FireBrick

FireBrick - Firewalls, Bonding ADSL, Routers, Traffic Shaping...

FireBrick FB6000
FireBrick FB6000

FireBrick FB6000 series Software

As a matter of policy, FireBrick software upgrades are free to download for all FireBrick customers.

SOFTWARE UPGRADES ARE BEST PERFORMED USING THE WEB CONTROL PAGES ON THE FIREBRICK ITSELF

If you are loading new software from this web page, please read the instructions first.

Factory, Beta or Alpha?

There are three categories of software releases available - Factory, Beta and Alpha.

These categories reflect the amount of testing done - releases normally start life as an alpha, then after initial alpha testing are converted to a beta. As a beta they are subjected to further testing, both by ourselves and by customers in the field. If, after beta testing, a release is stable, we will promote it to a factory release. If during testing we find a problem, we may choose to withdraw that release, or promote a later release.

Factory releases have been tested extensively, both by us and by test users, and have been stable for some time as a beta release. We recommend upgrading all FireBricks to the latest factory release when convenient. FB2500 and FB2700 models will automatically upgrade to the latest factory release, unless you change the default "sw-update" setting in the config.

Beta releases have been through alpha testing to eliminate obvious bugs, and are generally stable. They are available to all users, should you wish to try a new feature or bug-fix before it is available as a factory release, and are willing to take the risk. FireBrick dealer technical support may also ask you to try a new beta to fix a problem. However, when running a beta, we suggest you keep an eye on our software downloads page, in case the beta you are using is withdrawn, or a subsequent beta release with relevant bug fixes is made available. When a beta release has had sufficient testing, it is normally promoted to factory release, or withdrawn if any serious problems are found. Your FireBrick's upgrade page will normally offer the latest beta release, or you can manually download it from our website and upload it onto your FireBrick.

Alpha releases are only for use by designated alpha testers, who are members of staff or customers closely involved in developing and debugging new features. Alpha releases may have had little or no testing, so there is a significant risk of bugs. If you would like to get involved in alpha testing, please contact your dealer. To load an alpha release, your FireBrick must first have alpha upgrades enabled by us. Your FireBrick's upgrade page will then offer the latest alpha release, or you can manually download it from our website and upload it onto your FireBrick.

Note that if any upgrade causes repeated crashes, your FireBrick automatically reverts to older code.

Upgrade Instructions

Upgrade using the FireBrick control pages

The FireBrick has a built-in software download and installation system which can be accessed from the web control pages. This provides a simple one-click download and install feature. Simply go to your FireBrick's Status page, and if there is an upgrade available it will display an upgrade link under the current software version. Click the upgrade link and it will show details of the latest release - once you have read the release notes and wish to proceed, simply click the Upgrade button and it will download that release, install it, and reboot (this causes a brief outage of a few seconds).

Manually downloading and installing an upgrade

To install new software manually you need to load the main product image file. You may also wish to update the bootloader; this is normally unnecessary unless indicated by the release notes. The XSD file corresponding to the software may also be downloaded; this does not need to be installed on the FireBrick, but is useful as a definitive reference for the XML configuration.

Log in to your FireBrick administration pages, select Upload, browse to the main or bootloader image, and click Send new code. The software will be saved to flash, which will take a few seconds, and will become operational the next time the FireBrick is rebooted. You can force an immediate reboot by ticking the checkbox before clicking Send New Code.

Breakpoint Releases

When upgrading manually, do not skip over breakpoint software releases (labelled [Breakpoint] under release version number), as these update your config for changes in format or syntax. If you have saved configs, always re-save a copy after upgrading to a breakpoint issue. If you have tools to update configs, check documentation to confirm they are up to date. We recommend using the upgrade button on the FireBrick web control pages as this will ensure you do not miss any steps. Automatic upgrades to the latest factory release are done by default on FB2500 and FB2700 models. More


FireBrick Model: FB6000 | FB2500 | FB2700 | SoHo/Plus | FB105

Model Variant: FB6202   Change to: (default is FB6202)

Software Versions: Older versions | Factory releases | Factory and Beta | Factory, Beta & Alpha

2017-02-16
Current factory release
1.45.001 (Ximenes)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.44.000 to Factory release 1.45.001

