Appendix K. Configuration Objects

Appendix K. Configuration Objects

Table of Contents

K.1. Top level

K.1.1. config: Top level config

K.2. Objects

K.2.1. system: System settings
K.2.2. link: Web links
K.2.3. user: Admin users
K.2.4. eap: User access controlled by EAP
K.2.5. log: Log target controls
K.2.6. log-syslog: Syslog logger settings
K.2.7. log-email: Email logger settings
K.2.8. services: System services
K.2.9. snmp-service: SNMP service settings
K.2.10. ntp-service: NTP service settings
K.2.11. telnet-service: Telnet service settings
K.2.12. http-service: HTTP service settings
K.2.13. dns-service: DNS service settings
K.2.14. dns-host: Fixed local DNS host settings
K.2.15. dns-block: Fixed local DNS blocks
K.2.16. radius-service: RADIUS service definition
K.2.17. radius-service-match: Matching rules for RADIUS service
K.2.18. radius-server: RADIUS server settings
K.2.19. ethernet: Physical port controls
K.2.20. portdef: Port grouping and naming
K.2.21. interface: Port-group/VLAN interface settings
K.2.22. subnet: Subnet settings
K.2.23. vrrp: VRRP settings
K.2.24. dhcps: DHCP server settings
K.2.25. dhcp-attr-hex: DHCP server attributes (hex)
K.2.26. dhcp-attr-string: DHCP server attributes (string)
K.2.27. dhcp-attr-number: DHCP server attributes (numeric)
K.2.28. dhcp-attr-ip: DHCP server attributes (IP)
K.2.29. pppoe: PPPoE settings
K.2.30. ppp-route: PPP routes
K.2.31. route: Static routes
K.2.32. network: Locally originated networks
K.2.33. blackhole: Dead end networks
K.2.34. loopback: Locally originated networks
K.2.35. ospf: Overall OSPF settings
K.2.36. namedbgpmap: Mapping and filtering rules of BGP prefixes
K.2.37. bgprule: Individual mapping/filtering rule
K.2.38. bgp: Overall BGP settings
K.2.39. bgppeer: BGP peer definitions
K.2.40. bgpmap: Mapping and filtering rules of BGP prefixes
K.2.41. cqm: Constant Quality Monitoring settings
K.2.42. l2tp: L2TP settings
K.2.43. l2tp-outgoing: L2TP settings for outgoing L2TP connections
K.2.44. l2tp-incoming: L2TP settings for incoming L2TP connections
K.2.45. l2tp-relay: Relay and local authentication rules for L2TP
K.2.46. fb105: FB105 tunnel definition
K.2.47. fb105-route: FB105 routes
K.2.48. ipsec-ike: IPsec configuration (IKEv2)
K.2.49. ike-connection: connection configuration
K.2.50. ipsec-route: IPsec tunnel routes
K.2.51. ike-roaming: IKE roaming IP pools
K.2.52. ike-proposal: IKE security proposal
K.2.53. ipsec-proposal: IPsec AH/ESP proposal
K.2.54. ipsec-manual: peer configuration
K.2.55. ping: Ping/graph definition
K.2.56. profile: Control profile
K.2.57. profile-date: Test passes if within any of the time ranges specified
K.2.58. profile-time: Test passes if within any of the date/time ranges specified
K.2.59. profile-ping: Test passes if any addresses are pingable
K.2.60. shaper: Traffic shaper
K.2.61. shaper-override: Traffic shaper override based on profile
K.2.62. ip-group: IP Group
K.2.63. route-override: Routing override rules
K.2.64. session-route-rule: Routing override rule
K.2.65. session-route-share: Route override load sharing
K.2.66. rule-set: Firewall/mapping rule set
K.2.67. session-rule: Firewall rules
K.2.68. session-share: Firewall load sharing
K.2.69. voip: Voice over IP config
K.2.70. carrier: VoIP carrier details
K.2.71. telephone: VoIP telephone authentication user details
K.2.72. tone: Tone definitions
K.2.73. ringgroup: Ring groups
K.2.74. etun: Ether tunnel

