User Manuals: Fido FireBrick FB2700 Firewall Router

User Manuals: Fido FireBrick FB2700 Firewall Router

Manuals and User Guides for Fido FireBrick FB2700 Firewall Router. We have 1 Fido FireBrick FB2700 Firewall Router manual available for free PDF download: User Manual

Fido FireBrick FB2700 User Manual

Fido FireBrick FB2700 User Manual (264 pages)

Brand: Fido | Category: Network Router | Size: 2 MB

Table of Contents

User Manual
1
Table of Contents
4
Preface
21
1 Introduction

22
- The FB2700
  22
- About this Manual
  24
  - Version
    24
  - Intended Audience
    24
  - Technical Details
    24
  - Document Style
    24
  - Document Conventions
    25
  - Comments and Feedback
    25
- Additional Resources
  25
  - Technical Support
    25
  - IRC Channel
    26
  - Application Notes
    26
  - White Papers
    26
  - Training Courses
    26
2 Getting Started

27
- IP Addressing
  27
- Accessing the Web-Based User Interface
  27
- IP Addresses to Access the Firebrick
  27
  - Add a New User
    28
- Setting up a New User
  29
- Configuration Being Stored
  29
3 Configuration

30
- The Object Hierarchy
  30
- The Object Model
  30
  - Formal Definition of the Object Model
    31
  - Common Attributes
    31
- Configuration Methods
  31
- Web User Interface Overview
  31
  - User Interface Layout
    32
    
    Customising the Layout
    32
- Main Menu
  32
  - Config Pages and the Object Hierarchy
    33
    
    Configuration Categories
    33
    
    Object Settings
    34
- The "Setup" Category
  34
- Editing an "Interface" Object
  35
  - Navigating Around the User Interface
    36
  - Backing up / Restoring the Configuration
    37
  - Configuration Using XML
    37
    
    Introduction to XML
    37
    
    Example XML Configuration
    38
    
    The Root Element - <Config
    38
    
    Viewing or Editing XML
    38
  - Downloading/Uploading the Configuration
    40
    
    Download
    40
    
    Upload
    41
4 System Administration

42
- User Management
  42
  - Login Level
    42
- Setting up a New User
  42
  - Configuration Access Level
    43
  - Login Idle Timeout
    43
  - Restricting User Logins
    43
    
    Restrict by IP Address
    43
- User Login Levels
  43
- Configuration Access Levels
  43
  - Logged in IP Address
    44
  - Restrict by Profile
    44
  - One Time Password
    44
  - General System Settings
    45
    
    Administrative Details
    45
    
    Home Page Web Links
    45
    
    System Name (Hostname)
    45
    
    System-Level Event Logging Control
    45
    
    Password Hashing
    46
  - Software Upgrades
    46
    
    Breakpoint Releases
    47
    
    Identifying Current Software Version
    47
    
    Software Release Types
    47
    
    Controlling Automatic Software Updates
    48
    
    Internet-Based Upgrade Process
    48
    
    Manually Initiating Upgrades
    48
- Software Upgrade Available Notification
  48
  - Manual Upgrade
    49
  - Boot Process
    49
    
    LED Indications
    49
    
    Power LED Status Indications
    49
    
    Port Leds
    50
5 Event Logging

51
- Overview
  51
  - Log Targets
    51
    
    Logging to Flash Memory
    51
    
    Logging to the Console
    52
- Enabling Logging
  52
- Logging to External Destinations
  52
  - Syslog
    52
  - Email
    53
    
    E-Mail Process Logging
    54
- Factory Reset Configuration Log Targets
  54
- Performance
  54
- Viewing Logs
  54
  - Viewing Logs in the User Interface
    54
  - Viewing Logs in the CLI Environment
    55
- System-Event Logging
  55
- Using Profiles
  55
- System-Event Logging Attributes
  55
6 Interfaces and Subnets

