FireBrick FB2900 User Manual
   Next

FireBrick FB2900 User Manual

This User Manual documents Software version V2.02.007

Copyright © 2012-2025 FireBrick Ltd.

The FireBrick config editor uses the OCR-B font designed by Matthew Anderson, which is licensed under a Creative Commons 4.0 Attribution License

Table of Contents

Preface
1. Introduction
1.1. The FB2900
1.1.1. Where do I start?
1.1.2. What can it do?
1.1.3. Ethernet port capabilities
1.1.4. Differences within the FB2x00 series
1.1.5. Software features
1.2. About this Manual
1.2.1. Version
1.2.2. Intended audience
1.2.3. Technical details
1.2.4. Document style
1.2.5. Document conventions
1.2.6. Comments and feedback
1.3. Additional Resources
1.3.1. Technical Support
1.3.2. IRC Channel
1.3.3. Application Notes
1.3.4. Training Courses
2. Getting Started
2.1. IP addressing
2.2. Accessing the web-based user interface
2.2.1. Setup wizard
2.2.1.1. Login username/password
2.2.1.2. WAN/PPPoE settings
2.2.1.3. LAN settings
2.2.1.4. Initial config
3. Configuration
3.1. The Object Hierarchy
3.2. The Object Model
3.2.1. Formal definition of the object model
3.2.2. Common attributes
3.3. Configuration Methods
3.4. Configuration upgrades and versioning
3.5. Data types
3.5.1. Sending and receiving values
3.5.2. Lists of values
3.5.3. Set of possible values
3.5.4. Dates, times, and durations
3.5.5. Colours
3.5.6. Passwords and secrets
3.5.7. IP addresses
3.5.7.1. Simple IP addresses
3.5.7.2. Subnets and prefixes
3.5.7.3. Ranges
3.5.7.4. Prefix filters
3.6. Default values
3.7. Web User Interface Overview
3.7.1. User Interface layout
3.7.2. Config pages and the object hierarchy
3.7.2.1. Configuration categories
3.7.2.2. Object settings
3.7.3. Navigating around the User Interface
3.7.4. Backing up / restoring the configuration
3.7.5. Customising the layout
3.8. Configuration using XML
3.8.1. Introduction to XML
3.8.2. The root element - <config>
3.8.3. Viewing or editing XML
3.8.4. Example XML configuration
3.9. Downloading/Uploading the configuration
3.9.1. Download
3.9.2. Upload
4. System Administration
4.1. User Management
4.1.1. Login level
4.1.2. Configuration access level
4.1.3. Login idle timeout
4.1.4. Restricting user logins
4.1.4.1. Restrict by IP address
4.1.4.2. Logged in IP address
4.1.4.3. Restrict by profile
4.1.5. Password change
4.1.6. One Time Password (OTP)
4.2. General System settings
4.2.1. System name (hostname)
4.2.2. Administrative details
4.2.3. System-level event logging control
4.2.4. Home page web links
4.3. Software Upgrades
4.3.1. Software release types
4.3.1.1. Breakpoint releases
4.3.2. Identifying current software version
4.3.3. Internet-based upgrade process
4.3.3.1. Manually initiating upgrades
4.3.3.2. Controlling automatic software updates
4.3.4. Manual upgrade
4.4. Global LED control
4.5. Boot Process
4.5.1. LED indications
4.5.1.1. Status LED indications
4.5.1.2. Port LEDs
5. Event Logging
5.1. Overview
5.1.1. Log targets
5.1.1.1. Logging to Flash memory
5.1.1.2. Logging to the Console
5.2. Enabling logging
5.3. Logging to external destinations
5.3.1. Syslog
5.3.2. Email
5.3.2.1. E-mail process logging
5.4. Factory reset configuration log targets
5.5. Performance
5.6. Viewing logs
5.6.1. Viewing logs in the User Interface
5.6.2. Viewing logs in the CLI environment
5.7. System-event logging
5.8. Using Profiles
6. Automated Certificate Management Environment (ACME)
6.1. Overview
6.1.1. LetsEncrypt
6.1.2. Troubleshooting
6.1.3. More advanced usage
6.1.3.1. Using your own keys
6.1.3.2. Alternative ACME providers