DNS

  • Possible rare quirk that could cause a DNS resolver to be ignored/blocked

IPv6

  • When turning off RA we were sending an RA making prefixes valid for infinity rather than 0

L2TP

  • RADIUS interim stats would repeat last stats a lot of the time if few active sessions

OS

  • Improve OS interrupt scheduling to reduce possibility of panic under heavy load
  • Change of default value in new ethernet interrupt code config to address possible latency issue under load

Profiles

  • Forcing a config load which has a reference to non existent profile could cause a crash

Routing

  • L2TP source routing check could, in some cases, cause a crash if routing for IP is primarily via different route (e.g. BGP) with L2TP as fallback

Web interface

  • Packet dump was blocking other forms on web interface whilst running (error 409), fixed
  • Allow certificate download if read access to config, and only show cert actions if available to user
  • Removing 2FA could result in a crash, fixed
  • Logging for http does not log every web page access on normal logging now, that is on debug logging
2017-02-13
Older factory release
1.45.000 (Ximenes)
[Withdrawn]
Config:XSD Doc
Manual:PDF HTML
This release has been withdrawn.

Release notes from Factory release 1.44.000 to Factory release 1.45.000

DNS

  • Possible rare quirk that could cause a DNS resolver to be ignored/blocked

IPv6

  • When turning off RA we were sending an RA making prefixes valid for infinity rather than 0

L2TP

  • RADIUS interim stats would repeat last stats a lot of the time if few active sessions

OS

  • Improve OS interrupt scheduling to reduce possibility of panic under heavy load

Profiles

  • Forcing a config load which has a reference to non existent profile could cause a crash

Routing

  • L2TP source routing check could, in some cases, cause a crash if routing for IP is primarily via different route (e.g. BGP) with L2TP as fallback

Web interface

  • Packet dump was blocking other forms on web interface whilst running (error 409), fixed
  • Allow certificate download if read access to config, and only show cert actions if available to user
  • Removing 2FA could result in a crash, fixed
  • Logging for http does not log every web page access on normal logging now, that is on debug logging
2017-01-11
Older factory release
1.44.000 (Warbler)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.43.001 to Factory release 1.44.000

PPP

  • Ignoring unknown PPP/LCP protocol reject now
  • Closing PPP if IPv4 and IPv6 terminated or rejected

PPPoE

  • Rework of service name matching and PADO/PADS response logic for PPPoE

Web interface

  • Factory reset state not working due to new security measures means factory reset bricks cannot be configured via web interface, only telnet
  • Fix individual DHCP kill button which was not allowing unexpired or locked entries to be killed, and correct typo!
2017-01-05
Older factory release
1.43.001 (Vixen)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.42.100 to Factory release 1.43.001

DHCPv6

  • Tested on Zen IPv6 PPPoE/DHCPv6 - addressed a number of issues, now working

Ethernet

  • Improve ethernet receive processing and CPU load monitoring

L2TP

  • Additional RADIUS logging for RADIUS based steering

OTP

  • Made web & telnet login prompt for OTP authenticator code so can be entered separately from password

Sampling

  • Introduce packet sampling (IPFIX/sFlow) [not yet documented]

SNMP

  • Named shapers were not returning actual stats

Web interface

  • Did not show new bootloader as available on status upgrades page
  • New password change menu to simplify password change and to allow users without config save access to update their password
  • Added QR code and suggested key to OTP set up
  • New simpler OTP set up
  • Removed OTP check on config recovery mode - given physical access needed and likely clock not set
  • Cross site scripting checks on web forms
2016-11-01
Older factory release
1.42.100 (UncleYap)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.41.000 to Factory release 1.42.100

BGP

  • Subtle recursive next hop check logic error where DeadEnd community tagged routes used

Bootload

  • This release includes a boot loader update which incorporates a number of minor changes

CLI

  • Increase CLI regexp buffer to support lines up to 300 characters
  • Fix lockup problem when doing command completion
  • Debug command for DNS cache

DNS

  • Bug in DNS caching that could have caused other side effects in other systems - fixed
  • Custom DNS responses can now be restricted to specific interfaces
  • More aggressive DNS cache expiry where multiple entries have different TTL
  • Better cache handling when being flooded with requests to cache limit
  • Slightly more aggressive clean up of domains with expired cache or caching limits reached