56
- Relationship between Interfaces and Physical Ports
  56
  - Port Groups
    56
  - Interfaces
    56
- Defining Port Groups
  57
- Defining an Interface
  57
  - Defining Subnets
    58
    
    Source Filtering
    59
    
    Using DHCP to Configure a Subnet
    59
  - Setting up DHCP Server Parameters
    59
    
    Fixed/Static DHCP Allocations
    60
    
    Restricted Allocations
    61
    
    Special DHCP Options
    62
  - DHCP Relay Agent
    62
- Physical Port Settings
  62
  - Disabling Auto-Negotiation
    63
  - Setting Port Speed
    63
  - Setting Duplex Mode
    63
  - Defining Port LED Functions
    63
- Example Modified Port LED Functions
  64
7 Session Handling

65
- Routing Vs. Firewalling
  65
- Session Tracking
  65
  - Session Termination
    66
- Session Rules
  66
  - Overview
    66
  - Processing Flow
    67
- Action Attribute Values
  67
- Processing Flow Chart for Rule-Sets and Session-Rules
  69
  - Defining Rule-Sets and Rules
    70
    
    Recommended Method of Implementing Firewalling
    71
    
    Changes to Session Traffic
    72
    
    Configuring Session Time-Outs
    73
    
    Graphing and Traffic Shaping
    73
    
    Load Balancing
    73
  - Network Address Translation
    74
    
    NAT Algs
    74
    
    When to Use NAT
    74
    
    NAT with Pppoe
    75
    
    Setting NAT in Rules
    75
    
    What NAT Does
    75
    
    Carrier Grade NAT
    76
    
    Mixing NAT and Non NAT
    76
    
    NAT with Dongles
    76
    
    NAT with Other Types of External Routing
    76
    
    Using NAT Setting on Subnets
    77
8 Routing

78
- Routing Logic
  78
- Routing Targets
  79
  - Subnet Routes
    79
  - Routing to an IP Address (Gateway Route)
    79
  - Special Targets
    80
- Dynamic Route Creation / Deletion
  80
- Routing Tables
  80
- Bonding
  81
- Route Overrides
  81
9 Profiles

83
- Overview
  83
- Creating/Editing Profiles
  83
  - Timing Control
    83
  - Tests
    84
    
    General Tests
    84
    
    Ping Tests
    84
    
    Time/Date Tests
    84
  - Inverting Overall Test Result
    85
  - Manual Override
    85
10 Traffic Shaping

86
- Graphs and Shapers
  86
  - Graphs
    86
  - Shapers
    87
  - Ad Hoc Shapers
    87
  - Long Term Shapers
    87
- Multiple Shapers
  88
- Basic Principles
  88
11 Pppoe

89
- Types of DSL Line and Router in the United Kingdom
  89
- Definining Pppoe Links
  90
  - Ipv6
    90
  - Additional Options
    90
    
    MTU and TCP Fix
    90
    
    Logging
    91
    
    Service and Ac-Name
    91
    
    Speed and Graphs
    91
12 Tunnels

92
- Ipsec (IP Security)
  92
  - Introduction
    92
    
    Encryption
    92
    
    Integrity Checking
    92
    
    Authentication
    93
    
    Ike
    93
    
    Manual Keying
    93
    
    Identities and the Authentication Mechanism
    94
  - Setting up Ipsec Connections
    94
    
    Global Ipsec Parameters
    94
    
    IKE and Ipsec Proposal Lists
    95
    
    IKE Connection Mode and Type
    95
    
    IKE Connections
    95
    
    IKE Proposals
    95
    
    IKE Roaming IP Pools
    95
    
    Authentication and IKE Identities
    96
    
    IP Addresses
    96
    
    Other Parameters
    97
    
    Road Warrior Connections
    97
    
    Routing
    97
    
    Setting up Manual Keying
    97
    
    Algorithms and Keys
    98
    
    IP Endpoints
    98
    
    Mode
    98
    
    Routing
    98
    
    Other Parameters
    99
  - Using EAP with Ipsec/Ike
    99
  - Using Certificates with Ipsec/Ike
    99
    