6.1.3.3. Using an existing account
6.1.4. Further information about the renewal process
7. Interfaces and Subnets
7.1. Relationship between Interfaces and Physical Ports
7.1.1. Port groups
7.1.2. Interfaces
7.2. Defining port groups
7.3. Defining an interface
7.3.1. Defining subnets
7.3.1.1. Source filtering
7.3.1.2. Using DHCP to configure a subnet
7.3.1.3. Using SLAAC (IPv6 router announcements) to configure a subnet
7.3.1.4. Providing IPv6 addresses to devices on a network (IPv6 router announcements)
7.3.1.5. IPv6 prefix delegated subnets
7.3.2. Setting up DHCP server parameters
7.3.2.1. Fixed/Static DHCP allocations
7.3.2.2. Restricted allocations
7.3.2.3. Special DHCP options
7.3.2.4. Logging
7.3.3. DHCP Relay Agent
7.4. Physical port settings
7.4.1. Disabling auto-negotiation
7.4.2. Setting port speed
7.4.3. Setting duplex mode
7.4.4. Defining port LED functions
8. Session Handling
8.1. Routing vs. Firewalling
8.2. Session Tracking
8.2.1. Session termination
8.3. Session Rules
8.3.1. Overview
8.3.2. Processing flow
8.3.3. Defining Rule-Sets and Rules
8.3.3.1. Recommended method of implementing firewalling
8.3.3.2. Changes to session traffic
8.3.3.3. Obfuscation
8.3.3.4. Graphing and traffic shaping
8.3.3.5. Configuring session time-outs
8.3.3.6. Load balancing
8.3.3.7. Clashes
8.3.3.8. NAT-PMP / PCP (Port Control Protocol)
8.4. Network Address Translation
8.4.1. When to use NAT
8.4.2. NAT ALGs
8.4.3. Setting NAT in rules
8.4.4. What NAT does
8.4.5. NAT with PPPoE
8.4.6. NAT with Dongles
8.4.7. NAT with other types of external routing
8.4.8. Mixing NAT and non NAT
8.4.9. Carrier grade NAT
8.4.10. Using NAT setting on subnets
9. Routing
9.1. Routing logic
9.2. Routing targets
9.2.1. Subnet routes
9.2.2. Routing to an IP address (gateway route)
9.2.3. Special targets
9.3. Dynamic route creation / deletion
9.4. Routing tables
9.5. Bonding
9.6. Route overrides
10. Profiles
10.1. Overview
10.2. Creating/editing profiles
10.2.1. Timing control
10.2.2. Tests
10.2.2.1. General tests
10.2.2.2. Time/date tests
10.2.2.3. Ping tests
10.2.3. Inverting overall test result
10.2.4. Manual override
10.2.4.1. Control Switches
10.2.5. Scripting
10.2.6. LED
10.2.7. MQTT
11. Traffic Shaping
11.1. Graphs and Shapers
11.1.1. Graphs
11.1.2. Shapers
11.1.3. Ad hoc shapers
11.1.4. Long term shapers
11.1.5. Shared shapers
11.2. Multiple shapers
11.3. Basic principles
12. PPPoE
12.1. PPPoE client
12.2. Types of DSL line and router in the United Kingdom
12.3. Definining PPPoE client links
12.3.1. IPv6
12.3.2. Additional options
12.3.2.1. MTU and TCP fix
12.3.2.2. Service and ac-name
12.3.2.3. Logging
12.3.2.4. Speed and graphs
12.4. PPPoE BRAS
12.4.1. Additional options
13. MQTT
13.1. Limitations
13.2. Features
13.3. Integration with FireBrick operations
13.3.1. Profiles
13.3.2. VoIP
13.3.3. DHCP
13.3.4. RADIUS
14. Tunnels
14.1. IPsec (IP Security)
14.1.1. Introduction
14.1.1.1. Integrity checking
14.1.1.2. Encryption
14.1.1.3. Authentication
14.1.1.4. IKE
14.1.1.5. Manual Keying
14.1.1.6. Identities and the Authentication Mechanism
14.1.2. Setting up IPsec connections
14.1.2.1. Global IPsec parameters
14.1.2.2. IKE proposals
14.1.2.3. IKE roaming IP pools
14.1.2.4. IKE connections
14.1.2.4.1. IKE connection mode and type
14.1.2.4.2. IKE and IPsec proposal lists
14.1.2.4.3. Authentication and IKE identities
14.1.2.4.4. IP addresses
14.1.2.4.5. Road Warrior connections
14.1.2.4.6. Routing
14.1.2.4.7. Other parameters
14.1.2.5. Setting up Manual Keying
14.1.2.5.1. IP endpoints
14.1.2.5.2. Algorithms and keys
