Chapter 1. Introduction

Table of Contents

1.1. The FB2500
1.1.1. Where do I start?
1.1.2. What can it do?
1.1.3. Ethernet port capabilities
1.1.4. Differences between the devices in the FB2x00 series
1.1.5. Software features
1.1.6. Migration from previous FireBrick models
1.2. About this Manual
1.2.1. Version
1.2.2. Intended audience
1.2.3. Technical details
1.2.4. Document style
1.2.5. Document conventions
1.2.6. Comments and feedback
1.3. Additional Resources
1.3.1. Technical Support
1.3.2. IRC Channel
1.3.3. Application Notes
1.3.4. Training Courses

1.1. The FB2500

1.1.1. Where do I start?

The FB2500 is shipped in a factory reset state. This means it has a default configuration that allows the unit to be attached directly to a computer, or into an existing network, and is accessible via a web browser on a known IP address for further configuration.

Besides allowing initial web access to the unit, the factory reset configuration provides a starting point for you to develop a bespoke configuration that meets your requirements.

A printed copy of the QuickStart Guide is included with your FB2500 and covers the basic set up required to gain access to the web based user interface. If you have already followed the steps in the QuickStart guide, and are able to access the FB2500 via a web browser, you can begin to work with the factory reset configuration by referring to Chapter 3.

Initial set up is also covered in this manual, so if you have not already followed the QuickStart Guide, please start at Chapter 2.

Tip

The FB2500's configuration can be restored to the state it was in when shipped from the factory. The procedure requires physical access to the FB2500, and can be applied if you have made configuration changes that have resulted in loss of access to the web user interface, or any other situation where it is appropriate to start from scratch - for example, commissioning an existing unit for a different role, or where you've forgotten an administrative user password. It is also possible to temporarily reset the FB2500 to allow you to recover and edit a broken configuration (though you still need to know the password you had). You can also go back one step in the config. For details on the factory reset procedure please refer to Appendix A, or consult the QuickStart Guide.

The remainder of this chapter provides an overview of the FB2500's capabilities, and covers your product support options.

Tip

The latest version of the QuickStart guide for the FB2500 can be obtained from the FireBrick website at : http://www.firebrick.co.uk/pdfs/quickstart-2500.pdf

1.1.2. What can it do?

The FB2500 is an extremely versatile network appliance which you can think of as something akin to a Swiss army knife for networking.

It can :

  • Act as an IP level firewall, to protect your network from direct attack over the Internet.
  • Allocate network addresses to machines on your network (e.g. DHCP and SLAAC)
  • Manage multiple networks at once
  • Modify traffic passing though to do address and protocol-port mapping
  • Control the speed of different types of traffic (traffic shaping)
  • Handle the current Internet Protocol (IPv6) as well as legacy IPv4.
  • Act as an office phone system using SIP phones and carriers/services

and much more...

1.1.3. Ethernet port capabilities

The FB2500 has four Ethernet network ports that can operate at 10Mb/s, 100Mb/s, or 1Gb/s. The ports implement auto-negotiation by default, but operation can be fine-tuned to suit specific circumstances. The function of these ports is very flexible, and defined by the device's configuration. The ports implement one or more interfaces, and each interface can span either a single port or a user-defined group of ports.

When a port group is defined, the ports in the group work as a conventional Layer 2 network switch, directly transferring traffic at wire-speed that is destined for a Layer 2 address that is present on one of the other ports in the group.

Conversely, multiple interfaces can be implemented on a single physical port (or port group) via support for IEEE 802.1Q VLANs, ideal for using the FB2500 with VLAN-capable network switches. In this case, a single physical connection can be made between a VLAN-capable switch and the FB2500, and with the switch configured appropriately, this physical connection will carry traffic to/from multiple VLANs, and the FB2500 can do Layer 3 processing (routing/firewalling etc.) between nodes on two or more VLANs.

1.1.4. Differences between the devices in the FB2x00 series

  • FB2500 No USB port, 4 ethernet ports, max 100Mb/s routed traffic.
  • FB2700 USB port for dongle, 4 ethernet ports, max ~350Mb/s routed traffic.
  • FB2900 USB port for dongle, 4 ethernet ports, SFP port, max ~750Mb/s routed traffic.

Note

The FB2500 model is no longer available for new supply. The FB2900 model is replacing the FB2700.

1.1.5. Software features

The FB2500 has a simple two level software-feature-set. Devices are graded as "base" models or "fully-loaded" models. The base model lacks a few of the features such as BGP, L2TP and various bonding and tunnelling features.

You can use the base model for routing packets and filtering (firewalling).

The "fully-loaded" model is useful for bonding multiple lines, tunnelling and more obscure features such as announcing addresses to an upstream provider by BGP.

It is possible to upgrade from "base" to "fully-loaded" at a later date if you wish. Contact your dealer for details. The cost is usually just the difference in the price between the models.

1.1.6. Migration from previous FireBrick models

Many FB2500 users may well be migrating from earlier FireBrick products, such as the FireBrick 105, to take advantage of the significantly higher performance of the FB2500, and perhaps to use features that simply didn't exist on the FB105. As you will see from reading Chapter 3, the new range of FireBrick products introduce a modern, well structured configuration based on an underlying XML file. The User Interface is intentionally closely coupled with the XML structures, and this will likely be the most apparent visual difference for users experienced with the FB105.

To aid the transition, a translator is provided which will generate an FB2500 XML configuration file from an FB105 configuration file, mapping features and functionality across as closely as is possible; the converted configuration should be treated as a starting point for using your FB2500 in place of your FB105, as the result from the converter may be incomplete, or there may be aspects that cannot be carried over. The translator can be accessed at : http://www.firebrick.co.uk/fb105-2700.php

If you have one or more FB105 devices in your network, you'll be pleased to know that the fully-loaded FB2500 supports the FB105 tunnel protocol, and will interwork seemlessly, allowing you to upgrade devices as time and budgets allow.

Your dealer can also give you advice on converting configurations from older FB105 based networks.