FireBrick

FireBrick - Firewalls, Bonding ADSL, Routers, Traffic Shaping...

FireBrick FB2900
FireBrick FB2900

FireBrick FB2900 series Software

As a matter of policy, FireBrick software upgrades are free to download for all FireBrick customers.

SOFTWARE UPGRADES ARE BEST PERFORMED USING THE WEB CONTROL PAGES ON THE FIREBRICK ITSELF

If you are loading new software from this web page, please read the instructions first.

Factory, Beta or Alpha?

There are three categories of software releases available - Factory, Beta and Alpha.

These categories reflect the amount of testing done - releases normally start life as an alpha, then after initial alpha testing are converted to a beta. As a beta they are subjected to further testing, both by ourselves and by customers in the field. If, after beta testing, a release is stable, we will promote it to a factory release. If during testing we find a problem, we may choose to withdraw that release, or promote a later release.

Factory releases have been tested extensively, both by us and by test users, and have been stable for some time as a beta release. We recommend upgrading all FireBricks to the latest factory release when convenient. FB2500, FB2700 and FB2900 models will automatically upgrade to the latest factory release, unless you change the default "sw-update" setting in the config.

Beta releases have been through alpha testing to eliminate obvious bugs, and are generally stable. They are available to all users, should you wish to try a new feature or bug-fix before it is available as a factory release, and are willing to take the risk. FireBrick dealer technical support may also ask you to try a new beta to fix a problem. However, when running a beta, we suggest you keep an eye on our software downloads page, in case the beta you are using is withdrawn, or a subsequent beta release with relevant bug fixes is made available. When a beta release has had sufficient testing, it is normally promoted to factory release, or withdrawn if any serious problems are found. Your FireBrick's upgrade page will normally offer the latest beta release, or you can manually download it from our website and upload it onto your FireBrick.

Alpha releases are only for use by designated alpha testers, who are members of staff or customers closely involved in developing and debugging new features. Alpha releases may have had little or no testing, so there is a significant risk of bugs. If you would like to get involved in alpha testing, please contact your dealer. To load an alpha release, your FireBrick must first have alpha upgrades enabled by us. Your FireBrick's upgrade page will then offer the latest alpha release, or you can manually download it from our website and upload it onto your FireBrick.

Note that if any upgrade causes repeated crashes, your FireBrick automatically reverts to older code.

Upgrade Instructions

Upgrade using the FireBrick control pages

The FireBrick has a built-in software download and installation system which can be accessed from the web control pages. This provides a simple one-click download and install feature. Simply go to your FireBrick's Status page, and if there is an upgrade available it will display an upgrade link under the current software version. Click the upgrade link and it will show details of the latest release - once you have read the release notes and wish to proceed, simply click the Upgrade button and it will download that release, install it, and reboot (this causes a brief outage of a few seconds). More

Manually downloading and installing an upgrade

To install new software manually you need to load the main product image file. You may also wish to update the bootloader; this is normally unnecessary unless indicated by the release notes. The XSD file corresponding to the software may also be downloaded; this does not need to be installed on the FireBrick, but is useful as a definitive reference for the XML configuration.

Log in to your FireBrick administration pages, select Upload, browse to the main or bootloader image, and click Send new code. The software will be saved to flash, which will take a few seconds, and will become operational the next time the FireBrick is rebooted. You can force an immediate reboot by ticking the checkbox before clicking Send New Code.

Breakpoint Releases

When upgrading manually, do not skip over breakpoint software releases (labelled [Breakpoint] under release version number), as these update your config for changes in format or syntax. If you have saved configs, always re-save a copy after upgrading to a breakpoint issue. If you have tools to update configs, check documentation to confirm they are up to date. We recommend using the upgrade button on the FireBrick web control pages as this will ensure you do not miss any steps. Automatic upgrades to the latest factory release are done by default on FB2500, FB2700 and FB2900 models. More

More

FireBrick Model: FB6000 | FB2500 | FB2700 | FB2900 | SoHo/Plus | FB105

Model Variant: FB2900   Change to: (default is FB2900)

Software Versions: Older versions | Factory releases | Factory and Beta | Factory, Beta & Alpha

2018-06-22
Current factory release
1.48.101 (Avarelli)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.47.100 to Factory release 1.48.101

ACME

  • Install root certificates for use with Let's Encrypt and ACME
  • Better error logging
  • Full ACME system to work with Let's Encrypt

BGP

  • Updates BGP refresh options including sending refresh request
  • Additional BGP shutdown subcodes added
  • Some additional debug for BGP

Config

  • Config top level attributes now include username and ip of last update
  • Config top level attributes now include serial number and version, but normal edit screen no longer has xmlns and xsi
  • IP groups can now reference subnets by name (including DHCP client subnets)

Crypto

  • New key generation logic in place for ACME and related functions
  • Avoid crash soon after startup following auto key generation

Ethernet

  • Fix crash on packet reception when collecting entropy

Firewall

  • Added a block/prefix mapping feature to firewall logic

https

  • Self signed certificates as fallback for initial set up via https

IP

  • Increase pending ARP cache and drop if overloaded rather than sending spurious ICMP errors

IPv6

  • Change some logic to reduce use of 2002:: 6over4 address usage as source addresses where possible

L2TP/RADIUS

  • Tweaks to expected timeouts on RADIUS (e.g. for L2TP or session steering) and change default to min timeout 2 seconds total
  • More control of RADIUS timeouts for ad-hoc RADIUS from RADIUS response for L2TP session steering
  • Improve outgoing L2TP handling where target is hostname

Logging

  • Change to outgoing email timeout (spam scans and the like can take a while) RFC5321 4.5.3.2
  • Colour on web log not always correct

Monitoring

  • LED faults (open/short-circuit) are now reported in UI/CLI monitoring section and logged to flash

OS

  • Fix occasional lockup/crash during stream processing

PPP

  • Send NAK asking for MD5 on receipt of non MD5 CHAP request

RADIUS

  • RADIUS client allowing fixed source-ip, and for ad-hoc L2TP steering uses L2TP source IP if set
  • Fix L2TP relay steering RADIUS min/max timeouts (5/20 not 20/5)

RNG

  • Additional stats for entropy collection

UI monitoring

  • Fix incorrect display of negative temperature

VoIP

  • Fix nc to 1 as we don't store/re-use nonce values. Some systems don't just look for duplicates but actually expect a 1
  • Not picking up media started until something that is not perfect silence is sent as some systems do that!
  • Better handling of overlapping INVITE replies where server is very slow or over long latency links

VRRP

  • Config check for duplicate VRRP MAC in use on different interfaces

Web control pages

  • Change layout of rule-set
  • Changed logic for self signed certificates, and made more transient in certificate store
  • Limit number of self signed certificates to reduce clutter, and avoid possible "make millions of certificates" attacks
2018-04-19
Older factory release
1.47.100 (Zander)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.47.010 to Factory release 1.47.100

L2TP

  • Edge case where radius relay of tunnel could cause crash when using BRAS mode

Web control pages

  • TLS: Added AEAD-GCM cipher suites - now get an "A" rating with Qualys SSL Labs test.
  • Can now specify a list of possible certificates to be used for https in http config
2018-04-11
Older factory release
1.47.010 (Zander)
Config:XSD Doc
Manual:PDF HTML

No changes reported for this release note.