14.1.2.5.3. Routing
14.1.2.5.4. Mode
14.1.2.5.5. Other parameters
14.1.3. Using EAP with IPsec/IKE
14.1.4. Using certificates with IPsec/IKE
14.1.5. Choice of algorithms
14.1.6. NAT Traversal
14.1.7. Configuring a Road Warrior server
14.1.8. Connecting to non-FireBrick devices
14.1.8.1. Using StrongSwan on Linux
14.1.8.2. Setting up a Road Warrior VPN on an Android client
14.1.8.3. Setting up a Road Warrior VPN on an iOS (iPhone/iPad) client
14.1.8.4. Manual keying using Linux ipsec-tools
14.2. FB105 tunnels
14.2.1. Tunnel wrapper packets
14.2.2. Setting up a tunnel
14.2.3. Viewing tunnel status
14.2.4. Dynamic routes
14.2.5. Tunnel bonding
14.2.6. Tunnels and NAT
14.2.6.1. FB2900 doing NAT
14.2.6.2. Another device doing NAT
14.3. L2TP tunnelling
14.3.1. Incoming tunnel
14.3.2. Incoming session
14.3.3. Outgoing connection
14.3.4. High availability L2TP
14.3.4.1. Interpreting HA statistics
14.3.4.2. HA best practice
14.4. Ether tunnelling
15. USB Port
15.1. USB configuration
15.1.1. 3G dongle configuration
16. System Services
16.1. Protecting the FB2900
16.2. Common settings
16.3. HTTP Server configuration
16.3.1. Access control
16.3.1.1. Trusted addresses
16.3.2. HTTPS access
16.4. Telnet Server configuration
16.4.1. Access control
16.5. DNS configuration
16.5.1. Auto DHCP DNS
16.5.2. Local DNS responses
16.5.3. Blocking DNS names
16.6. NTP configuration
16.7. SNMP configuration
16.8. RADIUS configuration
16.8.1. RADIUS client
16.8.1.1. RADIUS client settings
16.8.1.2. Server blacklisting
17. Network Diagnostic Tools
17.1. Firewalling check
17.2. Access check
17.3. Packet Dumping
17.3.1. Dump parameters
17.3.2. Security settings required
17.3.3. IP address matching
17.3.4. Packet types
17.3.5. Snaplen specification
17.3.6. Using the web interface
17.3.7. Using an HTTP client
17.3.7.1. Example using curl and tcpdump
18. VRRP
18.1. Virtual Routers
18.2. Configuring VRRP
18.2.1. Advertisement Interval
18.2.2. Priority
18.3. Using a virtual router
18.4. VRRP versions
18.4.1. VRRP version 2
18.4.2. VRRP version 3
18.5. Compatibility
19. VoIP
19.1. What is VoIP?
19.2. Registration and Proxies
19.2.1. Registrar
19.2.2. Proxy
19.3. Home/office phone system
19.4. Network Address Translation
19.5. Number plan
19.6. Telephone handsets
19.7. VoIP call carriers
19.8. Hunt groups
19.8.1. Ring Type
19.8.2. Ring order
19.8.3. Overflow
19.8.4. Out of hours
19.9. Directory
19.10. Call pickup/steal
19.11. Busy lamp field
19.12. Using RADIUS
19.12.1. RADIUS accounting
19.12.2. RADIUS authentication
19.12.2.1. Call routing by RADIUS
19.13. Call recording
19.14. Voicemail and IVR services
19.15. Call Data Records
19.16. Technical details
19.17. Custom tones
20. BGP
20.1. What is BGP?
20.2. BGP Setup
20.2.1. Overview
20.2.2. Standards
20.2.3. Simple example setup
20.2.4. Peer type
20.2.5. Route filtering
20.2.5.1. Matching attributes
20.2.5.2. Action attributes
20.2.6. Well known community tags
20.2.7. Announcing black hole routes
20.2.8. Grey holes
20.2.9. Announcing dead end routes
20.2.10. Bad optional path attributes
20.2.11. <network> element
20.2.12. <route>, <subnet> and other elements
20.2.13. Route feasibility testing
20.2.14. Status
20.2.15. Diagnostics
20.2.16. Router startup and shutdown
20.2.17. TTL security
21. OSPF
21.1. What is OSPF?
21.2. OSPF Setup
21.2.1. Overview
21.2.2. Standards
21.2.3. Simple example setup
21.2.4. <ospf> config element
22. Command Line Interface
A. Factory Reset Procedure
B. CIDR and CIDR Notation
C. MAC Addresses usage
C.1. Multiple MAC addresses?
