• Home
• News
• About FireBrick
• Products

• FireBrick FB2900
• FireBrick FB6000

• Legacy Products

• FireBrick FB2700
• FireBrick FB2500
• FireBrick FB105
• FireBrick SoHo/Plus

• Buy FireBrick
• Contact Us
• Support
• Reseller Area
• Press Information

FireBrick® Application Notes

On this page are a selection of typical application scenarios, and the way in which the FireBrick can be configured.

No-NAT ADSL connection

With a no-NAT ADSL connection, which are available from a number of ISPs including AAISP and Watchfront Internet, you are provided with a block of fixed public IP addresses (e.g. 16 addresses).

The ADSL router has one address, and you can use the other addresses for computers directly connected to the router (or via a swithc/hub). These addresses are normally completely unfiltered by your ISP, and so a vulnerability for your computers.

Each computer on your network uses the ADSL router as its gateway address (default route) for all internet traffic.

By connecting the FireBrick to the ADSL router, and your machines and hubs to the FireBrick, you immediately have firewall protection, allowing only a few selected ports in for web and email access, and allowing all outgoing traffic. From any of your machines you can access http://my.firebrick.co.uk/ to configure other ports to be allowed in to the network, or set up more sophisticated routing.

BT NetStart leased line

A BT NetStart line is configured in much the same way as a no-NAT ADSL line, with a block of addresses provided on a LAN. The FireBrick can be operated in stealth mode right out of the box.

Even in this mode, it is possible to give the FireBrick a WAN address and set up an additional private address subnet on the LAN side with NAT if you need more computers than you have been allocated IP addresses.

Firewalled leased line

A typical leased line will have a small block of public addresses connected to a router. An additional block of public addresses will be routed to one of the WAN addresses. The FireBrick acts as a router with a different subnet on the WAN and the LAN and not using NAT.

Tunnelled interconnected ADSL linked offices

If you have several offices, each with a no-NAT ADSL connection and a small block of IP addresses, each site can have a block of private addresses with NAT.

By using tunnels, it is possible to connect the FireBricks so that the private addresses in one office can communicate with the private addresses in another office using the internet and the FireBricks public addresses to carry an IP tunnel.

This means you can have a large virtual private network (VPN) using FireBrick tunnels.

The tunnels are configured to operate only on specific public IP addresses, and use a shared secret/password to further protect against attack.

Normal firewall filters can be applied to tunnelled traffic, allowing specific access between sites to be managed.

Managed office

A managed office will often involve a number of offices of various sizes with centrally provided telephone services. Increasingly smaller companies in these offices are looking at centrally provided internet services.

This makes sense as the management can get a 2Mb internet feed and sell it to tenants in smaller quantities. they can charge by usage, or more likely sell 64K multiples of bandwidth to each tenant. They can oversubscribe this because of the bursty nature of internet access (providing a contention much like ADSL).

By using the VLAN subnets feature and a VLAN capable network switch, each tenant can be given their own ports and DHCP address range. This can control access between tenants and also allow control and traffic shaping of  each tenant using their IP address ranges.