This appendix defines the object definitions used in the FireBrick
FB2900 configuration.
Copyright © 2008-16 FireBrick Ltd.
The top level config element contains all of the FireBrick configuration data.
The system settings are the top level attributes of the system which apply globally.
Links to other web pages
System services are various generic services that the system provides, and allows access controls and settings for these to be specified.
The service is only active if the corresponding element is included in services, otherwise it is disabled.
User names, passwords and abilities for admin users
User login level - commands available are restricted according to assigned level.
Identities, passwords and access methods for access controlled with EAP
Telnet control interface
Web management pages
DNS forwarding resolver service
DNS forwarding resolver service
DNS forwarding resolver service
The SNMP service has general service settings and also specific attributes for SNMP such as community
The time settings define which NTP servers to synchronize the system clock from, and provide controls for daylight saving (summer time).
The defaults are those that apply to the EU
Static routes define prefixes which are permanently in the routing table, and whether these should be announced by routing protocols or not.
Network blocks that are announced but not actually added to internal routes - note that blackhole and nowhere objects can also announce but add routing.
Networks that go nowhere
Loopback addresses define local IP addresses
Port grouping and naming
The interface definition relates to a specific physical port group and VLAN. It includes subnets and VRRP that apply to that interface.
Subnet settings define the IP address(es) of the FireBrick, and also allow default routes to be set.
Additional DHCP server attributes (hex)
Additional DHCP server attributes (string)
Additional DHCP server attributes (numeric)
Additional DHCP server attributes (IP)
Settings for DHCP server for relayed connections
Settings for DHCP server
Constant quality monitoring (graphs and data) have a number of settings. Most of the graphing settings can be overridden when a graph is collected so these define the defaults in many cases.
Named IP group
VRRP settings provide virtual router redundancy for the FireBrick.
Profile inactive does not disable vrrp but forces vrrp low priority.
Use different VRID on different VLANs.
Named logging target
Logging to a syslog server
Logging to email
Logging by SNMP trap
Logging by SMS
Physical port attributes
LED behaviour based on link status
Physical port crossover configuration.
The OSPF element defines general OSPF settings.
Where interfaces/table specified, first matching OSPF config is applied.
Only provides OSPF internal and AS-border router functionality.
OSPF Authentication type
The BGP element defines general BGP settings and a list of peer definitions for the individual BGP peers.
The peer definition specifies the attributes of an individual peer. Multiple IP addresses can be specified, typically for IPv4 and IPv6 addresses for the same peer, but this can be used for a group of similar peers.
This defines a set of named rules for mapping and filtering of prefixes to/from a BGP peer.
This defines the rules for mapping and filtering of prefixes to/from a BGP peer.
An individual rule for BGP mapping/filtering
Base ping config - additional ping targets set via web API or other means
FB105 tunnel definition
Routes for prefixes that are sent to the FB105 tunnel when up
Routes for prefixes that are sent to the IPsec tunnel
IPsec IKE and manually-keyed connection details
Proposal for establishing the IKE security association
Pool of IP addresses and associated DNS/NBNS servers for dynamic IP allocation
Proposal for establishing the IPsec AH/ESP keying information
IPsec settings needed for IKE and manual connections
IPsec IKE connection settings
IPsec manually keyed connection settings (not recommended, use IKEv2 and secrets instead)
Rules for relaying L2TP or local authentication
L2TP settings for incoming and outgoing L2TP connections
L2TP tunnel settings for incoming L2TP connections
L2TP tunnel settings for outgoing L2TP connections
Log severity - different loggable events log at different levels.
Syslog facility, usually used to control which log file the syslog is written to.
Manual setting control for profile
IPv6 route announcement mode and level
BGP mode defines the default advertisement mode for prefixes, based on well-known community tags
Peer type controls many of the defaults for a peer setting. It allows typical settings to be defined with one attribute that reflects the type of peer.
PPPoE endpoint settings
Routes that apply when link is up
USB config settings including 3G data
3G/dongle config settings
General on/off control profile used in various places in the config.
Time range test in profiles
Time range test in profiles
Ping targets
Firewalling rule set with entry criteria and default actions
Firewall rule
The individual firewall rules are checked in order within the rule-set, and the first match applied. The default action for a rule is continue, so once matched the next rule-set is considered.
Firewall actions for load sharing
Routing override rules
Routing override rule
Route override setting for load sharing
Settings for a named traffic shaper
Settings for a named traffic shaper
Voice over IP config
VoIP telephone details
VoIP carrier details
Definition of tones used
Ring groups
RADIUS server and proxy definitions
Rules for matching incoming RADIUS requests
Server settings for outgoing RADIUS
Ether tunnel
Packet sampling configuration