L2TP

  • Allow config of advertised receive window
  • Avoid sending CDN or other session related messages once a CDN is received
  • Better handling of zero length username and zero length passwords in proxied authentication
  • Graph names not showing on L2TP sessions immediately after connect
  • Option for local LCP echo handling in middle of L2TP relayed connection
  • Edge case of L2TP with PAP and auth-name but no auth-resp (assumed no/null password) which was not doing RADIUS
  • Change when relaying L2TP with null password and PAP to send null password in an auth-resp
  • L2TP relay to send auth even for zero length login
  • Fix bug with showing L2TP routing

logging

  • Logging of config changes was not working correctly if system log-config was set

SNMP

  • Added some missing stats; Implemented Admin/Oper status reporting for ports; Improved port and interface naming.

UI

  • Subnets status page now shows portgroup name in Port column

Web interface

  • Port group names shown on port status
2016-05-08
Older factory release
1.41.000 (Taupi)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.40.000 to Factory release 1.41.000

BGP

  • New dead-end-community used to propagate routes within IBGP that are dead ends (e.g. nowhere or network)

Firewall

  • Fix to NAT64 logic where target is nowhere/network

L2TP

  • If RADIUS overwrites the proxy auth logic to change auth type then change proxy last LCP tx
  • Change logic for dummy auth on L2TP to wait for LCP negotiation to complete before RADIUS allowing proxy LCP details to pass to relayed connection

Routing

  • Changed internal routing logic for "next hop" based routes to be more efficient
2016-04-26
Older factory release
1.40.000 (Shed)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.39.000 to Factory release 1.40.000

ARP

  • Minor tweaks to ARP timing

BGP

  • Tweak next hop in some cases - review against RFC
  • Show BGP sessions that are down by profile as shutdown in peers list
  • Manual shutdown, albeit deprecated, was not working to close existing BGP sessions
  • Simplified the XML for BGP status, all peers list as <peer.../> now.
  • When originating routes from a 32 bit AS number via a 16 bit AS BGP session was not sending AS4_PATH
  • BGP tweak, allow incoming BGP in IDLE state

CLI

  • Command line completion could complete keyword arguments incorrectly

IP

  • Allow UDP to VRRP address - used for DNS, and RADIUS, etc.

IPsec

  • Fix crash when certificate named in connection is missing

L2TP

  • Incoming L2TP config allow any table if table attribute not set
  • Allow outgoing source IP setting on outgoing L2TP tunnels
  • RADIUS directed session steering for L2TP needs to use the specified table
  • Speed sanity check - do not believe L2TP speeds at or below 10kb/s as valid
  • Don't close tunnel on an out of order control packet showing backwards Nr sequence
  • Some more options for RADIUS to overwrite password on L2TP relay

LACP

  • Adjust port ID used in LACP to start from 1, to avoid port 0 being used

Routing

  • Improve route caching update on deep recursive routes changing

SNMP

  • iso.3.6.1.2.1.31.1.1.1.1. (ifName) corrected as was a Counter64 not a String
  • Corrected counters for broadcast and multicast packets to 32 bit
  • Fix return ordering in bulk get requests; inprove encoding of integer values

TCP

  • Do not perform TCP MSS fixups on MD5-authenticated sessions

Web status

  • Minor tweaks to status pages
2016-03-20
Older factory release
1.39.000 (Rufus)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.38.001 to Factory release 1.39.000

CLI

  • Add command output filtering capability to CLI (telnet and serial link)
  • Fix crash in CLI when default logging is set to console
  • The "show route" and "show routes" commands have been combined to avoid ambiguity; If '?' is used to output command details the command help info is displayed, unless all commands are listed

DHCP

  • DHCP relay/remote server logic
  • Tidy up DHCP logging messages
  • Tweak for FireBrick as a DHCP client working via DHCP Relay Agents

DNS

  • Timeout of long-latency replies from DNS servers was flawed.

