Legacy productThe WF1740 described here is an old product and no longer supplied. Please see details of current FireBrick products.

FireBrick 105
Manuals
Home

FireBrick 105 Features

The FireBrick 105 has a number of standard features and also optional features.

Buying and installing features

To buy a new feature you must contact your FireBrick supplier. The supplier will obtain a feature token which can be assigned to a feature on your FireBrick. A feature token can then be assigned to a specific feature on a specific FireBrick. Once assigned the FireBrick can be updated to install all assigned features.

The supplier may simply supply the feature token to you. In which case you can assign and install the feature.
The supplier may assign the feature to the specific FireBrick and feature you have requested. This is usually the case when ordering a new FireBrick with specific features.
If the supplier has access to the FireBrick, he may install the feature as well which means you do not have to do anything.

Ask you supplier how they handle feature upgrades. Some suppliers provide complete management of FireBricks and will do everything for you. Do not be alarmed if they simply provide the feature token as it is a very simple process for you to assign and install the feature on your FireBrick yourself.

Before buying a feature you should read the description here, and the description of the configuration (icons) to be sure it will do what you require. If in doubt, ask your supplier.

Obtaining a feature tokens

A feature token is three groups of 4 letters, like XXXX-XXXX-XXXX. It is unique and can be used only once to assign a feature to a FireBrick and is non transferable or refundable. You obtain a feature token from your FireBrick supplier.

Assigning a feature

Once you have a feature token you have to assign it to a specific feature on a specific FireBrick. You can do this in one of two ways:-

If your FireBrick is on line to the internet, has a DNS server defined, and can set it's clock then you can use the setup/features configuration page to enter the feature token and select a feature required. This assigns the feature and does the installation on your FireBrick in one go and takes around 10 seconds.
If your FireBrick is not on line or you do not wish to use the automated system, you can manually assign the feature token to a specific FireBrick and Feature using the feature tools on this web site. Once you have done this you will have to install the current features.

Installing current features

Once a feature has been assigned to a specific FireBrick, you need to install the feature on to the FireBrick itself. This can be done in one of two ways:-

If your FireBrick is on line to the internet, has a DNS server defined, and can set it's clock then you can use the setup/features configuration page to select install assigned features.
If your FireBrick is not on line or you do not wish to use the automated system, you can manually install the feature. To do this obtain an installation key from the feature tools on this web site, and entering it in to the setup/features page on your FireBrick. This will take about 10 seconds.

Standard Features

Standard features are included in all standard FireBricks. However, there are various OEM versions also available. OEM suppliers provide thheir own support and documentation, and they may have alternative standard features. As such it is possible to have a FireBrick which does not have these standard features.

Filtering

This is the core fire walling function of a FireBrick. It controls the filter icon, and the filtering table. Without this feature the FireBrick allows all traffic.

Grouping

This is the named IP and port group feature. Without it there are no IP groups and Port groups icons or options to select these rather than manually entering IP or port ranges.

Subnets

This is the subnets and DHCP feature. If controls the subnets icon. Without it the FireBrick can only operate in stealth mode.

Mapping

This is the address mapping feature. It controls the mapping icon. Without it the only address mapping that is possible is NAT as set in subnets.

Optional Features

Optional features can be installed by purchasing a feature token as described above. All of these are available on a standard FireBrick, however some OEM variants may not allow all of these features to be purchased.

Extras

This provides additional filters, routers administrative users, etc. It is useful for larger or more complex installations. It does not matter when you by extras (e.g. before or after buying another feature) as you will get the increased number of all features you have installed.

Menu	Normal	Extras
Administrative users	5	10 (including nobody user)
Profiles	10	100 (+3 pre-defined)
Shaping rules	30	100
Speed lanes	10	50
Subnets	5	30
Routing rules	5	100 (+subnets and default gateway)
IP groups	10	100 (up to 500 individual IP ranges in total)
Port groups	10	100 (up to 500 individual port/protocol ranges in total)
Filters	30	100
Mapping rules	5	100
Tunnels	10	100

Shaping

Traffic shaping provides a means to group different types of traffic in to speed lanes. The traffic grouping rules are much like filters in that they allow grouping on interface, IP source/target, protocol, and port source/target. The speed lanes themselves then allow the rate to each ethernet interface to be set in whole KB/s. There are also options to allow spare capacity on one or more speed lanes to be taken up by other speed lanes.

