Appendix K. Configuration Objects

Table of Contents

K.1. Top level
K.1.1. config: Top level config
K.2. Objects
K.2.1. system: System settings
K.2.2. link: Web links
K.2.3. user: Admin users
K.2.4. eap: User access controlled by EAP
K.2.5. log: Log target controls
K.2.6. log-syslog: Syslog logger settings
K.2.7. log-email: Email logger settings
K.2.8. services: System services
K.2.9. snmp-service: SNMP service settings
K.2.10. ntp-service: NTP service settings
K.2.11. telnet-service: Telnet service settings
K.2.12. http-service: HTTP service settings
K.2.13. dns-service: DNS service settings
K.2.14. dns-host: Fixed local DNS host settings
K.2.15. dns-block: Fixed local DNS blocks
K.2.16. radius-service: RADIUS service definition
K.2.17. radius-service-match: Matching rules for RADIUS service
K.2.18. radius-server: RADIUS server settings
K.2.19. ethernet: Physical port controls
K.2.20. portdef: Port grouping and naming
K.2.21. interface: Port-group/VLAN interface settings
K.2.22. subnet: Subnet settings
K.2.23. vrrp: VRRP settings
K.2.24. dhcps: DHCP server settings
K.2.25. dhcp-attr-hex: DHCP server attributes (hex)
K.2.26. dhcp-attr-string: DHCP server attributes (string)
K.2.27. dhcp-attr-number: DHCP server attributes (numeric)
K.2.28. dhcp-attr-ip: DHCP server attributes (IP)
K.2.29. pppoe: PPPoE settings
K.2.30. ppp-route: PPP routes
K.2.31. route: Static routes
K.2.32. network: Locally originated networks
K.2.33. blackhole: Dead end networks
K.2.34. loopback: Locally originated networks
K.2.35. ospf: Overall OSPF settings
K.2.36. namedbgpmap: Mapping and filtering rules of BGP prefixes
K.2.37. bgprule: Individual mapping/filtering rule
K.2.38. bgp: Overall BGP settings
K.2.39. bgppeer: BGP peer definitions
K.2.40. bgpmap: Mapping and filtering rules of BGP prefixes
K.2.41. cqm: Constant Quality Monitoring settings
K.2.42. l2tp: L2TP settings
K.2.43. l2tp-outgoing: L2TP settings for outgoing L2TP connections
K.2.44. l2tp-incoming: L2TP settings for incoming L2TP connections
K.2.45. l2tp-relay: Relay and local authentication rules for L2TP
K.2.46. fb105: FB105 tunnel definition
K.2.47. fb105-route: FB105 routes
K.2.48. ipsec-ike: IPsec configuration (IKEv2)
K.2.49. ike-connection: connection configuration
K.2.50. ipsec-route: IPsec tunnel routes
K.2.51. ike-roaming: IKE roaming IP pools
K.2.52. ike-proposal: IKE security proposal
K.2.53. ipsec-proposal: IPsec AH/ESP proposal
K.2.54. ipsec-manual: peer configuration
K.2.55. ping: Ping/graph definition
K.2.56. profile: Control profile
K.2.57. profile-date: Test passes if within any of the time ranges specified
K.2.58. profile-time: Test passes if within any of the date/time ranges specified
K.2.59. profile-ping: Test passes if any addresses are pingable
K.2.60. shaper: Traffic shaper
K.2.61. shaper-override: Traffic shaper override based on profile
K.2.62. ip-group: IP Group
K.2.63. route-override: Routing override rules
K.2.64. session-route-rule: Routing override rule
K.2.65. session-route-share: Route override load sharing
K.2.66. rule-set: Firewall/mapping rule set
K.2.67. session-rule: Firewall rules
K.2.68. session-share: Firewall load sharing
K.2.69. voip: Voice over IP config
K.2.70. carrier: VoIP carrier details
K.2.71. telephone: VoIP telephone authentication user details
K.2.72. tone: Tone definitions
K.2.73. ringgroup: Ring groups
K.2.74. etun: Ether tunnel
K.3. Data types
K.3.1. autoloadtype: Type of s/w auto load
K.3.2. config-access: Type of access user has to config
K.3.3. user-level: User login level
K.3.4. eap-subsystem: Subsystem with EAP access control
K.3.5. eap-method: EAP access method
K.3.6. syslog-severity: Syslog severity
K.3.7. syslog-facility: Syslog facility
K.3.8. month: Month name (3 letter)
K.3.9. day: Day name (3 letter)
K.3.10. radiuspriority: Options for controlling platform RADIUS response priority tagging
K.3.11. radiustype: Type of RADIUS server
K.3.12. port: Physical port
K.3.13. Crossover: Crossover configuration
K.3.14. LinkSpeed: Physical port speed
K.3.15. LinkDuplex: Physical port duplex setting
K.3.16. LinkFlow: Physical port flow control setting
K.3.17. LinkClock: Physical port Gigabit clock master/slave setting
K.3.18. LinkLED: LED settings
K.3.19. LinkPower: PHY power saving options
K.3.20. LinkFault: Link fault type to send
K.3.21. ramode: IPv6 route announce level
K.3.22. dhcpv6control: Control for RA and DHCPv6 bits
K.3.23. bgpmode: BGP announcement mode
K.3.24. sfoption: Source filter option
K.3.25. pppoe-mode: Type of PPPoE connection
K.3.26. peertype: BGP peer type
K.3.27. ipsec-type: IPsec encapsulation type
K.3.28. ike-authmethod: authentication method
K.3.29. ike-mode: connection setup mode
K.3.30. ipsec-auth-algorithm: IPsec authentication algorithm
K.3.31. ipsec-crypt-algorithm: IPsec encryption algorithm
K.3.32. ike-PRF: IKE Pseudo-Random Function
K.3.33. ike-DH: IKE Diffie-Hellman group
K.3.34. ike-ESN: IKE Sequence Number support
K.3.35. ipsec-encapsulation: Manually keyed IPsec encapsulation mode
K.3.36. switch: Profile manual setting
K.3.37. dynamic-graph: Type of dynamic graph
K.3.38. firewall-action: Firewall action
K.3.39. voip-format: Number presentation format
K.3.40. uknumberformat: Number formatting option
K.3.41. recordoption: Recording option
K.3.42. ring-group-order: Order of ring
K.3.43. ring-group-type: Type of ring when one call in queue
K.3.44. record-beep-option: Record beep option
K.4. Basic types