Ethernet

  • LACP send and receive/status
  • LLDP send and receive/status
  • Port trunking options (with or without LACP)

L2TP

  • Uplink speed control per connection
  • Change to way hashes are handled for session steering

LACP

  • Option to control the hashing used for trunking
  • Default LACP mode is passive for non trunked ports as some switches are strange

NTP

  • Better error logs for NTP / clock setting
  • Better NTP back off logic
  • Option for fast-retry for NTP until clock first set

PPP

  • Better timing of PPP LCP when using dummy auth (no authentication)

PPPoE

  • Tweak PPPoE Host-Uniq

Profile

  • Change to profiles use of and/or/not so these are tested on the "interval" rather than being immediate in some cases

Routing

  • Adjust hash logic slightly

UI

  • Kill link on web view of L2TP sessions/tunnels
2016-02-14
Older factory release
1.38.001 (Quantum)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.37.002 to Factory release 1.38.001

Ethernet

  • Don't log transmit queue full errors (txqfull) caused by physical port being down

VRRP

  • Correct issue with VRRP ARP replies in some cases
2016-01-14
Older factory release
1.37.002 (Paul)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.36.002 to Factory release 1.37.002

BGP

  • Handle blackhole routes better - having an ingress and egress tag for blackhole routes
  • BGP rule override of pad was not working
  • Extra debug

Config

  • Default user password generation now salted SHA256

DHCP

  • Tweak DHCP server to use chaddr field not source MAC
  • Tweak to DHCP to allow renew of IP where ARP shows MAC as matching either chaddr or source MAC of request
  • Improved algorithm for selecting which restricted IP pools apply
  • Added a bit of sanity check on DHCP renew/expiry values received
  • Change DHCP retry to restart back off at expiry
  • DHCP log of moving IPs between interfaces was crashing, fixed
  • Extra debug counters for DHCP client

DNS

  • Random DNS source port for additional security
  • Incorrect ARCOUNT in cached responses when EDNS0 request used
  • Possible race condition in DNS tracking

Flash

  • Improve flash scheduling; should fix occasional "Bad end read" crashes.
  • Fix another flash scheduling problem causing occasional crashes

L2TP

  • Changed overload logic for unresponsive LNS to better handle when LNS is relayed/outgoing connections
  • RADIUS auth sends original tx speed, not adjusted, which fixes issues when multiple authentication done on same connection
  • Allow overwrite of existing User-Password in RADIUS auth response (for PAP and CHAP use on relayed tunnel connection)
  • Relayed tx speed in connect info now reflects speed as updated by RADIUS, not original.
  • Fatal tunnel sequence errors now close tunnel
  • Tweak not to send ZLB in reply to message if the message causes a reply to be sent anyway
  • Allow session to be marked blackhole routed ('D' filter)
  • Added debug logging for DOS detection to show pps
  • L2TP clearing of dead tunnels improved (some edge cases left tunnels never clearing)
  • Internal stats cache clear on L2TP session start
  • RADUIS Accounting to show Connect based on actual speed, not original L2TP speed
  • Show when routes suppressed in L2TP session status
  • Additional LCP control (data len) for screwy Samsung LACs that don't cope with zero len
  • Send LCP TERM ACK reply when closing

L2TP/PPP

  • Change to allow non auth incoming L2TP to send RADIUS to validate as a "dummy authentication"
  • Stall (no reply) IPCP / IPV6CP if waiting on RADIUS, as can happen for dummy auth
  • Better handling of proxied LCP negotiating no authentication
  • Tweak to RADIUS accounting for reaching quota - possible race condition when very low usage LNS
  • Fix for cache condition on stats collection in very low usage LNS

Ping

  • Ping diagnostics "loss" stats were including ICMP errors as well as correct responses

PPP

  • Allow PPP LCP to negotiate unauthenticated (LCP rejecting AUTH)
  • Don't do IPCP whilst waiting on RADIUS (relevant for null auth)
  • PAP Ack/Nak with zero message now sends zero message len not zero data
  • Checking proxy LCP now accepts stupid LACs that claim to neg longer PAP/CHAP LCP messages if they otherwise look OK

PPPoE

  • Tweak PPPoE client to change Host-Uniq as some systems misbehave if always the same
  • PPPoE was not authenticating, Fixed

Routing

  • Next hop feasibility checking failed to spot when an Ethernet next hop stopped answering ARPs
  • Next hop logging is now separate system log target