    Creating Certificates
    101
  - Choice of Algorithms
    101
  - NAT Traversal
    102
  - Configuring a Road Warrior Server
    103
  - Connecting to Non-Firebrick Devices
    104
    
    Using Strongswan on Linux
    104
    
    Setting up a Road Warrior VPN on an Android Client
    105
    
    Manual Keying Using Linux Ipsec-Tools
    106
    
    Setting up a Road Warrior VPN on an Ios (Iphone/Ipad) Client
    106
- FB105 Tunnels
  107
  - Tunnel Wrapper Packets
    108
  - Setting up a Tunnel
    108
  - Viewing Tunnel Status
    109
  - Dynamic Routes
    109
  - Tunnel Bonding
    109
  - Tunnels and NAT
    109
    
    Another Device Doing NAT
    110
    
    FB2700 Doing NAT
    110
- Ether Tunnelling
  110
13 USB Port

112
- USB Configuration
  112
  - Dongle Configuration
    112
14 System Services

113
- Protecting the FB2700
  113
- Common Settings
  113
- List of System Services
  113
  - HTTP Server Configuration
    114
    
    Access Control
    114
    
    Trusted Addresses
    114
- List of System Services
  114
  - Telnet Server Configuration
    115
    
    Access Control
    115
  - DNS Configuration
    115
    
    Blocking DNS Names
    115
    
    Local DNS Responses
    115
    
    Auto DHCP DNS
    116
  - NTP Configuration
    116
  - SNMP Configuration
    116
  - RADIUS Configuration
    116
    
    RADIUS Client
    116
    
    RADIUS Server (Platform RADIUS)
    116
    
    RADIUS Client Settings
    117
    
    Server Blacklisting
    117
15 Network Diagnostic Tools

118
- Firewalling Check
  118
- Access Check
  119
- Packet Dumping
  119
  - Dump Parameters
    120
  - Security Settings Required
    120
  - IP Address Matching
    121
  - Packet Types
    121
  - Snaplen Specification
    121
  - Using the Web Interface
    121
  - Using an HTTP Client
    122
    
    Example Using Curl and Tcpdump
    122
16 Vrrp

123
- Virtual Routers
  123
- Configuring VRRP
  124
  - Advertisement Interval
    124
  - Priority
    124
- Using a Virtual Router
  124
- VRRP Versions
  124
  - VRRP Version 2
    124
  - VRRP Version 3
    125
- Compatibility
  125
17 Voip

126
- What Is Voip
  126
- Registration and Proxies
  126
  - Registrar
    126
  - Proxy
    126
- Home/Office Phone System
  127
- Network Address Translation
  127
- Number Plan
  128
- Telephone Handsets
  128
- Voip Call Carriers
  129
- Hunt Groups
  130
  - Ring Type
    130
  - Ring Order
    131
  - Overflow
    131
  - Out of Hours
    131
- Call Pickup/Steal
  131
- Busy Lamp Field
  132
- Using RADIUS
  132
  - RADIUS Accounting
    132
  - RADIUS Authentication
    132
    
    Call Routing by RADIUS
    133
- Call Recording
  134
- Access-Accept
  134
  - Voicemail and IVR Services
    135
  - Call Data Records
    135
  - Technical Details
    136
  - Custom Tones
    136
- Default Tones
  136
18 Bgp

138
- What Is BGP
  138
- BGP Setup
  138
  - Overview
    138
  - Standards
    138
  - Simple Example Setup
    139
  - Peer Type
    139
- Peer Types
  139
  - Route Filtering
    140
    
    Action Attributes
    140
    
    Matching Attributes
    140
    
    Announcing Black Hole Routes
    141
    
    Well Known Community Tags
    141
    
    Announcing Dead End Routes
    142
    
    Bad Optional Path Attributes
    142
    
    Network> Element
    142
    
    Route Feasibility Testing
    142
    
    Route>, <Subnet> and Other Elements
    142
- Network Attributes
  142
  - Diagnostics
    143
  - Router Shutdown
    143
  - TTL Security
    143
19 Ospf