This appendix defines the object definitions used in the FireBrick FB2500 configuration. Copyright © 2008-13 FireBrick Ltd.

K.1. Top level

K.1.1. config: Top level config

The top level config element contains all of the FireBrick configuration data.

Table K.1. config: Attributes

AttributeTypeDefaultDescription
patch integer -Internal use, for s/w updates that change config syntax
timestamp dateTime -Config store time, set automatically when config is saved

Table K.2. config: Elements

ElementTypeInstancesDescription
bgp bgp Optional, up to 100BGP config
bgp-filter namedbgpmap Optional, unlimitedMapping and filtering rules for use with BGP peers
blackhole blackhole Optional, unlimitedBlack hole (dropped packets) networks
cqm cqm OptionalConstant Quality Monitoring config
eap eap Optional, unlimitedUser access control via EAP
ethernet ethernet Optional, unlimitedEthernet port settings
etun etun Optional, unlimitedEther tunnel (RFC3378)
fb105 fb105 Optional, up to 255FB105 tunnel settings
interface interface Optional, up to 8192Ethernet interface (port-group/vlan) and subnets
ip-group ip-group Optional, unlimitedNamed IP groups
ipsec-ike ipsec-ike OptionalIPsec connection settings
l2tp l2tp OptionalL2TP settings
log log Optional, up to 50Log target controls
loopback loopback Optional, unlimitedExtra local addresses
network network Optional, unlimitedLocally originated networks
nowhere blackhole Optional, unlimitedDead end (icmp error) networks
ospf ospf Optional, unlimitedOSPF config
ping ping Optional, up to 100Base ping graph settings
port portdef Optional, up to 4Port grouping and naming
ppp pppoe Optional, up to 10PPPoE settings
profile profile Optional, unlimitedControl profiles
route route Optional, unlimitedStatic routes
route-override route-override Optional, unlimitedRouting override rules
rule-set rule-set Optional, unlimitedFirewall/mapping rules
services services OptionalGeneral system services
shaper shaper Optional, unlimitedNamed traffic shapers
system system OptionalSystem settings
user user Optional, unlimitedAdmin users
voip voip OptionalVoIP config