Stats

  • One-second CPU stats output is now synchronized to UTC time

UI

  • Improve diagnostic if s/w upgrade fails

Web config

  • Better handling of messages when test saving config with errors
  • Turn off autocomplete on config editor as causing issues

Web status

  • Status/Subnets now shows the interface headings
2015-04-29
Older factory release
1.36.002 (Orlando)
[Breakpoint]
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.35.001 to Factory release 1.36.002

BGP

  • Replacement routes with different flags were treated as no change
  • Fix mis handling of ORIGINATOR ID when not sent
  • Tweak to remove non standard tie break logic in BGP code
  • Cluster ID, Custer List and Originator ID now only sent where source is IBGP

Config

  • Certificate management extended

CQM

  • Tweak URLs for images of graphs to allow for graphs that look like a URL and break some browsers
  • Change logic for adjusting shared shapers when hitting limits to favour unit dropping most packets more

IPsec

  • Add debug logging of IP allocations

Logging

  • Logging of panic message was not working correctly - fixed.

Manual

  • Added some more IPsec doc and corrected some other minor typos in manual

Password

  • Not upgrading passwords to SHA256+15, but to SHA1+3 so backwards compatible if code revertse

Ping

  • Added ping stats on ping command line and web (was already in XML)
  • Web/command line ping stats showed wrong average

PPP

  • Tweak to try and handle case of CHAP final reply having been missed, and reprocess duplicate CHAP response

Route

  • Diagnostics for routes shows reason for ordering

UI

  • Ticking the check box for an optional multiple select input (set) with one member pre-sets the only member as selected
2014-12-03
Older factory release
1.35.001 (Nestor)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.34.000 to Factory release 1.35.001

BGP

  • Added import-filters and export-filters and named bgp rules to config
  • Withdraw of non existent route may cause parent route to be mistakenly withdrawn

Config

  • Check each interface has a unique port/vlan setting. Invalid configs will still load on bootup but must be corrected before resaving.
  • Storage and management of certificates and keys added (cannot be used effectively yet).

DHCP

  • Improved DHCP clear command and added link to clear all old DHCP

PPPoE

  • Tweak to PPPoE startup sequence

Profiles

  • Added setting for expected (good) state of a profile, showing as green in status if expected, and listed unexpected on home page
  • Added profile to fixed ping graph config, and made ping on interface subject to interface profile
  • Control switches no long show by default on NOBODY level users or those without full config access unless specifically listed in the control switch users

TCP

  • Fix TCP session stalling on large fast transfers

Web control pages

  • Added "add" to home page links list as order matters
  • Changed list of radius steering settings to show "ip" in list as important field
2014-10-24
Older factory release
1.34.000 (Mercury)
[Breakpoint]
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.33.000 to Factory release 1.34.000

BGP

  • Route show lists exports via BGP peers
  • Better change detect on BGP config changes and better logging of changes causing BGP restart

CQM

  • Updated graph names to 40 characters max, and allow colon in graph name

Flash

  • Avoid watchdog during flash write when CPU is busy

L2TP

  • L2TP/RADIUS not trying second choice when first is blacklisted

Logging

  • Detect closed browser window, and close TCP session, when displaying log

OS

  • Improve scheduling control when CPU is busy

Routing

  • Better next hop change detect logic (less trigger happy on config changes)

System

  • Fix occasional glitches when monitoring power levels

TCP

  • Add status display for TCP sessions (debug level users)
  • Correct connection timeout detection for rare corner cases. Improve TCP status display.
  • Add buffered data counts to TCP status display
  • Add window sizes to TCP status display
  • Fix TCP session hangs caused by packet drops in uncommon situations
  • Add TCP SYN cookie handling to mitigate SYN flooding
2014-10-09
Older factory release
1.33.000 (Lucifer)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.32.000 to Factory release 1.33.000

BGP

  • Delay BGP announce until FIB update started for route in question to minimise black holes
  • Further work deferring BGP announce until routes in FIB
  • Faster BGP withdrawal
  • BGP export stats to count "default" when send-default is set
  • Change of send-default restarts BGP session
  • Change of send-no-routes correctly withdraws routes, no session restart
  • Change to use-vrrp-as-self now correctly re-announces the changed next hop
  • Possibly trigger happy BGP keep alive check when lots of peers, fixed
  • Balance load better on rx traffic between peers