K.3. Data types

K.3.1. autoloadtype: Type of s/w auto load
K.3.2. config-access: Type of access user has to config
K.3.3. user-level: User login level
K.3.4. eap-subsystem: Subsystem with EAP access control
K.3.5. eap-method: EAP access method
K.3.6. syslog-severity: Syslog severity
K.3.7. syslog-facility: Syslog facility
K.3.8. month: Month name (3 letter)
K.3.9. day: Day name (3 letter)
K.3.10. radiuspriority: Options for controlling platform RADIUS response priority tagging
K.3.11. radiustype: Type of RADIUS server
K.3.12. port: Physical port
K.3.13. Crossover: Crossover configuration
K.3.14. LinkSpeed: Physical port speed
K.3.15. LinkDuplex: Physical port duplex setting
K.3.16. LinkFlow: Physical port flow control setting
K.3.17. LinkClock: Physical port Gigabit clock master/slave setting
K.3.18. LinkLED: LED settings
K.3.19. LinkPower: PHY power saving options
K.3.20. LinkFault: Link fault type to send
K.3.21. ramode: IPv6 route announce level
K.3.22. dhcpv6control: Control for RA and DHCPv6 bits
K.3.23. bgpmode: BGP announcement mode
K.3.24. sfoption: Source filter option
K.3.25. pppoe-mode: Type of PPPoE connection
K.3.26. peertype: BGP peer type
K.3.27. ipsec-type: IPsec encapsulation type
K.3.28. ike-authmethod: authentication method
K.3.29. ike-mode: connection setup mode
K.3.30. ipsec-auth-algorithm: IPsec authentication algorithm
K.3.31. ipsec-crypt-algorithm: IPsec encryption algorithm
K.3.32. ike-PRF: IKE Pseudo-Random Function
K.3.33. ike-DH: IKE Diffie-Hellman group
K.3.34. ike-ESN: IKE Sequence Number support
K.3.35. ipsec-encapsulation: Manually keyed IPsec encapsulation mode
K.3.36. switch: Profile manual setting
K.3.37. dynamic-graph: Type of dynamic graph
K.3.38. firewall-action: Firewall action
K.3.39. voip-format: Number presentation format
K.3.40. uknumberformat: Number formatting option
K.3.41. recordoption: Recording option
K.3.42. ring-group-order: Order of ring
K.3.43. ring-group-type: Type of ring when one call in queue
K.3.44. record-beep-option: Record beep option

K.4. Basic types

This appendix defines the object definitions used in the FireBrick FB2500 configuration. Copyright © 2008-13 FireBrick Ltd.

K.1. Top level

K.1.1. config: Top level config

The top level config element contains all of the FireBrick configuration data.

Table K.1. config: Attributes

Attribute	Type	Default	Description
patch	integer	-	Internal use, for s/w updates that change config syntax
timestamp	dateTime	-	Config store time, set automatically when config is saved

Table K.2. config: Elements

Element	Type	Instances	Description
bgp	bgp	Optional, up to 100	BGP config
bgp-filter	namedbgpmap	Optional, unlimited	Mapping and filtering rules for use with BGP peers
blackhole	blackhole	Optional, unlimited	Black hole (dropped packets) networks
cqm	cqm	Optional	Constant Quality Monitoring config
eap	eap	Optional, unlimited	User access control via EAP
ethernet	ethernet	Optional, unlimited	Ethernet port settings
etun	etun	Optional, unlimited	Ether tunnel (RFC3378)
fb105	fb105	Optional, up to 255	FB105 tunnel settings
interface	interface	Optional, up to 8192	Ethernet interface (port-group/vlan) and subnets
ip-group	ip-group	Optional, unlimited	Named IP groups
ipsec-ike	ipsec-ike	Optional	IPsec connection settings
l2tp	l2tp	Optional	L2TP settings
log	log	Optional, up to 50	Log target controls
loopback	loopback	Optional, unlimited	Extra local addresses
network	network	Optional, unlimited	Locally originated networks
nowhere	blackhole	Optional, unlimited	Dead end (icmp error) networks
ospf	ospf	Optional, unlimited	OSPF config
ping	ping	Optional, up to 100	Base ping graph settings
port	portdef	Optional, up to 4	Port grouping and naming
ppp	pppoe	Optional, up to 10	PPPoE settings
profile	profile	Optional, unlimited	Control profiles
route	route	Optional, unlimited	Static routes
route-override	route-override	Optional, unlimited	Routing override rules
rule-set	rule-set	Optional, unlimited	Firewall/mapping rules
services	services	Optional	General system services
shaper	shaper	Optional, unlimited	Named traffic shapers
system	system	Optional	System settings
user	user	Optional, unlimited	Admin users
voip	voip	Optional	VoIP config


J.6. Creating graphs, and graph names		K.2. Objects