• Home
• News
• About FireBrick
• Products

• FireBrick FB2900
• FireBrick FB6000

• Legacy Products
• Buy FireBrick
• Contact Us
• Support
• Reseller Area
• Press Information

FireBrick FB6000

FB6402 Firewall

The FB6402 is designed to provide firewalling, typically for hosted servers in a data centre. It supports 8192 VLANs in total and each can be separately firewalls. Basic BGP is included primarily for announcing routes for its subnets. VRRP is supports so a dual box configuration can be supported allowing redundancy.

Overview

• Full gigabit capability making simple deployment - one pair of FB6402's with BGP and VRRP can provide redundancy.
• Very low power consumption (around 30W), dual PSU, 1U box. Save money on space and power in data centre.

Licencing

Full features for one price, no per session licencing or other extra costs.

Warranty

One year warranty on hardware against any manufacturing defect. Normal working hours / courier replacement. Recommended that two units are used together to provide hardware redundancy. On-going maintenance contracts available for extended hardware support beyond one year.

Hardware

1U, dual AC 120/240V inlets (monitored), 2 internal fans (monitored), approx 30W total power consumption.

Multi-position 19" rack mount ears, with variation for hanging mount in shallow depth telco racks.

Power at rear, ethernet ports at front.

Software upgrades

Free of charge, beta and released software. Internal flash holds last 10 versions with automatic fallback on crash/watchdog.

Reboot or software upgrade with clean shutdown of Firewall, BGP, VRRP, etc, for minimal disruption. Boot time under 1 second.

UK based s/w support team - email and irc support during office hours.

Configuration

Configuration defined by an XML document according to a published XSD schema. The configuration may be uploaded and downloaded by HTTP (e.g using curl). In addition the web interface contains an interactive configuration editor as does the command line interface.

Configuration changes are applied as seamlessly as possible when loaded without the need to re-boot.

Command line interface

The command line provides a number of commands to provide viewing of BGP, OSPF, and Firewall data, as well as clearing BGP sessions and clearing Firewall tunnels and sessions. Includes tab completion and interactive help text.

The command line is available via telnet and ssh and serial connection.

Ports

Two physical copper gigabit ethernet ports allowing 4096 VLANs on each. 10 independent routing tables which can be used with BGP and Firewall (ideal for management LAN, segregating customer traffic, walled garden and credit control LAN). Each port/VLAN can be attached to a specific routing table.

Access control

Access lists of telnet, ssh, tftp, web, snmp. These can also be attached to an independent routing table for specific port/VLANs.

Syslog

Syslog to external server with various levels of debugging data available. Logs also available live via command line interface.

Firewall

Easy to set up firewalling rules. Note, this is IP level firewalling and not virus scanning or web page filtering or proxying.

• Rules based on source interface.
• Rules based on target interface.
• Rules based on source IP.
• Rules based on target IP.
• Rules based on protocol and ports.
• Fill ICMP error handling matching quoted packet to sessions.
• Full IP and port mapping and NAT including ICMP support.
• IPv4 and IPv6 firewalling.
• IPv4 to/from IPv6 mapping.
• Generic NAT64 mapping for use with TOTD in IPv6 only environments.

BGP

Limited BGP is provided to allow subnets to be announced.

• Up to 50 BGP sessions with max-prefix of 1000 inbound routes.
• IPv4 and IPv6 BGP sessions.
• IPv4 and IPv6 routing data.
• AS4 (32 bit) AS number support.
• IPv6 protocol 41 tunnel announcements using 2002::/16 next hop.

OSPF

Not yet fully implemented.

SNMP

SNMP (read only) support for a number of functions including interface stats for each port/VLAN in use.

NTP

Simple NTP client to set clock for accurate logging with fallback via list of configured servers.

DHCP/RA

DHCP client mode available, multiple instances. Also RA client for IPv6 addressing.

RA server for passive IPv6 adress allocation to LAN.

VRRP

IPv4 VRRP2 and IPv4/6 VRRP3 server.

• Multiple VRRP IP addresses per port/VLAN.
• Can use standard floating MAC address, or can use fixed per machine MAC with promiscuous ARPs as configured.
• Dynamic VRRP priority based on routability of a list of addresses, allows VRRP to only become master when external routing in place.
• Pingable VRRP addresses for easier diagnostics.