DHCP

  • DHCP server now does not send default router, subnet, lease, renew, syslog, timed, ntpd, domain, domain-search, if there are manually configured response attributes for these
  • DHCP server no longer no longer sends "name" attribute as host-name (12). Configure as an extra string attribute if required

Diagnostics

  • Showing routes was truncating if too many routes - buffer size increased

General

  • Better logging to flash of source of s/w load or reboot commands

Internal

  • Adjust buffer pool sizes and thresholds to avoid buffer depletion
  • More buffer count stats added to TCP

Monitoring

  • Check voltage readings from ADC for consistency.

PPP

  • Tweak to avoid resend of CHAP response to challenge if LCP restarted

Routing

  • Avoid route updates hogging all CPU

TCP

  • Improved congestion control and loss recovery
  • Fix problem with TCP window calculation causing buffer overload

TCP/BGP

  • Avoid BGP sessions being aborted by TCP if buffers run out

VRRP

  • Delay VRRP startup while route updates pending
  • Longer startup (uses configured delay when routes are updating)
2014-09-17
Older factory release
1.32.000 (Klingsor)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.31.000 to Factory release 1.32.000

BGP

  • Making BGP keep-alives higher priority, in case of really heavy BGP load
  • Fix race condition allowing BGP peer to vanish in rare conditions
  • Improved BGP shutdown sequence announces lower priority before withdrawing routes on shutdown
  • Shortened the BGP shutdown so it does not send the clears after the low-priority
  • Added configuration of BGP shutdown logic

Ethernet

  • Add new Ethernet DoS-detection parameters to config

General

  • Several minor internal changes that should improve stability

IPC

  • Tweak IPC thresholds to avoid ipcbusy happening and hence annoying error logs

IPsec

  • Peer IP added to log messages

L2TP

  • Fix for NAT via outgoing L2TP connection
  • Crash if too many graphs created with L2TP
  • RADIUS L2TP Relay for steering was sending zero length Proxy-State with is not value
  • Outgoing tunnel did not come up / go down on profile change

Logging

  • Fixed issue with logging causing occasional bad buffer address panics
  • Improve logging efficiency and avoid dropped log messages
  • Minor improvement to power level logging
  • Fixed http logging of graph URLs

OS

  • OS Stream and TCP restructure

PPP

  • PPP challenge response resend on no accept/reject response

Routing

  • Path/community fixed settings in routing config with multiple IPs listed caused error on memory allocation
  • Improved checking for route loops

Serial port

  • Fix serial port driver following internal stream handling changes

Syslog

  • External syslog now only includes general system log messages if specifically configured to do so

TCP

  • Tidy TCP MSS handling. Allow minimum MSS to be as low as 200.
  • Further TCP stack enhancements
  • Fix windowing problem - possibly causing slow transfers
  • Send window updates more often - improves BGP performance

UI

  • Show current stack usage as well as HWM in thread stats

VRRP

  • Fix bug in vrrp shutdown that was slowing down other shutdown processes
2014-08-08
Older factory release
1.31.000 (Janus)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.30.001 to Factory release 1.31.000

  • URLs fetched from the FireBrick for any reason now handle IP literals.
  • Option for URL to GET before a controlled reboot - mainly to warn nagios

DHCP Server

  • Minor tweaks to make NAK meet later RFCs

DNS

  • DNS fallback (default on) allows use of other tables for local lookups within the firebrick

Ethernet

  • Increased MTU to around 4k

Internal

  • Increase stack sizes and make route loop counter an error counter

L2TP

  • Fix for steering RADIUS response - was causing RADIUS to lock up totally
  • RADIUS options to control long term shapers for L2TP sessions

Logging

  • Avoid crash when displaying logging using CLI
  • Fix crash when displaying logs using colours

TCP

  • Ongoing TCP improvements. Minor functional changes - mod to initial MSS calculation; TIME-WAIT time reduced.
  • TCP restructuring to prepare for enhancements. Includes fix for failure to resend lost SYN introduced recently.
  • Fix failure to send MSS option with SYN