C.2. How the FireBrick allocates MAC addresses
C.2.1. Interface
C.2.2. Subnet
C.2.3. PPPoE
C.2.4. Running out of MACs
C.3. Forcing particular MAC addresses
C.4. MAC address on label
C.5. Using with a DHCP server
D. Scripted access
D.1. Tools
D.2. Access control
D.2.1. Username and password
D.2.2. OTP
D.2.3. Allow list
D.2.4. Allowed access
D.3. XML data for common functions
D.4. XML data from diagnostics and tests
D.4.1. Cross site scripting security
D.4.2. Arguments to scripts
D.5. Special URLs
D.6. Web sockets
E. VLANs : A primer
F. Supported L2TP Attribute/Value Pairs
F.1. Start-Control-Connection-Request
F.2. Start-Control-Connection-Reply
F.3. Start-Control-Connection-Connected
F.4. Stop-Control-Connection-Notification
F.5. Hello
F.6. Incoming-Call-Request
F.7. Incoming-Call-Reply
F.8. Incoming-Call-Connected
F.9. Outgoing-Call-Request
F.10. Outgoing-Call-Reply
F.11. Outgoing-Call-Connected
F.12. Call-Disconnect-Notify
F.13. WAN-Error-Notify
F.14. Set-Link-Info
F.15. Notes
F.15.1. BT specific notes
F.15.2. IP over LCP
G. Supported RADIUS Attribute/Value Pairs for L2TP operation
G.1. Authentication request
G.2. Authentication response
G.2.1. Accepted authentication
G.2.1.1. Prefix Delegation
G.2.2. Rejected authentication
G.3. Accounting Start
G.4. Accounting Interim
G.5. Accounting Stop
G.6. Disconnect
G.7. Change of Authorisation
G.8. Filter ID
G.9. Notes
G.9.1. L2TP relay
G.9.2. LCP echo and CQM graphs
G.9.3. IP over LCP
G.9.4. Closed User Group
G.9.5. Routing table
H. Supported RADIUS Attribute/Value Pairs for VoIP operation
H.1. Authentication request
H.2. Authentication response
H.2.1. Challenge authentication
H.2.2. Accepted authentication (registration)
H.2.3. Accepted authentication (invite)
H.2.4. Rejected authentication
H.3. Accounting Start
H.4. Accounting Interim
H.5. Accounting Stop
H.6. Disconnect
H.7. Change of Authorisation
I. FireBrick specific SNMP objects
I.1. Conventions
I.1.1. IP addresses as indices
I.2. Firebrick-specific structures for BGP
I.2.1. Structure definitions
I.2.1.1. The list of BGP peers for this Firebrick
I.2.2. Enum Definitions
I.3. Firebrick-specific structures for IPSec
I.3.1. Structure definitions
I.3.1.1. fbIPsecGeneral
I.3.1.2. The list of IPsec connections for this Firebrick
I.3.2. Enum Definitions
I.4. Firebrick-specific structures for L2TP
I.4.1. Structure definitions
I.4.1.1. fbL2tpGeneralTunnels
I.4.1.2. fbL2tpGeneralSessions
I.4.1.3. The list of L2TP peers for this Firebrick
I.5. Firebrick-specific structures for VoIP/SIP
I.5.1. Structure definitions
I.5.1.1. Globals
I.5.1.2. The list of VoIP carriers for this Firebrick
I.5.1.3. The list of telephones on this Firebrick
I.6. Firebrick CPU usage
I.6.1. Structure definitions
I.6.1.1. CPU usage for this Firebrick
I.7. Firebrick system stats
I.7.1. Structure definitions
I.7.1.1. The table of runtime stats for this Firebrick
I.8. Monitoring for general system features
I.8.1. Structure definitions
I.8.1.1. The list of readings for this Firebrick
I.9. System wide status
I.9.1. Structure definitions
I.9.1.1. fbGlobalMemory
I.9.1.2. fbGlobalBuffers
I.10. Firebrick profiles
I.10.1. Structure definitions
I.10.1.1. Profiles status
I.11. Monitoring information (deprecated)
J. Command line reference
J.1. General commands
J.1.1. Trace off
J.1.2. Trace on
J.1.3. Uptime
J.1.4. General status
J.1.5. Memory usage
J.1.6. Process/task usage
J.1.7. Login
J.1.8. Logout
J.1.9. See XML configuration
J.1.10. Load XML configuration
J.1.11. Show profile status
J.1.12. Enable profile control switch
J.1.13. Disable profile control switch
J.1.14. Show RADIUS servers
J.1.15. Show DNS resolvers
J.2. Networking commands
J.2.1. Subnets
J.2.2. Renegotiate DHCP for a subnet
J.2.3. Ping and trace
J.2.4. Show a route from the routing table
J.2.5. List routes
J.2.6. List routing next hops
J.2.7. See DHCP allocations
J.2.8. Clear DHCP allocations
J.2.9. Lock DHCP allocations
J.2.10. Unlock DHCP allocations
J.2.11. Name DHCP allocations
J.2.12. Show ARP/ND status
J.2.13. Show VRRP status
J.2.14. Send Wake-on-LAN packet
J.3. Firewalling commands
J.3.1. Check access to services
J.3.2. Check firewall logic
J.4. USB/dongle commands
J.4.1. Show dongle connections
J.4.2. Reset USB interface and all attached devices
J.4.3. Reset PPP/Dongle data connection
