Legacy productThe WF1740 described here is an old product and no longer supplied. Please see details of current FireBrick products.

FireBrick 105
Manuals
Home

Setup

The setup function consists of a number of general setup facilities that can be selected from a sub menu.

Save config

This allows the current configuration of the FireBrick to be saved on your local PC. Selecting save config will normally cause your browser to pop up with a save box allowing you selected where to save the config. The default filename is the serial number of your FireBrick, allowing you to save many configs in one directory without risk of overwritting a different one. Once saved, the config can be reloaded in to the same or a different FireBrick. It is recommended that after any major changes you save your config

Clear Alert

If an alert is set (using Flash in any filters) then this stays set and the ALERT light continues to flash until you clear it using this link. The date/time is shown as when the alert was first set (if the clock is set).

Upload/Restore

This allows one of three types of files to be uploaded. Simply select the required file using the Browse button and click Send.

F	A flash file can be obtained from the FireBrick software web site. Uploading this will reprogram your FireBrick with a new version of software and usually then require the loading of a W file. The FireBrick will stop operating for up to a minute while flashing new softwate.
W	A web file contains all of the user interface (web pages) allowing you to manage your FireBrick. Without this you will see a User Interface Required page where you can load any of these 3 file types. Normally, for English web pages the file ends in WEN. You must load the version expected, or load a new flash file or config.
Config	A saved configuration file can also be loaded. This will completely replace the previous configuration with the new configuration.

LEDs

The LEDs (lights) over each port can be controlled in a number of different ways depending on your preference. There are 6 pre-defined combinations, a cycling lights option and the option to choose the yellow and greed LED functions directly. When cycling lights are selected the 4 ports on the right cycle the LEDs left/right/left all the time.

Ports

The Ports menu allows settings for all 5 ports to be controlled. With the 5PORT option the port configuration can be selected. Without the 5 port option, the WAN/LAN reverse can be selected. For normal use the settings should all be left on Auto.

Name	Interfaces are normally called WAN or LAN, but you can set the name yourself.
Crossover	Normally the FireBrick can be connected using a straight or crossover lead to a hub/switch or a computer directly. This allows specific select of the crossover mode (MDIX is a normal switch/hub connection and MDI is a normal PC connection).
Speed	Normally the FireBrick detects 10base-T or 100base-T automatically, but the port can be fixed to only one speed.
Duplex	Normally the FireBrick detects Full or Half duplex mode, but the port can be fixed to only one mode.
Disable	Causes the port to be disabled, allowing no traffic in or out.
Throttle	Causes the speed of traffic in and out to be cut to 128Kb/s. This is not traffic shaping but a crude packet limit which can be useful for network debugging.
B/Limit	Causes the speed of any broadcast traffic (or mulicast or flooded unicast) traffic to be limited to 128Kb/s. This can help track down and limit broadcast storms or loops and is mainly useful for network debugging.
Long	Ethernet cables are meant to only run 100m max. This option allows 10base-T sensitivity to be increased to allow use over longer cables (at your own risk).
Test	This causes a line test of the port (see below)
Reverse	This allows the WAN and LAN side to be reveresed. The change takes affect when you reset the FireBrick

Line test

The line test will take the port out of action for a few seconds and perform a time domain reflectometry measurement on the cable. The results are indicated on the right of the table when the tests are complete and remain visible until next reset/power cycle. This type of test can be effective on cables over 3m in length but the results should always be considered only an approximate indication.

If a cable is connected to a correct hub or switch or computer at the far end then the test simply indicates connected. If the cable is broken or shorted then this is indicated along with the distance.

Name/etc

This allows the identity of the FireBrick to be set.

Name	This names the FireBrick. Use a short name, usually related to the site name. To avoid problems with email, etc, use domain valid characters (a-z, A-Z, 0-9, and hyphen).
Domain	This provides a domain name. Again, use domain valid syntax. This is used for DHCP and with the name for emailed messages. Put your valid internet domain.
Administrator	Put the name of the administrator. This is for your own reference, but also reported if SNMP is enabled.
Location	Put the location. This is for your own reference, but also reported if SNMP is enabled.
SNMP Community	If this is not blank, then SNMP is enabled. Put the community name required, usually just public. Remember that you can use filters to restrict access to SNMP or any services on the FireBrick if required.
SNMP options	The ifDesc option causes the SNMP ifDesc to be a simple unique number (the SNMP interface index in the OID) rather than a description. This is because some tools expect it to be unique (e.g. cfgmaker for mrtg)

Gateway

This defines the general gateway IP address and interface. It is used if there are no matching routes or subnets.
The recommendation is to make this a subnet and not set a gateway address as such - the subnet can then have the gateway defined, which could be by DHCP.

Bonding

For full details see the bonding section. This allows up to two pseudo gateways to be specified, and up to four real gateways to be used in their place on a cyclic basis.

Stealth

This is not how you give the FireBrick and IP address. You can speficy the LAN stealth address on which the FireBrick will answer even for traffic passing through it. The FireBrick effectively hijacks traffic to this address. You can also set an address for the FireBrick to borrow on the WAN when setting it's clock, etc. This is normally the adderss of a machine on the LAN, and the FireBrick hijacks the replies to it's requests which would otherwise go back to that machine.

Disable ARP	Stops ARPs being sent automatically from one interface to another - this stops most stealth operations being possible in normal operation
Disable subnet broadcasts	Stops subnet broadcasts (i.e. last address in subnet) being treated as stealth
Disable local broadcasts	Stops local broadcasts (i.e. 255.255.255.255) being treated as stealth
Disable all stealth	Disables all stealth operation

Time

The FireBrick sets and maintains its clock from the internet. To set the time the FireBrick will need a gateway and IP (or stealth WAN IP) so as to be able to send time requests to the internet. The default settings are correct for UK and UK summer time.