Web control pages

  • Latest safari adds xmlns attributes on every element for no apparent reason, was breaking web config edit. Worked around
2014-06-03
Older factory release
1.30.001 (Icarus)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.29.000 to Factory release 1.30.001

  • Release candidate

Config

  • Fix profile "traffic lights" in config edit (did not change state on some browsers)

Diagnostics

  • Ping and Traceroute no accessible using GET as well as POST. GET assumes XML output
  • Fixed crash when more than one ping or traceroute diagnostic was run concurrently

DNS

  • DNS resolution and caching is now routing table specific
  • DNS fallback option - for incoming requests if no server in required routing table relay to any DNS available - default true

Internal

  • Modify timing and logging of ipc overload events

L2TP

  • Fix for race condition in RADIUS/L2TP causing crash

Logging

  • New log-config setting in system to specifically log config changes

Ping

  • Added ping stats to XML for ping/traceroute

PPPoE

  • IPv4 local end would "stick" if changed from having IPv4 to not (i.e. IPv6 only)

Profiles

  • Slight change to control switch graphic
  • A new control switch profile will now start with the initial value.
  • Control switches can now use and/or/not logic to enable them to be set or reset by other profile changes.

RADIUS

  • Fix race condition

Web config

  • Minor typos in config edit

Web control pages

  • Link to see DNS server details on IPv6 was broken URL on some browsers
  • Minor change to control switch profile images to help colour blind users
2014-04-03
Older factory release
1.29.000 (Hendra)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.28.000 to Factory release 1.29.000

  • Release candidate for testing

DHCP

  • Subnet list shows pending DHCP client subnets
  • Typo in DHCP logs

DNS

  • Min nxdomain of 10 seconds now

FB105 tunnel

  • Log (rather than crash) if a badly fragmented 105 tunnel packet is received

L2TP

  • Added control of reply hostname on incoming L2TP connection
  • Added default hostname (system name) on outgoing L2TP connections

PPPoE

  • PPPoE server (BRAS) handling of standard GEA Agent Remote ID and Circuit ID as called/calling and downstream speed setting
  • PPPoE handling gerenal VLAN tagging
  • Added text NAS-Port to RADIUS when using PPPoE "port{:vlan}/MAC"
  • PPPoE did not handle VLAN priority tagging on inbound packets
  • Some extra debug of unexpected PPPoE messages or fields

Profiles

  • Profiles can now test an ethernet port status

RADIUS

  • New section of manual explaining RADIUS client settings and timeouts

Routing

  • New source-filter-table setting on interfaces to allow separate source filtering lists to be managed using routing tables

Security

  • Added manual section on OTP

SNMP

  • Added iso.3.6.1.4.1.24693.1 SNMP for system monitoring (voltages, temps, etc)
  • Updated manual to include FireBrick specific SNMP in appendix

TCP

  • Add debug logging for aborted TCP sessions; avoid tcp timeout control upsetting TIMED_WAIT state.

UI

  • Fix broken XML links in system status pages
  • Add memory block usage to system status memory page (alpha releases only)
2014-01-09
Older factory release
1.28.000 (Gordius)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.27.001 to Factory release 1.28.000

Bonding

  • Minor change to bonding to minimize packet reordering on arrival

Config

  • Replaced shutdown with profile on ethernet control settings
  • Added "Test" option to config save to automatically revert if not properly saved within 5 minutes.

DHCP

  • Added domain-search attribute, as it is specially coded

Diagnostics

  • Temporary diagnostics added for tracking down odd problems

L2TP

  • Added option to allow relay RADIUS auth reply to specify relay to another RADIUS server for auth or session steering.
  • Further minor tweak to bonding to improve re-order issues

Logging

  • Improve flash log replay at system startup. Should fix problem with non-detection and emailing of panic logs.

OS

  • Introduce new flash driver - currently for alpha builds only

pcap

  • pcap web interface allowing multiple select interfaces to match underlying capabilities

PortControl

  • Knightrider pattern (displayed when no ports connected) was running too slowly
2013-11-05
Older factory release
1.27.001 (Fidelio)
Config:XSD Doc
Manual:PDF HTML

Release notes from Factory release 1.27.000 to Factory release 1.27.001

PPPoE

  • PPPoE shows uptime