J.5. Logging commands
J.5.1. Show Log
J.6. BGP commands
J.6.1. Show BGP
J.6.2. Show BGP Peer
J.6.3. Show BGP Summary
J.6.4. Show BGP Routes
J.6.5. Compare BGP
J.6.6. Clear BGP
J.6.7. Refresh BGP
J.6.8. Refresh BGP
J.7. OSPF commands
J.7.1. Show OSPF
J.7.2. Show OSPF Area
J.7.3. Show OSPF Link
J.7.4. Show OSPF Subnet
J.7.5. Show OSPF Neighbour
J.7.6. Show OSPF Lsa
J.8. PPPoE commands
J.8.1. Show PPPoE
J.8.2. Show PPPoE
J.8.3. Clear PPPoE
J.9. L2TP commands
J.9.1. Show L2TP
J.9.2. Show L2TP Tunnels
J.9.3. Clear L2TP All
J.9.4. Show L2TP Tunnel
J.9.5. Show L2TP Tunnel
J.9.6. Show L2TP Sessions
J.9.7. Show L2TP Session
J.9.8. Clear L2TP Tunnel
J.9.9. Clear L2TP Tunnel
J.9.10. Clear L2TP Session
J.10. VoIP commands
J.10.1. Show VoIP Registrations
J.11. Advanced commands
J.11.1. Panic
J.11.2. Reboot
J.11.3. Screen width
J.11.4. Make outbound command session
J.11.5. Show command sessions
J.11.6. Kill command session
J.11.7. Flash memory list
J.11.8. Delete block from flash
J.11.9. Boot log
J.11.10. Flash log
K. Constant Quality Monitoring - technical details
K.1. Broadband back-haul providers
K.2. Tx/Rx direction
K.3. Access to graphs and csvs
K.3.1. Trusted access
K.3.2. Dated information
K.3.3. Authenticated access
K.4. Graph display options
K.4.1. Scaleable Vector Graphics
K.4.2. Data points
K.4.3. Additional text
K.4.4. Other colours and spacing
K.5. Overnight archiving
K.5.1. Full URL format
K.5.2. load handling
K.6. Graph scores
K.7. Creating graphs, and graph names
K.8. Ping
K.8.1. Automated ping control
K.8.2. Bulk ping configuration via a URL
K.8.3. Stopping Ping Graphs
L. Hashed passwords
L.1. Password hashing
L.1.1. Salt
L.2. One Time Password seed hashing
M. Configuration Objects
M.1. Top level
M.1.1. config: Top level config
M.2. Objects
M.2.1. system: System settings
M.2.2. link: Web links
M.2.3. routing-table: Default source IP for services using a given table
M.2.4. user: Admin users
M.2.5. eap: User access controlled by EAP
M.2.6. log: Log target controls
M.2.7. log-syslog: Syslog logger settings
M.2.8. log-email: Email logger settings
M.2.9. services: System services
M.2.10. http-service: Web service settings
M.2.11. dns-service: DNS service settings
M.2.12. dns-host: Fixed local DNS host settings
M.2.13. dns-block: Fixed local DNS blocks
M.2.14. radius-service: RADIUS service definition
M.2.15. radius-service-match: Matching rules for RADIUS service
M.2.16. radius-server: RADIUS server settings
M.2.17. mqtt-service: MQTT
M.2.18. mqtts-config: Secure MQTTS service
M.2.19. mqtt-config: Insecure MQTT service
M.2.20. mqtt-external: External MQTT/MQTTS connection
M.2.21. mqtt-map: MQTT message mapping
M.2.22. telnet-service: Telnet service settings
M.2.23. snmp-service: SNMP service settings
M.2.24. time-service: System time server settings
M.2.25. ethernet: Physical port controls
M.2.26. link-activity: LED link monitoring
M.2.27. sampling: Packet sampling configuration
M.2.28. portdef: Port grouping and naming
M.2.29. interface: Port-group/VLAN interface settings
M.2.30. subnet: Subnet settings
M.2.31. subnet-template: Subnet option templates for RA
M.2.32. dhcp6-client: DHCPv6 Client
M.2.33. vrrp: VRRP settings
M.2.34. dhcps: DHCP server settings
M.2.35. dhcp-attr-hex: DHCP server attributes (hex)
M.2.36. dhcp-attr-string: DHCP server attributes (string)
M.2.37. dhcp-attr-number: DHCP server attributes (numeric)
M.2.38. dhcp-attr-ip: DHCP server attributes (IP)
M.2.39. pppoe: PPPoE settings
M.2.40. ppp-route: PPP routes
M.2.41. usb: USB 3G/dongle settings
M.2.42. dongle: 3G/dongle settings
M.2.43. route: Static routes
M.2.44. network: Locally originated networks
M.2.45. blackhole: Dead end networks
M.2.46. loopback: Locally originated networks
M.2.47. ospf: Overall OSPF settings
M.2.48. namedbgpmap: Mapping and filtering rules of BGP prefixes
M.2.49. bgprule: Individual mapping/filtering rule
M.2.50. bgp: Overall BGP settings
M.2.51. bgppeer: BGP peer definitions
M.2.52. bgpmap: Mapping and filtering rules of BGP prefixes
M.2.53. cqm: Constant Quality Monitoring settings
M.2.54. l2tp: L2TP settings
M.2.55. l2tp-outgoing: L2TP settings for outgoing L2TP connections
M.2.56. l2tp-incoming: L2TP settings for incoming L2TP connections
M.2.57. l2tp-relay: Relay and local authentication rules for L2TP