Server	Specify the IP of the time server to try, normally 217.169.0.1
Backup	Specify a second time server to use if the first does not respond, normally 217.169.0.2
Time offset	Select the base time zone, e.g. for UK it is UTC+0
Summer time	Select if it is summer time, although this is normally set automatically.
Start summer time	Select the date and month, the Sunday on or after which the clocks go forward one hour. You can select manual to stop summer time being adjusted automatically. The time changes at 1am winter time.
End summer time	Select the date and month, the Sunday on or after which the clocks go backwards one hour.
Profile	The time is set every hour normally, although exactly when in the hour moves about deliberately. This profile allows this to be restricted to set the clock less often. On power up / restart, the clock is not set and so it continually tries until the clock is set, ignoring the profile selected.

Syslog

The FireBrick has an internal log, and can also log to a syslog server. This allows the IP and syslog type to be set.

Server IP	Specify the IP of the syslog server
Port	Specify the syslog port (normally 514)
Type	Select the syslog type, local0 to local7
Optional Interface	Specify the interface or interface and subnet on which the syslog is to be sent, otherwise normal routing rules apply
Optional Source IP	Specify the IP from which syslogs are sent - can be any IP as there is no reply to a syslog. Normally set automatically. Using a subnet for the interface sets the IP of that subnet
Optional Gateway IP	Specify the gateway IP to use. Normally set automatically. Setting a subnet for the interface sets the IP using the DHCP defined gateway for that subnet.

DNS

The FireBrick acts as a DNS relay, and uses DNS itself. This address defines the DNS server it uses.

Log/Filter Options

This allows defaults and options to be defined relating to logging and filtering. See filters for a description of Blink, Flash, Log, Syslog, and Email.

Default filter	This defines the default filter action if no other filters are matched.
Event	Certain events in the FirebBrick are logged as an "Event". This controls if/how such things are logged. Generally an event is something that happens that is non critical.
Alert	Alerts are normally more important events that are critical.
Debug	Debug messages are general additional detailed information.
Stats	Stats are generated automatically every 5 minutes showing usage of each filter and speed lane and interface.
Login OK	If a user login is successful it is logged using these options
Login Bad	If a user login fails, it is logged using these options
DHCP OK	If a DHCP address is allocated (rather than renewed, which is a debug message), then these options are used.
DHCP Bad	If a DHCP operation fails (e.g. no addresses left) then it is logged using these options.
Ping scan	If a ping based profile goes on or off line it is logged using these options.
Tunnel state	Log of tunnel state change (up/down), but does not exclude state changes for tunnels in "Timeout keep alive" mode as they would happen all the time.
Large sessions	Sessions where more than a specified amount of data is transferred are logged at the end of the session using these options.
Email server	This defines the IP of the email server to use to send emailed log entries
Test server	This sends a test email
From address	This defines the address from which the email is sent.
To address	This defines the address to which the email is sent.
Holdoff	Emails are not sent on the first emailable log event happening, there is an initial holdoff (in seconds) so that related events will appear in the same email. Once sent, there is then an additional holdoff which is mainly to limit the number of emails that can be sent when there is a recurring emaillable event.
Profile	Emails are only sent during a selected profile.
QOS TOS value	This allows the specific TOS (type of service) value that is considered to be priority traffic in bonded tunnels and speed lanes. This defaults to 160 which is typical for SIP phones. If using VoIP (Voice over IP) then ensure that you set all phones and links to use the same TOS and set the appropriate value here.

UI Options

Some general UI options can be set which affect the overall operation of the UI.

IP display/range	Various options allowing you to change the way IP addresses and in particular ranges of addresses are displayed.
Number grouping	This allows numbers to be shown with no grouping,or commas/dots or spaces every three digits from the right.
Decimal point	This allows numbers with a decimal point to use a dot or a comma
Speed	Select if you prefer to see speeds as KBytes/s (one decimal place) or Kbits/s
Date format	The date format can be an ISO format (YYYY-MM-DD), UK (DD-MM-YYYY), US (MM-DD-YYYY) or full, e.g. nth Month YYYY
Protocol input	The protocol selection in various places is normally TCP, UDP or ICMP only. This allows a full selection of all 254 protocols, or an input box to enter a protocol number.
Warning music	There is normally a tune played on a suitably configured PC which is trying to login to a FireBrick without the correct username or password. This can be disabled.

Security

See security for a more detailed description of the security model. This allows the general security settings for control of all of the main icons to be specified.

Features

See features for a more detailed description. This allows the current and availabel features to be listed, and the FireBrick to be updated with new features.

On a new FireBrick you should configure internet access and DNS and time setting, and then select Install Assigned Features to ensure you have the full set of features provided with yoru FireBrick installed.

Technical Reference

The name and domain are used in the HELO of outgoing emails, and so should be set using domain valaid characters to avoid problems with some mail servers. Similarly the from and to email addresses need to be entered carefully.
Emailed logs include the first message logged on the end of the subject line. This can be useful if emailing an SMS gateway.
When cycling LEDs mode is used, the extra dot links control the phase of the lights. FireBricks connected using the WAN port and all set in the mode will synchronise themselves to product a dramatic effect.
When cycling LEDs mode is used, the left hand port used LED mode 5.
As soon as internet access from the FireBrick is possible (i.e. IP, gateway, etc) the clock may set and this will usually cause the logged on user to be logged off as the time jumps forward.
If a port is set all manually (no auto) then auto negotiaton is disabled. This allows operation with some types of router which do not understand auto negotiation or have it disabled. You should ensure any manual settings agree with the settings at the other end to avoid problems.
LED modes for SPEED and DUPLEX are lit for 100Mb/s and Full duplex.