144
- What Is OSPF
  144
- OSPF Setup
  144
  - Overview
    144
  - Standards
    144
  - Simple Example Setup
    145
  - Ospf> Configelement
    145
20 Internet Service Providers

146
- Background
  146
  - How It All Began
    146
  - Point to Point Protocol
    146
  - L2Tp
    146
  - Broadband
    147
  - Radius
    147
  - Bgp
    147
- Incoming L2TP Connections
  147
- The Importance of CQM Graphs
  148
- Authentication
  148
- Accounting
  149
- RADIUS Control Messages
  149
- Pppoe
  149
- Typical Configuration
  149
  - Interlink Subnet
    149
  - BGP with Carrier
    150
  - RADIUS Session Steering
    150
  - L2TP Endpoints
    151
  - Isp Radius
    151
21 Command Line Interface

152
- Factory Reset Procedure
  153
- CIDR and CIDR Notation
  155
- MAC Addresses Usage
  157
  - Multiple MAC Addresses
    157
  - How the Firebrick Allocates MAC Addresses
    158
    
    Base MAC
    158
    
    Interface
    158
    
    Pppoe
    158
    
    Subnet
    158
    
    Running out of Macs
    159
  - MAC Address on Label
    159
  - Using with a DHCP Server
    160
- Vlans : a Primer
  161
- Supported L2TP Attribute/Value Pairs
  162
  - Start-Control-Connection-Request
    162
  - Start-Control-Connection-Reply
    162
  - Start-Control-Connection-Connected
    163
  - Stop-Control-Connection-Notification
    163
  - Hello
    163
  - Incoming-Call-Request
    163
  - Incoming-Call-Reply
    164
  - Incoming-Call-Connected
    164
  - Outgoing-Call-Request
    164
  - Outgoing-Call-Reply
    165
  - Outgoing-Call-Connected
    165
  - Call-Disconnect-Notify
    165
  - WAN-Error-Notify
    165
  - Set-Link-Info
    165
- Ocrp
  165
- Occn
  165
- Cdn
  165
- Wen
  165
- Sli
  165
  - Notes
    166
    
    BT Specific Notes
    166
    
    IP over LCP
    166
- Supported RADIUS Attribute/Value Pairs for L2TP Operation
  167
  - Authentication Request
    167
- Access-Request
  167
  - Authentication Response
    168
    
    Accepted Authentication
    168
- Access-Accept
  168
  - Prefix Delegation
    169
  - Rejected Authentication
    170
  - Accounting Start
    170
- Accounting-Start
  170
- Access-Reject
  170
  - Accounting Interim
    171
- Accounting-Interim
  171
  - Accounting Stop
    172
- Accounting-Stop
  172
  - Disconnect
    172
  - Change of Authorisation
    172
- Change-Of-Authorisation
  172
  - Filter ID
    173
- Filter-ID
  173
  - Notes
    174
    
    L2TP Relay
    174
    
    Closed User Group
    175
    
    IP over LCP
    175
    
    LCP Echo and CQM Graphs
    175
    
    Routing Table
    175
- Supported RADIUS Attribute/Value Pairs for Voip Operation
  176
  - Authentication Request
    176
- Access-Request
  176
  - Authentication Response
    177
    
    Accepted Authentication (Invite)
    177
    
    Accepted Authentication (Registration)
    177
    
    Challenge Authentication
    177
- Access-Accept
  177
  - Rejected Authentication
    178
  - Accounting Start
    178
- Accounting-Start
  178
  - Accounting Interim
    178
- Accounting-Interim
  178
- Access-Reject
  178
  - Accounting Stop
    179
- Accounting-Stop
  179
  - Disconnect
    179
  - Change of Authorisation
    180
- Change-Of-Authorisation
  180
- Firebrick Specific SNMP Objects
  181
  - BGP Information
    181
  - L2TP Information
    181
- Iso.3.6.1.4.1.24693.179
  181
- Iso.3.6.1.4.1.24693.1701
  181
  - Monitoring Information
    182
- Command Line Reference
  183
  - General Commands
    183
    
