FireBrick FB9000

FB9000 - Firewall

The FB9000 can provide firewalling, typically for hosted servers in a data centre. It supports 8192 VLANs in total and each can be separately firewalled. VRRP is supported so a dual box configuration can be supported allowing redundancy.


  • Full multi-gigabit capability making simple deployment - one pair of FB9000's with BGP and VRRP can provide redundancy.
  • Very low power consumption (around 30W), dual PSU, 1U box. Save money on space and power in data centre.

Example: multiple connections


An office router and firewall for multiple LANs and multiple 1Gb/s internet connections

The FB9000 can manage multiple internet connections and support multiple physical local networks. The physical networks can be have separate firewall rules and separate routing tables.

Load balancing or fail-over configurations are supported, along with traffic shaping, port mapping, firewalling etc.

The remaining ports can be used for further LANs or Internet connections as required.

If required, full or partial-table BGP can be used with the internet connection(s) and you can announce your own IP space.

Example: Dedicated VoIP Network


An Office router and firewall for high-speed internet connectivity and separate VoIP network, with failover

The FB9000 can manage a high-speed internet connections as well as additional connections (up to 1Gb/s) that can be used for fail-over or other purposes.

Here we have a dedicated VoIP LAN, a dedicated VoIP Internet connection, as well as a main 10Gb/s Internet connection, and a third for fail-over.

Example: L2TP head-end


FB9000 as an L2TP 'head' end' for remote FB2900 routers

Multiple remote offices can connect in to the head office using lightweight and efficient L2TP.

This enables numerous remote locations to access services on the Main LAN.

Further Information


Full features for one price, no per session licencing or other extra costs.


Five year warranty on hardware against any manufacturing defect. Normal working hours / courier replacement. Recommended that two units are used together to provide hardware redundancy. On-going maintenance contracts available for extended hardware support beyond one year.


1U, dual AC 120/240V inlets (monitored), 2 internal fans (monitored), approx 30W total power consumption.

Multi-position 19" rack mount ears, with variation for hanging mount in shallow depth telco racks.

Power at rear, ethernet ports at front.

Software upgrades

Free of charge, beta and released software. Internal flash holds up to 8 versions with automatic fallback on crash/watchdog.

Reboot or software upgrade with clean shutdown of L2TP, BGP, VRRP, etc, for minimal disruption. Boot time under 1 second.

UK based s/w support team - email and irc support during office hours.


Configuration defined by an XML document according to a published XSD schema. The configuration may be uploaded and downloaded by HTTP (e.g. using curl). In addition the web interface contains an interactive configuration editor.

Configuration changes are applied as seamlessly as possible when loaded without the need to re-boot.

Command line interface

The command line provides a number of commands to provide viewing of BGP, and pinging status data, as well as clearing BGP sessions. Includes tab completion and interactive help text.


Two 10G SFP+ ports and eight 1G SFP ports allowing 4096 VLANs on each. 100 independent routing tables which can be used with BGP. Each port/VLAN can be attached to a specific routing table.

Access control

Access lists of telnet, web, SNMP. These can also be attached to an independent routing table for specific port/VLANs.


Easy to set up firewalling rules. Note, this is IP level firewalling and not virus scanning or web page filtering or proxying.

  • Rules based on source interface.
  • Rules based on target interface.
  • Rules based on source IP.
  • Rules based on target IP.
  • Rules based on protocol and ports.
  • Fill ICMP error handling matching quoted packet to sessions.
  • Full IP and port mapping and NAT including ICMP support.
  • IPv4 and IPv6 firewalling.
  • IPv4 to/from IPv6 mapping.
  • Generic NAT64 mapping for use with TOTD in IPv6 only environments.


  • Full table BGP supported
  • IPv4 and IPv6 BGP sessions.
  • IPv4 and IPv6 routing data.
  • AS4 (32 bit) AS number support.
  • IPv6 protocol 41 tunnel announcements using 2002::/16 next hop.


Syslog to external server with various levels of debugging data available. Logs also available live via command line interface.


SNMP (read only) support for a number of functions including interface stats for each port/VLAN in use and individual ping state (up/down).


Simple NTP client to set clock for accurate logging with fallback via list of configured servers.


DHCP client mode available, multiple instances. Also RA client for IPv6 addressing.

RA server for passive IPv6 adress allocation to LAN.


IPv4 VRRP2 and IPv4/6 VRRP3 server.

  • Multiple VRRP IP addresses per port/VLAN.
  • Can use standard floating MAC address, or can use fixed per machine MAC with promiscuous ARPs as configured.
  • Dynamic VRRP priority based on routability of a list of addresses, allows VRRP to only become master when external routing in place.
  • Pingable VRRP addresses for easier diagnostics.

Sales & Dealer Enquiries

phone 01344 400 500
Mon - Fri, 9am-5pm,
calls are recorded
sms 01344 400 500

Support Contact

phone 01344 400 500
Mon-Fri 9am-5pm,
calls are recorded
sms 01344 400 500