The shaping rules also allow a master rate control to which all lanes are subject unless marked otherwise. This allows, for example, a master lane to be set for an outgoing ADSL line, and then certain types of traffic, e.g. voice over IP, to queue jump that limitation.

Profiles

Profiles are a general way to turn on off almost any of the rules within the FireBrick. e.g. individual routing or filtering rules can be associated with a profile. There are standard profiles for 24/7 (always on), 9-5M-F, and 3am Sun. It is possible for a rule to be associated with not a profile, so Not 24/7 means always off. These pre-defined profiles are available in every FireBrick.

The profiles feature allows manual, timed and ping based profiles to also be used.

Manual profiles are either on or off, and are controlled by a check box on the quick setup screen. This can be useful to allow a whole set of rules to be switched in one go.
Time based profiles can be set on or off for each whole hour in a week. This allows aspects of the FireBrick to be time based.
Ping profiles are on if there are responses to a ping being sent by the FireBrick, and off if there is no response. The pings can be via specific routes and gateways allowing the profile to be used to monitor an internet link or a server. When ping profiles change, a log can be generated.

Profiles can also be combined, making one profile dependent on another in some way. This allows complex combinations of time, manual switches and external availability to control operations of the FireBrick. A common use is for backup internet links allowing a profile control routing to a backup router if a main link stops working.

Tunnels

Tunnels are a way to create a virtual route from one FireBrick to another over an IP link. It allows virtual private networks (VPNs) to be created between FireBricks. The protocol used is proprietary but documented and there is at least one linux implementation freely available. The protocol allows authentication of tunnels (by IP and MD5/secret) but is not encrypted.

Reporting

Reporting provides a number of ways of extracting information from the FireBrick and includes:-

SNMP reporting of each port, and also traffic through speed lanes
Email log entries
Syslog log entries

Bonding

Bonding provides two ways in which multiple links can be combined.:-

Multiple gateway router bonding - typically used for bonding uplink on multiple ADSL lines. Packets can be sent round robin to up to 4 actual gateways allowing aggregation of the capacity even on a single data transfer session.
Weighted routing - typically used for bonding downlink on multiple internet links. Sessions can be sent via more than one gateway on a random probability basis which can be used with NAT to ensure replies come via a specific route. This allows aggregation of overall traffic levels although individual data transfer sessions will be limited to the speed of one link only.

5Port

The FireBrick normally operates with a WAN port and a LAN port (on 4 port switch). In this mode the WAN and LAN can be reversed, putting the 4 port switch on the WAN. There are however only two interfaces for fire walling, WAN and LAN. The names of these can be changed as necessary.

The 5Port option changes the FireBrick to allow each port to be separately configured to operate independently or as a switch. There are 5 separate interfaces for fire walling. This allows configurations with 1, 2 or 3 additional DMZs as well as WAN and LAN if required. Stealth mode still operates between the WAN and LAN interfaces. The factory default for a 5 port switch is to have all 5 ports as distinct interfaces.

VLAN

Normally any VLAN tags received by the FireBrick are ignored and stripped off any packets sent through the FireBrick.

With the VLAN subnets feature you can set each subject to have a VLAN identity. This means any traffic to that subnet is tagged with that VLAN tag. When used in conjunction with a VLAN capable switch this allows independent subnets to operate on different groups of ports on the switch. When the FireBrick acts as a DHCP server, it serves addresses based on the VLAN tag of the request and hence allows independent DHCP allocations for each group of ports. Routing rules allow traffic to be routed to specific subnets.

VLAN identities are not a part of shaping, mapping or filtering rules, but by careful allocation of IP ranges to different VLAN subnets, these rules can use IP ranges to identify each port group.