M.2.58. fb105: FB105 tunnel definition
M.2.59. fb105-route: FB105 routes
M.2.60. ipsec-ike: IPsec configuration (IKEv2)
M.2.61. ike-connection: connection configuration
M.2.62. ipsec-route: IPsec tunnel routes
M.2.63. ike-roaming: IKE roaming IP pools
M.2.64. ike-proposal: IKE security proposal
M.2.65. ipsec-proposal: IPsec AH/ESP proposal
M.2.66. ipsec-manual: peer configuration
M.2.67. ping: Ping/graph definition
M.2.68. profile: Control profile
M.2.69. profile-date: Test passes if within any of the time ranges specified
M.2.70. profile-time: Test passes if within any of the date/time ranges specified
M.2.71. profile-ping: Test passes if any addresses are pingable
M.2.72. shaper: Traffic shaper
M.2.73. shaper-override: Traffic shaper override based on profile
M.2.74. ip-group: IP Group
M.2.75. route-override: Routing override rules
M.2.76. session-route-rule: Routing override rule
M.2.77. session-route-share: Route override load sharing
M.2.78. rule-set: Firewall/mapping rule set
M.2.79. session-rule: Firewall rules
M.2.80. session-share: Firewall load sharing
M.2.81. voip: Voice over IP config
M.2.82. carrier: VoIP carrier details
M.2.83. telephone: VoIP telephone authentication user details
M.2.84. tone: Tone definitions
M.2.85. ringgroup: Ring groups
M.2.86. directory: Directory entry
M.2.87. etun: Ether tunnel
M.2.88. dhcp-relay: DHCP server settings for remote / relayed requests
M.3. Data types
M.3.1. user-level: User login level
M.3.2. ppp-dump: PPP dump format
M.3.3. autoloadtype: Type of s/w auto load
M.3.4. lacp-hot-standby: LACP hot standby mode
M.3.5. config-access: Type of access user has to config
M.3.6. eap-subsystem: Subsystem with EAP access control
M.3.7. eap-method: EAP access method
M.3.8. syslog-severity: Syslog severity
M.3.9. syslog-facility: Syslog facility
M.3.10. http-mode: HTTP/HTTPS security mode
M.3.11. radiuspriority: Options for controlling platform RADIUS response priority tagging
M.3.12. radiustype: Type of RADIUS server
M.3.13. mqtt-brokers: Select MQTT brokers
M.3.14. month: Month name (3 letter)
M.3.15. day: Day name (3 letter)
M.3.16. port: Physical port
M.3.17. Crossover: Crossover configuration
M.3.18. LinkSpeed: Physical port speed
M.3.19. LinkDuplex: Physical port duplex setting
M.3.20. LinkFlow: Physical port flow control setting
M.3.21. LinkClock: Physical port Gigabit clock master/slave setting
M.3.22. LinkLED: LED settings
M.3.23. LinkFault: Link fault type to send
M.3.24. LEDColour: Which colour LED
M.3.25. LEDBlink: LED blink speed
M.3.26. sampling-protocol: Sampling protocol
M.3.27. trunk-mode: Trunk port mode
M.3.28. ramode: IPv6 route announce level
M.3.29. bgpmode: BGP announcement mode
M.3.30. sampling-mode: Sampling mode
M.3.31. sfoption: Source filter option
M.3.32. pppoe-mode: Type of PPPoE connection
M.3.33. pppoe-calling: Additional prefix on PPPoE calling ID
M.3.34. pppoe-calling-suffix: Main calling ID
M.3.35. pdp-context-type: Type of IP connection
M.3.36. ipsec-type: IPsec encapsulation type
M.3.37. ipsec-auth-algorithm: IPsec authentication algorithm
M.3.38. ipsec-crypt-algorithm: IPsec encryption algorithm
M.3.39. peertype: BGP peer type
M.3.40. ha-set: High availability set ID
M.3.41. radius-nas: NAS IP to report
M.3.42. ike-authmethod: authentication method
M.3.43. ike-mode: connection setup mode
M.3.44. ike-PRF: IKE Pseudo-Random Function
M.3.45. ike-DH: IKE Diffie-Hellman group
M.3.46. ike-ESN: IKE Sequence Number support
M.3.47. ipsec-encapsulation: Manually keyed IPsec encapsulation mode
M.3.48. switch: Profile manual setting
M.3.49. chksum-action: Handling of TCP/UDP packet checksum
M.3.50. dynamic-graph: Type of dynamic graph
M.3.51. firewall-action: Firewall action
M.3.52. privacy-type: Privacy tag to use for withheld
M.3.53. voip-format: Number presentation format
M.3.54. uknumberformat: Number formatting option
M.3.55. recordoption: Recording option
M.3.56. voip-screen: Call screen setting
M.3.57. ring-group-order: Order of ring
M.3.58. ring-group-type: Type of ring when one call in queue
M.3.59. voip-screen-set: Directory screen setting
M.3.60. record-beep-option: Record beep option
M.4. Basic types
Index

List of Figures

3.1. Icons for configuration categories
3.2. The "Setup" category
3.3. Editing an "Interface" object
