The system settings are the top level attributes of the system which apply globally.

Links to other web pages

Default source IP for traffic originated by this FireBrick

User names, passwords and abilities for admin users

Identities, passwords and access methods for access controlled with EAP

Named logging target

Logging to a syslog server

Logging to email

System services are various generic services that the system provides, and allows access controls and settings for these to be specified. The service is only active if the corresponding element is included in services, otherwise it is disabled.

Web management pages

DNS forwarding resolver service

DNS forwarding resolver service

DNS forwarding resolver service

Telnet control interface

The SNMP service has general service settings and also specific attributes for SNMP such as community

The time settings define which NTP servers to synchronize the system clock from, and provide controls for daylight saving (summer time). The defaults are those that apply to the EU

Physical port attributes

Packet sampling configuration

Port grouping and naming

The interface definition relates to a specific physical port group and VLAN. It includes subnets and VRRP that apply to that interface.

Subnet settings define the IP address(es) of the FireBrick, and also allow default routes to be set.

VRRP settings provide virtual router redundancy for the FireBrick. Profile inactive does not disable vrrp but forces vrrp low priority.

Settings for DHCP server

Additional DHCP server attributes (hex)

Additional DHCP server attributes (string)

Additional DHCP server attributes (numeric)

Additional DHCP server attributes (IP)

Static routes define prefixes which are permanently in the routing table, and whether these should be announced by routing protocols or not.

Network blocks that are announced but not actually added to internal routes - note that blackhole and nowhere objects can also announce but not add routing.

Networks that go nowhere

Loopback addresses define local IP addresses

This defines a set of named rules for mapping and filtering of prefixes to/from a BGP peer.

An individual rule for BGP mapping/filtering

The BGP element defines general BGP settings and a list of peer definitions for the individual BGP peers.

The peer definition specifies the attributes of an individual peer. Multiple IP addresses can be specified, typically for IPv4 and IPv6 addresses for the same peer, but this can be used for a group of similar peers.

This defines the rules for mapping and filtering of prefixes to/from a BGP peer.

Constant quality monitoring (graphs and data) have a number of settings. Most of the graphing settings can be overridden when a graph is collected so these define the defaults in many cases.

FB105 tunnel definition

Routes for prefixes that are sent to the FB105 tunnel when up

IPsec IKE and manually-keyed connection details

IPsec IKE connection settings

Routes for prefixes that are sent to the IPsec tunnel

Pool of IP addresses and associated DNS/NBNS servers for dynamic IP allocation

Proposal for establishing the IKE security association

Proposal for establishing the IPsec AH/ESP keying information

IPsec manually keyed connection settings (not recommended, use IKEv2 and secrets instead)

General on/off control profile used in various places in the config.

Time range test in profiles

Time range test in profiles

Ping targets

Settings for a named traffic shaper

Settings for a named traffic shaper

Named IP group

Routing override rules

Routing override rule

Route override setting for load sharing

Firewalling rule set with entry criteria and default actions

Firewall rule

The individual firewall rules are checked in order within the rule-set, and the first match applied. The default action for a rule is continue, so once matched the next rule-set is considered.

Firewall actions for load sharing