500
1.1.1. Where do I start?
1.1.2. What can it do?
1.1.3. Ethernet port capabilities
1.1.4. Differences between the devices in the FB2x00 series
1.1.5. Software features
1.1.6. Migration from previous FireBrick models
1.2. About this Manual
1.2.1. Version
1.2.2. Intended audience
1.2.3. Technical details
1.2.4. Document style
1.2.5. Document conventions
1.2.6. Comments and feedback
1.3. Additional Resources
1.3.1. Technical Support
1.3.2. IRC Channel
1.3.3. Application Notes
1.3.4. White Papers
1.3.5. Training Courses

1.1. The FB2500

1.1.1. Where do I start?

The FB2500 is shipped in a factory reset state. This means it has a default configuration that allows the unit to be attached directly to a computer, or into an existing network, and is accessible via a web browser on a known IP address for further configuration.

Besides allowing initial web access to the unit, the factory reset configuration provides a starting point for you to develop a bespoke configuration that meets your requirements.

A printed copy of the QuickStart Guide is included with your FB2500 and covers the basic set up required to gain access to the web based user interface. If you have already followed the steps in the QuickStart guide, and are able to access the FB2500 via a web browser, you can begin to work with the factory reset configuration by referring to Chapter 3.

Initial set up is also covered in this manual, so if you have not already followed the QuickStart Guide, please start at Chapter 2.

Tip

The FB2500's configuration can be restored to the state it was in when shipped from the factory. The procedure requires physical access to the FB2500, and can be applied if you have made configuration changes that have resulted in loss of access to the web user interface, or any other situation where it is appropriate to start from scratch - for example, commissioning an existing unit for a different role, or where you've forgotten an administrative user password. It is also possible to temporarily reset the FB2500 to allow you to recover and edit a broken configuration. For details on the factory reset procedure please refer to Appendix A, or consult the QuickStart Guide.

The remainder of this chapter provides an overview of the FB2500's capabilities, and covers your product support options.

Tip

The latest version of the QuickStart guide for the FB2500 can be obtained from the FireBrick website at : http://www.firebrick.co.uk/pdfs/quickstart-2500.pdf

1.1.2. What can it do?

The FB2500 is an extremely versatile network appliance which you can think of as something akin to a Swiss army knife for networking.

It can :

  • act as a firewall, to protect your network from direct attack over the Internet.
  • allocate network addresses to machines on your network (e.g. DHCP)
  • manage multiple networks at once
  • modify traffic passing though to do address and protocol-port mapping
  • control the speed of different types of traffic (traffic shaping)
  • handle IPv6 - ready for the day that all five regional Internet registries (RIRs) exhaust their allocations!

and much more...

1.1.3. Ethernet port capabilities

The FB2500 has four Ethernet network ports that can operate at 10Mb/s, 100Mb/s, or 1Gb/s. The ports implement auto-negotiation by default, but operation can be fine-tuned to suit specific circumstances. The function of these ports is very flexible, and defined by the device's configuration. The ports implement one or more interfaces, and each interface can span either a single port or a user-defined group of ports.

When a port group is defined, the ports in the group work as a conventional Layer 2 network switch, directly transferring traffic at wire-speed that is destined for a Layer 2 address that is present on one of the other ports in the group.

Conversely, multiple interfaces can be implemented on a single physical port via support for IEEE 802.1Q VLANs, ideal for using the FB2500 with VLAN-capable network switches. In this case, a single physical connection can be made between a VLAN-capable switch and the FB2500, and with the switch configured appropriately, this physical connection will carry traffic to/from multiple VLANs, and the FB2500 can do Layer 3 processing (routing/firewalling etc.) between nodes on two or more VLANs.

1.1.4. Differences between the devices in the FB2x00 series

The main difference between the two devices in the series is that the FB2500 can route traffic at up to 100Mb/s, whilst the FB2700 is faster - typically up to 350Mb/s.

The other advantage the FB2700 offers is that you can directly attach an ordinary 3G dongle via the USB port on the front, and use a mobile data connection - this is typically used as a back up for a DSL line.

1.1.5. Software features

The FB2500 has a simple two level software-feature-set. Devices are either "base" model or a "fully-loaded" model. The base model lacks a few of the features such as BGP, L2TP and various bonding features.

You can use the basic features such as routing packets and filtering (firewalling).

The "fully-loaded" model is useful for bonding multiple lines, and more obscure features such as announcing addresses to an upstream provider by BGP.

It is possible to upgrade from "base" to "fully-loaded" at a later date if you wish. Contact your delay for details.

1.1.6. Migration from previous FireBrick models

Many FB2500 users may well be migrating from earlier FireBrick products, such as the FireBrick 105, to take advantage of the significantly higher performance of the FB2500, and perhaps to use features that simply didn't exist on the FB105. As you will see from reading Chapter 3, the new range of FireBrick products introduce a modern, well structured configuration based on an underlying XML file. The User Interface is intentionally closely coupled with the XML structures, and this will likely be the most apparent visual difference for users experienced with the FB105.

To aid the transition, a translator is provided which will generate an FB2500 XML configuration file from an FB105 configuration file, mapping features and functionality across as closely as is possible ; the converted configuration should be treated as a starting point for using your FB2500 in place of your FB105, as the result from the converter may be incomplete, or there may be aspects that cannot be carried over. The translator can be accessed at : http://www.firebrick.co.uk/fb105-2700.php

If you have one or more FB105 devices in your network, you'll be pleased to know that the FB2500 supports the FB105 tunnel protocol, and will interwork seemlessly, allowing you to upgrade devices as time and budgets allow.

Your dealer can also give you advice on converting configurations from older FB105 based networks.