FireBrick - Firewalls, Bonding ADSL, Routers, Traffic Shaping...

FireBrick FB2900
FireBrick FB2900

FireBrick FB2900

The FB2900 replaces the FB2700 and is available soon.

The FB2900 is the latest in the FireBrick serious of network appliances design to provide a complete Internet connection / gateway for small to medium offices. It provides interfaces to Internet access in various ways including fallback and bonding; Legacy IP & IPv6 firewalling; port mapping; and traffic shaping. It provides a variety of VPN solutions including IPsec with IKEv2. It even operates as a VoIP phone system gateway providing a range of features for a small / medium office.



Key/Network features

  • Four copper 10/100/1000Mb/s Ethernet ports with Gb/s switching and routing up to 750Mb/s
  • One SFP gigabit Ethernet port, allowing a range of SFP modules for additional copper port, fibre, etc.
  • Current internet protocols (IPv6) built in to the design from the start, not an afterthought.
  • Full ICMP and ICMPv6 aware stateful session tracking
  • Interface packet dump compatible with tcpdump and wireshark
  • Comprehensive firewalling rules using interfaces, protocols, and ports, source and target
  • Support for controlled access and mapping in NAT environments using NAT-PMP and PCP
  • Port and IP mapping including basic NAT, and mapping between IPv4 and IPv6 with ICMP and ICMPv6 handling
  • Multiple VLAN operation allowing DMZ and segregated networks
  • Powerful DHCP server as well as IPv6 route announcement for simple control of an office network
  • Syslog logging (windows servers are available) and SNMP monitoring
  • Optional Industry standard Virtual Router Redundancy Protocol (VRRP) allowing multiple device fallback
  • Optional routing features for multi-homed installations using BGP (not full table)
  • Multiple independent routing tables
  • Local DNS caching relay with configurable DNS overrides
  • Real time graphs of usage / shapers and ping graphs
  • Simple web interface and command line interfaces, including XML based config and web based config editor
  • Config test and roll-back features
  • Time profile and ping monitoring to control aspects of operation automatically
  • Multi-colour configurable information LED to aid remote diagnostics and report status visually
  • Automatic free software updates, and sub second reboot time
  • 9k MTU switching, and 2k MTU routing allowing baby jumbo needed for PPPoE and un-fragmented L2TP to carry full frame packets

Internet access features

  • PPPoE allowing multiple bridging modems to be connected directly or via VLAN switch
  • Very fast PPPoE negotiation and recovery
  • Optional multiple line bonding working with suitable ISPs or via tunnels
  • Optional load balancing multiple ISPs with weighting options
  • Fall back routing
  • Routing based on traffic type and source addresses
  • IP level NAT with configurable timeouts and port mappings
  • 3G/4G dongle support (multiple dongles via suitable USB hub) - works with selected models of dongle
  • Can work with some models of direct SFP VDSL/ADSL modem modules to allow a direct connection to VDSL/ADSL line
  • Optional operation as PPPoE BRAS with local or RADIUS based authentication for small scale ISP set up

IPsec and VPNs

  • Optional IPsec with IKEv2
  • Optional Legacy "FB105" unencrypted tunnel support
  • Direct L2TP client support
  • Optional L2TP server with local or RADIUS based authentication for small scale ISP operations


  • Compatible with standard SIP UDP 8 bit A-law operation for crisp clear phone calls requiring no conversion to/from PSTN
  • Operates as phone system allowing devices to register to it as telephone extensions
  • Operates as a phone/extension to connect to Internet SIP carriers, registering with the carrier as one or more phones
  • Can operate using back-to-back config allowing phones to make internal calls locally and have hunt groups whilst each phone is operating as an Internet based phone line
  • Hunt groups operating a variety of ways, with fall back, and time profile controls - including external numbers
  • Busy lamp field (tested on SNOM)
  • Call and group pick up
  • Call steal (reverse call transfer) feature
  • Call tee feature to allow call recording (stereo) on local or Internet based call recorders (linux s/w supplied)

Physical/electrical, etc

  • Mains power via "figure 8" IEC mains connector, 110-240V 15W (inc USB and SFP). Double insulated. For indoor use.
  • DC option using Anderson power pole connectors, plug and tails provided. 12V/24V automotive, or 48V industrial DC options. Approx 15W
  • Operating temp range, 0°C-50°C (expected that it would work down to -20°C in practice). Relative humidity max 90% (non condensing).
  • Metal case, 185mm by 135mm by 35mm (40mm with feet) so will typically fit on 1U rack shelf with clearance. 720g (typical mains power version)
  • Connectors: 4x RJ45, 1x SFP, 1xUSB, power (AC or DC). All connectors one one side
  • LEDs for copper port status, and general multicolour status LED. Mirror LEDs on other side
  • Rack/wall mount kit allows mounting either way around/up
  • No fans or air holes, runs cool (though plug in devices such as USB or SFP could get hot)
  • Will have CE marking, obviously. Tested against all relevant specifications including new safety tests, and awaiting final statement of conformity now before CE marking applied.
  • Made in UK. Uses in-house firmware, operating system and bootloader, coded in UK. This includes all security code such as IPsec.


  • The main option is base or fully loaded where the latter has all of the above optional features. It is possible to upgrade at a later date.
  • Rack mount brackets for single FB2900 in standard 19" rack, or dual FB2900, both in 1U height. Rack mount kit also allows for easy wall mounting.
  • A completely new power supply design allows us to also offer DC power options, either automotive (up to 24V) or industrial (48V).