3.4. Show hidden attributes
3.5. Attribute definitions
3.6. Navigation controls
4.1. Setting up a new user
8.1. Example sessions created by drop and reject actions
8.2. Processing flow chart for rule-sets and session-rules
C.1. Product label showing MAC address range

List of Tables

2.1. IP addresses for computer
2.2. IP addresses to access the FireBrick
2.3. IP addresses to access the FireBrick
3.1. Special character sequences
4.1. User login levels
4.2. Configuration access levels
4.3. General administrative details attributes
4.4. Attributes controlling auto-upgrades
4.5. Global LED control
4.6. Status LED indications
5.1. Logging attributes
5.2. System-Event Logging attributes
7.1. Port LED functions
7.2. LED Link/Activity settings
7.3. Example modified Port LED functions
8.1. Default timeouts for session tracking
8.2. Action attribute values
8.3. obf-checksum values
9.1. Example route targets
14.1. IPsec algorithm key lengths
14.2. IKE / IPsec algorithm proposals
14.3. HA statistic definitions
16.1. List of system services
16.2. List of system services
17.1. Packet dump parameters
17.2. Packet types that can be captured
19.1. Ring Type
19.2. Ring Order
19.3. Access-Accept
19.4. Default tones
20.1. Peer types
20.2. Communities
20.3. Network attributes
21.1. OSPF config attributes
C.1. DHCP client names used
D.1. Special URLs
D.2. Upgrade type numbers enum
F.1. SCCRQ
F.2. SCCRP
F.3. SCCCN
F.4. StopCCN
F.5. HELLO
F.6. ICRQ
F.7. ICRP
F.8. ICCN
F.9. OCRQ
F.10. OCRP
F.11. OCCN
F.12. CDN
F.13. WEN
F.14. SLI
G.1. Access-request
G.2. Access-Accept
G.3. Access-Reject
G.4. Accounting-Start
G.5. Accounting-Interim
G.6. Accounting-Stop
G.7. Disconnect
G.8. Change-of-Authorisation
G.9. Filter-ID
H.1. Access-request
H.2. Access-Challenge
H.3. Access-Accept
H.4. Access-Accept
H.5. Access-Reject
H.6. Accounting-Start
H.7. Accounting-Interim
H.8. Accounting-Stop
H.9. Disconnect
H.10. Change-of-Authorisation
I.1. Indices
I.2. Fields
I.3. FbBgpPeerState - The state of a BGP peer
I.4. Fields
I.5. Indices
I.6. Fields
I.7. FbIPsecConState - The state of an IPsec connection
I.8. Fields
I.9. Fields
I.10. Indices
I.11. Fields
I.12. Fields
I.13. Indices
I.14. Fields
I.15. Indices
I.16. Fields
I.17. Indices
I.18. Fields
I.19. Indices
I.20. Fields
I.21. Indices
I.22. Fields
I.23. Fields
I.24. Fields
I.25. Indices
I.26. Fields
I.27. iso.3.6.1.4.1.24693.1
K.1. File types
K.2. Colours
K.3. Text
K.4. Text
K.5. URL formats
M.1. config: Attributes
M.2. config: Elements
M.3. system: Attributes
M.4. system: Elements
M.5. link: Attributes
M.6. routing-table: Attributes
M.7. user: Attributes
M.8. eap: Attributes
M.9. log: Attributes
M.10. log: Elements
M.11. log-syslog: Attributes
M.12. log-email: Attributes
M.13. services: Elements
M.14. http-service: Attributes
M.15. dns-service: Attributes
M.16. dns-service: Elements
M.17. dns-host: Attributes
M.18. dns-block: Attributes
M.19. radius-service: Attributes
M.20. radius-service: Elements
M.21. radius-service-match: Attributes
M.22. radius-server: Attributes
M.23. mqtt-service: Attributes
M.24. mqtt-service: Elements
M.25. mqtts-config: Attributes
M.26. mqtt-config: Attributes
M.27. mqtt-external: Attributes
M.28. mqtt-map: Attributes
M.29. telnet-service: Attributes
M.30. snmp-service: Attributes
M.31. time-service: Attributes
M.32. ethernet: Attributes
M.33. link-activity: Attributes
M.34. sampling: Attributes
M.35. portdef: Attributes
M.36. interface: Attributes
M.37. interface: Elements
M.38. subnet: Attributes
M.39. subnet-template: Attributes
M.40. dhcp6-client: Attributes
M.41. vrrp: Attributes
M.42. dhcps: Attributes
M.43. dhcps: Elements
M.44. dhcp-attr-hex: Attributes
M.45. dhcp-attr-string: Attributes
M.46. dhcp-attr-number: Attributes
M.47. dhcp-attr-ip: Attributes
M.48. pppoe: Attributes
M.49. pppoe: Elements
M.50. ppp-route: Attributes
M.51. usb: Attributes
M.52. usb: Elements
M.53. dongle: Attributes
M.54. dongle: Elements
M.55. route: Attributes
M.56. network: Attributes
M.57. blackhole: Attributes
M.58. loopback: Attributes
M.59. ospf: Attributes
M.60. namedbgpmap: Attributes
M.61. namedbgpmap: Elements
M.62. bgprule: Attributes
M.63. bgp: Attributes
M.64. bgp: Elements
M.65. bgppeer: Attributes
M.66. bgppeer: Elements
M.67. bgpmap: Attributes
M.68. bgpmap: Elements
