FireBrick 105 Manuals Home |
The setup function consists of a number of general setup facilities that can be selected from a sub menu.
F |
A
flash file can be obtained from the
FireBrick software web site. Uploading this will reprogram your
FireBrick with a new version of software and usually then require the
loading of a W file. The FireBrick will stop operating for up to a
minute while flashing new softwate. |
W |
A
web file contains all of the user
interface (web pages) allowing you to manage your FireBrick. Without
this you will see a User Interface
Required page where you can load any of these 3 file types.
Normally, for English web pages the file ends in
WEN. You must load the version
expected, or load a new flash
file or config. |
Config |
A saved configuration file can
also be loaded. This will completely replace the previous configuration
with the new configuration. |
Name |
Interfaces are normally called WAN or LAN, but you can set the name yourself. |
Crossover |
Normally the FireBrick can be connected using a straight or crossover lead to a hub/switch or a computer directly. This allows specific select of the crossover mode (MDIX is a normal switch/hub connection and MDI is a normal PC connection). |
Speed |
Normally the FireBrick detects 10base-T or 100base-T automatically, but the port can be fixed to only one speed. |
Duplex |
Normally the FireBrick detects
Full or Half duplex mode, but the port can be fixed to only one mode. |
Disable |
Causes the port to be disabled,
allowing no traffic in or out. |
Throttle |
Causes the speed of traffic in
and out to be cut to 128Kb/s. This is not traffic shaping but a crude
packet limit which can be useful for network debugging. |
B/Limit |
Causes the speed of any
broadcast traffic (or mulicast or flooded unicast) traffic to be
limited
to 128Kb/s. This can help track down and limit broadcast storms or
loops
and is mainly useful for network debugging. |
Long |
Ethernet cables are meant to
only run 100m max. This option allows 10base-T sensitivity to be
increased to allow use over longer cables (at your own risk). |
Test |
This causes a line test of the
port (see below) |
Reverse |
This allows the WAN and LAN side
to be reveresed. The change takes affect when you reset the FireBrick |
Name |
This names the FireBrick. Use a
short name, usually related to the site name. To avoid problems with
email, etc, use domain valid characters (a-z, A-Z, 0-9, and hyphen). |
Domain |
This provides a domain name.
Again, use domain valid syntax. This is used for DHCP and with the name
for emailed messages. Put your valid internet domain. |
Administrator |
Put the name of the administrator. This is for your own reference, but also reported if SNMP is enabled. |
Location |
Put the location. This is for
your own reference, but also reported if SNMP is enabled. |
SNMP Community |
If this is not blank, then SNMP
is enabled. Put the community name required, usually just
public. Remember that you can use
filters to restrict access to SNMP or any services on the FireBrick if
required. |
SNMP options |
The ifDesc option causes the
SNMP ifDesc to be a simple unique number (the SNMP interface index in
the OID) rather than a description. This is because some tools expect
it to be unique (e.g. cfgmaker for mrtg) |
Disable ARP |
Stops ARPs being sent
automatically from one interface to another - this stops most stealth
operations being possible in normal operation |
Disable subnet broadcasts |
Stops subnet broadcasts (i.e.
last address in subnet) being treated as stealth |
Disable local broadcasts |
Stops local broadcasts (i.e.
255.255.255.255) being treated as stealth |
Disable all stealth |
Disables all stealth operation |
Server |
Specify the IP of the time
server to try, normally 217.169.0.1 |
Backup |
Specify a second time server to
use if the first does not respond, normally 217.169.0.2 |
Time offset |
Select the base time zone, e.g.
for UK it is UTC+0 |
Summer time |
Select if it is summer time,
although this is normally set automatically. |
Start summer time |
Select the date and month, the Sunday on or after which the clocks go forward one hour. You can select manual to stop summer time being adjusted automatically. The time changes at 1am winter time. |
End summer time |
Select the date and month, the
Sunday on or after which the clocks go backwards one hour. |
Profile |
The time is set every hour
normally, although exactly when in the hour moves about deliberately.
This profile allows this to be restricted to set the clock less often.
On power up / restart, the clock is not set and so it continually tries
until the clock is set, ignoring the profile selected. |
Server IP |
Specify the IP of the syslog
server |
Port |
Specify the syslog port
(normally 514) |
Type |
Select the syslog type, local0
to local7 |
Optional Interface |
Specify the interface or
interface and subnet on which the syslog is to be sent, otherwise
normal routing rules apply |
Optional Source IP |
Specify the IP from which
syslogs are sent - can be any IP as there is no reply to a syslog.
Normally set automatically. Using a subnet for the interface sets the
IP of that subnet |
Optional Gateway IP |
Specify the gateway IP to use.
Normally set automatically. Setting a subnet for the interface sets the
IP using the DHCP defined gateway for that subnet. |
Default filter |
This defines the default filter
action if no other filters are matched. |
Event |
Certain events in the FirebBrick
are logged as an "Event". This controls if/how such things are logged.
Generally an event is something that happens that is non critical. |
Alert |
Alerts are normally more
important events that are critical. |
Debug |
Debug messages are general
additional detailed information. |
Stats |
Stats are generated
automatically every 5 minutes showing usage of each filter and speed
lane and interface. |
Login OK |
If a user login is successful it
is logged using these options |
Login Bad |
If a user login fails, it is
logged using these options |
DHCP OK |
If a DHCP address is allocated
(rather than renewed, which is a debug message), then these options are
used. |
DHCP Bad |
If a DHCP operation fails (e.g.
no addresses left) then it is logged using these options. |
Ping scan |
If a ping based profile goes on
or off line it is logged using these options. |
Tunnel state |
Log of tunnel state change
(up/down), but does not exclude state changes for tunnels in "Timeout
keep alive" mode as they would happen all the time. |
Large sessions |
Sessions where more than a
specified amount of data is transferred are logged at the end of the
session using these options. |
Email server |
This defines the IP of the email
server to use to send emailed log entries |
Test server |
This sends a test email |
From address |
This defines the address from
which the email is sent. |
To address |
This defines the address to
which the email is sent. |
Holdoff |
Emails are not sent on the first
emailable log event happening, there is an initial holdoff (in seconds)
so that related events will appear in the same email. Once sent, there
is then an additional holdoff which is mainly to limit the number of
emails that can be sent when there is a recurring emaillable event. |
Profile |
Emails are only sent during a
selected profile. |
QOS TOS value |
This allows the specific TOS
(type of service) value that is considered to be priority traffic in
bonded tunnels and speed lanes. This defaults to 160 which is typical
for SIP phones. If using VoIP (Voice over IP) then ensure that you set
all phones and links to use the same TOS and set the appropriate value
here. |
IP display/range |
Various options allowing you to
change the way IP addresses and in particular ranges of addresses are
displayed. |
Number grouping |
This allows numbers to be shown with no grouping,or commas/dots or spaces every three digits from the right. |
Decimal point |
This allows numbers with a
decimal point to use a dot or a comma |
Speed |
Select if you prefer to see
speeds as KBytes/s (one decimal place) or Kbits/s |
Date format |
The date format can be an ISO
format (YYYY-MM-DD), UK (DD-MM-YYYY), US (MM-DD-YYYY) or full, e.g. nth
Month YYYY |
Protocol input |
The protocol selection in various places is normally TCP, UDP or ICMP only. This allows a full selection of all 254 protocols, or an input box to enter a protocol number. |
Warning music |
There is normally a tune played
on a suitably configured PC which is trying to login to a FireBrick
without the correct username or password. This can be disabled. |