    General Status
    183
    
    Login
    183
    
    Memory Usage
    183
    
    Process/Task Usage
    183
    
    Trace off
    183
    
    Trace on
    183
    
    Uptime
    183
    
    Disable Profile Control Switch
    184
    
    Enable Profile Control Switch
    184
    
    Load XML Configuration
    184
    
    Logout
    184
    
    See XML Configuration
    184
    
    Show DNS Resolvers
    184
    
    Show Profile Status
    184
    
    Show RADIUS Servers
    184
  - Networking Commands
    185
    
    List Routes
    185
    
    List Routing Next Hops
    185
    
    Ping and Trace
    185
    
    Show a Route from the Routing Table
    185
    
    Subnets
    185
    
    Clear DHCP Allocations
    186
    
    Lock DHCP Allocations
    186
    
    Name DHCP Allocations
    186
    
    See DHCP Allocations
    186
    
    Send Wake-On-LAN Packet
    186
    
    Show ARP/ND Status
    186
    
    Show VRRP Status
    186
    
    Unlock DHCP Allocations
    186
  - Firewalling Commands
    187
    
    Check Access to Services
    187
    
    Check Firewall Logic
    187
  - Usb/Dongle Commands
    187
    
    Reset Ppp/Dongle Data Connection
    187
    
    Reset USB Interface and All Attached Devices
    187
    
    Show Dongle Connectoons
    187
  - L2TP Commands
    187
  - BGP Commands
    187
  - OSPF Commands
    188
  - Pppoe Commands
    188
  - Voip Commands
    188
  - Dongle/Usb Commands
    188
  - Advanced Commands
    188
    
    Panic
    188
    
    Reboot
    188
    
    Screen Width
    188
    
    Boot Log
    189
    
    Delete Block from Flash
    189
    
    Flash Log
    189
    
    Flash Memory List
    189
    
    Kill Command Session
    189
    
    Make Outbound Command Session
    189
    
    Show Command Sessions
    189
- Constant Quality Monitoring - Technical Details
  190
  - Broadband Back-Haul Providers
    190
  - Access to Graphs and Csvs
    190
    
    Trusted Access
    190
- File Types
  190
  - Dated Information
    191
  - Authenticated Access
    191
  - Graph Display Options
    191
    
    Data Points
    191
    
    Additional Text
    192
    
    Other Colours and Spacing
    192
  - Overnight Archiving
    192
    
    Full URL Format
    193
    
    Load Handling
    193
  - Graph Scores
    193
- URL Formats
  193
  - Creating Graphs, and Graph Names
    194
- Configuration Objects
  195
  - Top Level
    195
    
    Config: Top Level Config
    195
  - Objects
    196
    
    System: System Settings
    196
    
    Link: Web Links
    197
    
    User: Admin Users
    197
    
    Eap: User Access Controlled by EAP
    198
    
    Log: Log Target Controls
    198
- Eap: Attributes
  198
- Log: Attributes
  198
- Log: Elements
  198
- Radius-Service-Match: Attributes
  205
- Dhcps: Elements
  211
- Dhcp-Attr-String: Attributes
  212
- Dhcp-Attr-Number: Attributes
  212
  - Ppp-Route: PPP Routes
    214
  - Usb: USB 3G/Dongle Settings
    214
  - Dongle: 3G/Dongle Settings
    214
- Pppoe: Elements
  214
- Text
  224
- Hello
  225
- K.99. Voip: Attributes
  243
  - Carrier: Voip Carrier Details
    244
- Voip: Elements
  244
- Ramode: Ipv6 Route Announce Level
  255
- Index
  263

Advertisement

Advertisement

Related Products

Fido VinCSS FIDO2 Touch 1

Fido Categories

Security System

Network Router

More Fido Manuals