Key Features

Key/Network features

Four copper 10/100/1000Mb/s Ethernet ports with Gb/s switching and routing up to 750Mb/s
One SFP gigabit Ethernet port, allowing a range of SFP modules for additional copper port, fibre, etc. (The SFP does not need to be specially 'coded')
Current internet protocols (IPv6) built in to the design from the start, not an afterthought.
Full ICMP and ICMPv6 aware stateful session tracking
Interface packet dump compatible with tcpdump and wireshark
Comprehensive firewalling rules using interfaces, protocols, and ports, source and target
Support for controlled access and mapping in NAT environments using NAT-PMP and PCP
Port and IP mapping including basic NAT, and mapping between IPv4 and IPv6 with ICMP and ICMPv6 handling
Multiple VLAN operation allowing DMZ and segregated networks
Powerful DHCP server as well as IPv6 route announcement for simple control of an office network
Syslog logging (windows servers are available) and SNMP monitoring

Optional Industry standard Virtual Router Redundancy Protocol (VRRP) allowing multiple device fallback
Optional routing features for multi-homed installations using BGP or OSPF
Multiple independent routing tables
Local DNS caching relay with configurable DNS overrides
Real time graphs of usage / shapers and ping graphs
Traffic shaping, limiting speeds and/or allowing bursting over a time period
Simple web interface (http or https) and command line interfaces, including XML based config and web based config editor
Config test and roll-back features
Time profile and ping monitoring to control aspects of operation automatically
Multi-colour configurable information LED to aid remote diagnostics and report status visually
Automatic free software updates, and sub second reboot time
9k MTU switching, and 2k MTU routing allowing baby jumbo needed for PPPoE and un-fragmented L2TP to carry full frame packets
MQTT Broker, with some FireBrick operations (Profiles/VoIP/DHCP) being able to send MQTT messages.

Further Features

Internet access features

PPPoE allowing multiple bridging modems to be connected directly or via VLAN switch
Very fast PPPoE negotiation and recovery
Optional multiple line bonding working with suitable ISPs or via tunnels
Optional load balancing multiple ISPs with weighting options
Fall back routing
Routing based on traffic type and source addresses
IP level NAT with configurable timeouts and port mappings
3G/4G dongle support (multiple dongles via suitable USB hub) - works with selected models of dongle
Can work with some models of direct SFP VDSL/ADSL modem modules to allow a direct connection to VDSL/ADSL line
Optional operation as PPPoE BRAS with local or RADIUS based authentication for small scale ISP set up

Tunnels/VPNs

Optional IPsec with IKEv2
Optional Legacy "FB105" unencrypted tunnel support
Direct L2TP client support
Optional L2TP server with local or RADIUS based authentication for small scale ISP operations
ACME certificate management to work with Let's Encrypt for free and easy certificate set up for IPsec and https
ETUN Ether tunnels (RFC3378)
Hardware TRNG for added security

VoIP PABX

Compatible with standard SIP UDP 8 bit A-law operation for crisp clear phone calls requiring no conversion to/from PSTN
Operates as phone system allowing devices to register to it as telephone extensions
Operates as a phone/extension to connect to Internet SIP carriers, registering with the carrier as one or more phones
Can operate using back-to-back config allowing phones to make internal calls locally and have hunt groups whilst each phone is operating as an Internet based phone line
Hunt groups operating a variety of ways, with fall back, and time profile controls - including external numbers
Busy lamp field (tested on SNOM)
Call and group pick up
Call steal (reverse call transfer) feature
Call tee feature to allow call recording (stereo) on local or Internet based call recorders (linux s/w supplied)

Ping Graphs (CQM)

The FireBrick provides Constant Quality Monitoring. The main purpose of this is to provide a graphical representation of the performance of an interface or traffic shaper - typically used for broadband lines on L2TP or as ping results to specified endpoints.

100 second interval statistics available graphically as svg or png and in text as csv covering at least the last 25 hours (one day)
Loss latency stats where available (e.g. LCP echos on L2TP broadband lines) including minimum, average, and maximum latency for the 100 second sample, and percentage packet loss.
Throughput stats where available (e.g. interfaces, shapers , L2TP broadband lines ) including average tx and rx rate for 100 second sample

Graphs can be loss/latency or throughput of both. A ping only system would only have loss/latency. An L2TP broadband line has both. An interface or shaper normally has only throughput data.

Ping graphs can be created in 5 main ways.

Defining <ping.../> elements in the config for each graph
Specifying a <ping-url='...'/> attribute in the cqm config to read a bulk list of pings
Using the web interface's ping form (Graphs/Ping) to specify individual addresses to ping
Using the web interface's ping form to read a bulk list of pings from a specified URL
Making automated HTTP/HTTPS requests to specify individual addresses to ping

Number of ping targets.

You can specify a maximum of 2,000 pings in the config.
You can specify more if you specify a bulk ping-url URL.
Depending on what else the FireBrick is doing the maximum suggested limit would be around the 2,000 mark.
Loading 100s of graph images over https will be very slow, using plain http would be recommended for units with a large number of graphs.
In practice, you can add more than 2,000 graphs, but the FB2900 will be CPU bound when doing other activities (eg downloading graph data) and ping data may be lost.
For more than 2,000 graphs, we'd suggest using a FB9000 device.

Physical/electrical, etc

See the FB2900 Quick Start Guide for formal details: FB2900 Quick Start Guide

Mains power via "figure 8" IEC mains connector, only 15W
DC option using Anderson Powerpole connectors, plug and tails provided. Automotive, or 48V industrial DC options.
Metal case, 185mm by 135mm by 35mm (40mm with feet) so will typically fit on 1U rack shelf with clearance. 720g (typical mains power version)
Connectors: 4x RJ45, 1x SFP, 1xUSB, power (AC or DC). All connectors on one side
LEDs for copper port status, and general multicolour status LED. Mirror LEDs on other side
Rack/wall mount kit allows mounting either way around/up
No fans or air holes, runs cool (though plug in devices such as USB or SFP could get hot)
Tested against all relevant specifications including new safety tests.
Made in UK. Uses in-house firmware, operating system and bootloader, coded in UK. This includes all security code such as IPsec.
Small, low power, cool operation makes the FireBrick ideal for use in street furniture / cabinets providing VPN, VoIP, BRAS services.

Options

The main option is base or fully loaded where the latter has all of the above optional features. It is possible to upgrade at a later date.
Rack mount brackets for single FB2900 in standard 19" rack, or dual FB2900, both in 1U height. Rack mount kit also allows for easy wall mounting. See the bracket guide: FB2900Bracket.pdf
A completely new power supply design allows us to also offer DC power options, either automotive (up to 24V) or industrial (48V).