M.69. cqm: Attributes
M.70. l2tp: Attributes
M.71. l2tp: Elements
M.72. l2tp-outgoing: Attributes
M.73. l2tp-outgoing: Elements
M.74. l2tp-incoming: Attributes
M.75. l2tp-incoming: Elements
M.76. l2tp-relay: Attributes
M.77. fb105: Attributes
M.78. fb105: Elements
M.79. fb105-route: Attributes
M.80. ipsec-ike: Attributes
M.81. ipsec-ike: Elements
M.82. ike-connection: Attributes
M.83. ike-connection: Elements
M.84. ipsec-route: Attributes
M.85. ike-roaming: Attributes
M.86. ike-proposal: Attributes
M.87. ipsec-proposal: Attributes
M.88. ipsec-manual: Attributes
M.89. ipsec-manual: Elements
M.90. ping: Attributes
M.91. profile: Attributes
M.92. profile: Elements
M.93. profile-date: Attributes
M.94. profile-time: Attributes
M.95. profile-ping: Attributes
M.96. shaper: Attributes
M.97. shaper: Elements
M.98. shaper-override: Attributes
M.99. ip-group: Attributes
M.100. route-override: Attributes
M.101. route-override: Elements
M.102. session-route-rule: Attributes
M.103. session-route-rule: Elements
M.104. session-route-share: Attributes
M.105. rule-set: Attributes
M.106. rule-set: Elements
M.107. session-rule: Attributes
M.108. session-rule: Elements
M.109. session-share: Attributes
M.110. voip: Attributes
M.111. voip: Elements
M.112. carrier: Attributes
M.113. telephone: Attributes
M.114. tone: Attributes
M.115. ringgroup: Attributes
M.116. directory: Attributes
M.117. etun: Attributes
M.118. dhcp-relay: Attributes
M.119. dhcp-relay: Elements
M.120. user-level: User login level
M.121. ppp-dump: PPP dump format
M.122. autoloadtype: Type of s/w auto load
M.123. lacp-hot-standby: LACP hot standby mode
M.124. config-access: Type of access user has to config
M.125. eap-subsystem: Subsystem with EAP access control
M.126. eap-method: EAP access method
M.127. syslog-severity: Syslog severity
M.128. syslog-facility: Syslog facility
M.129. http-mode: HTTP/HTTPS security mode
M.130. radiuspriority: Options for controlling platform RADIUS response priority tagging
M.131. radiustype: Type of RADIUS server
M.132. mqtt-brokers: Select MQTT brokers
M.133. month: Month name (3 letter)
M.134. day: Day name (3 letter)
M.135. port: Physical port
M.136. Crossover: Crossover configuration
M.137. LinkSpeed: Physical port speed
M.138. LinkDuplex: Physical port duplex setting
M.139. LinkFlow: Physical port flow control setting
M.140. LinkClock: Physical port Gigabit clock master/slave setting
M.141. LinkLED: LED settings
M.142. LinkFault: Link fault type to send
M.143. LEDColour: Which colour LED
M.144. LEDBlink: LED blink speed
M.145. sampling-protocol: Sampling protocol
M.146. trunk-mode: Trunk port mode
M.147. ramode: IPv6 route announce level
M.148. bgpmode: BGP announcement mode
M.149. sampling-mode: Sampling mode
M.150. sfoption: Source filter option
M.151. pppoe-mode: Type of PPPoE connection
M.152. pppoe-calling: Additional prefix on PPPoE calling ID
M.153. pppoe-calling-suffix: Main calling ID
M.154. pdp-context-type: Type of IP connection
M.155. ipsec-type: IPsec encapsulation type
M.156. ipsec-auth-algorithm: IPsec authentication algorithm
M.157. ipsec-crypt-algorithm: IPsec encryption algorithm
M.158. peertype: BGP peer type
M.159. ha-set: High availability set ID
M.160. radius-nas: NAS IP to report
M.161. ike-authmethod: authentication method
M.162. ike-mode: connection setup mode
M.163. ike-PRF: IKE Pseudo-Random Function
M.164. ike-DH: IKE Diffie-Hellman group
M.165. ike-ESN: IKE Sequence Number support
M.166. ipsec-encapsulation: Manually keyed IPsec encapsulation mode
M.167. switch: Profile manual setting
M.168. chksum-action: Handling of TCP/UDP packet checksum
M.169. dynamic-graph: Type of dynamic graph
M.170. firewall-action: Firewall action
M.171. privacy-type: Privacy tag to use for withheld
M.172. voip-format: Number presentation format
M.173. uknumberformat: Number formatting option
M.174. recordoption: Recording option
M.175. voip-screen: Call screen setting
M.176. ring-group-order: Order of ring
M.177. ring-group-type: Type of ring when one call in queue
M.178. voip-screen-set: Directory screen setting
M.179. record-beep-option: Record beep option
M.180. Basic data types

List of Examples

I.1.
I.2.
/ ==========================================================================
   Next
   Preface