The FireBrick firewall is a network appliance with a rich feature set, including a stateful firewall, router, managed switch, traffic shaping, tunneling, multilink handling, and much more.

FireBrick firewall overview

• Simply connect a FireBrick firewall between your computer or network, and your internet connection
• Provides instant firewall protection using default filter rules, without any configuration, in a typical application
• Uses Stealth firewall mode to route traffic between WAN and LAN without needing an IP address
• Select 1 of 4 most common firewall configurations using simple Factory Reset procedure
• IP Wizard - allows a number of common firewall scenarios to be quickly configured
• Load a pre-defined firewall configuration file for instant bespoke configuration

Easy-to-use web-based firewall configuration pages

• Use any web browser, no bespoke firewall configuration software needed
• Access from LAN or WAN, with password protection
• Multiple Administrative Users, each with configurable firewall access restrictions, including read-only
• Configurable User Interface (e.g. choose subnet masks format, date format, etc.)
• FireBrick firewall configuration can be saved to a PC, and reloaded to a FireBrick firewall later
• Software upgrades - download free from website, and load easily using web browser
• LEDs on the FireBrick firewall are configurable for at-a-glance diagnostics

Managed switch

• WAN port and 4 port LAN Switch as default
• WAN and LAN can be swapped (e.g. to use switch for multiple WAN connections)
• All ports RJ45, 10/100Mbps, Full/Half Duplex, Auto Crossover, fully configurable
• Throughput 100Mb/s switching, approx. 14Mb/s firewalling (typical)
• Built-in Cable Tester - diagnose cable shorts or breaks, disconnected or powered-down far end, distance to damage or far end, etc.
• Optional 5 Port Feature - all 5 ports independent, create DMZs, 5 firewalls etc.
• Optional VLAN Feature - VLAN tagging for when 5 ports are not enough, firewall between VLANs

Session tracking firewall

• Default firewall filters for most typical requirements, but fully customisable
• Ordered firewall filter matching on new sessions
• Session tracking firewall with configurable time-outs
• Filter on source and/or target ports and protocol (e.g. allow in TCP port 80 to web server)
• Filter on source and/or target IP addresses
• Use IP and Port Groups for source and/or target
• Filter on source and/or target interface(s) (e.g. WAN, LAN, DMZ, Tunnel, etc.)
• Filter on TCP SYN and TOS
• Each firewall rule can Allow, Drop, Bounce, or Reject
• Notify using Alert LED and log (configurable)
• With optional Reporting Feature, stats by syslog, email, and SNMP

Stealth

• Allows the FireBrick firewall to be plugged between WAN & LAN and filter traffic without having its own IP address
• Passes ARP requests between WAN and LAN
• ARP request/reply is tracked to avoid ARP stealing
• Makes the FireBrick firewall invisible to traceroute and portscans
• Easily disabled - configure as routing firewall with it's own IP address(es)

Firewall status information

• Log file records all critical events (configurable)
• Full RMON stats available for the routing core and each of the 5 ports
• Throughput stats available for each firewall filter rule, with per-second, per-5-minute, per-day and total counts
• Session list - shows all active sessions. Filter list by various parameters such as protocol
• DHCP report - shows all DHCP allocations, including renewal time, machine name and MAC
• ARP cache report - shows all active ARPs requested by the FireBrick firewall
• MAC cache report - shows all visible MAC addresses on per port basis
• Optional Reporting Feature for syslog, email and SNMP

IP groups

• Define groups of addresses (e.g. addresses of all your web servers)
• Use IP group by name in multiple places (e.g. firewall filters)
• Allows a single control (e.g. filter) to apply to many IP addresses, so reducing number of firewall filters required
• Allows even single addresses to be given a logical name, for ease of use
• IP of logged-in user - a special group ideal for allowing timed pin hole access from a dynamic IP address

Port groups

• Port groups - Define sets of protocol/ports (e.g. TCP 1024-65535->80/443 for web traffic)
• Use Port Group by name in multiple places (e.g. firewall filters)
• Allows a single control (e.g. firewall filter) to apply to many protocol/ports, so reducing number of controls required
• Allows even single protocol/port to be given a logical name, for ease of use

Subnets

• Define multiple subnets on multiple interfaces, each with:-
  • DHCP server with persistent allocation, configurable IP range, gateway, DNS servers, etc.
  • DHCP client, configurable, works with any standards-compliant server
  • Network Address Translation (NAT)
  • VLAN ID (with optional VLAN Feature)
• FireBrick firewall uses different MAC address for each subnet
• Multiple DHCP client subnets with different MACs (useful for some cable modem installations)
• DHCP Restrict - allocate specific addresses or subnets to specific machines, based on name or MAC of machines
• DHCP Mirror -
  • allows a DHCP allocated address (e.g. from cable modem) to be passed on to another machine, via DHCP server
• holds allocation while the other machine is switched off (useful if allocated address is dynamic)
• Supports /31 subnets (RFC3021, not widely supported so use with care)

Routing

• Normal and Stealth routing
• Ordered routing rules (first criteria match is followed)
• Routes can be placed before or after routing to subnets
• Routing match criteria:-
  • Route on source interface(s)
  • Route on target IP, port and/or protocol
  • Route on source IP, port and/or protocol
• Routing actions:-
  • Route to general interface or specific subnet/tunnel
  • Tag route as NAT or no NAT
  • Specify gateway address for ethernet routes
  • Proxy ARP (not a routing action as such)
• Weighted routing (%) with optional Bonding Feature (e.g. for load sharing between multiple links)

Mapping

• Map IP address and/or port of sessions
• E.g. map incoming traffic to internal server on private IP address
• Mapping match criteria:-
  • Any traffic, including stealth (make it routed)
  • Source IP, target IP, port/protocol
  • Source interface(s), target interface(s)
• Mapping action - change some or all attributes:-
  • New target interface (and specific subnet/tunnel)
  • New source IP (with option for self using 255.255.255.255)
  • New target IP
  • New target port
  • Block IP mapping if direct range of IPs used (not if IP group used)
• Weighted mapping (%) with optional Bonding Feature (e.g. for load sharing between web servers)

Profiles

• Profiles are used to modify the FireBrick firewall's behavior according to circumstance
• Enable/disable rules (routing, subnets, filters, mapping, users, tunnels, shaping, etc.)
• Standard FireBrick firewall includes fixed time-based profiles:-
  • "24/7" is default (always active) profile
  • "9-5 M-F" is 9am-5pm Monday-Friday (typical working hours)
  • "2am Sunday" is 2am-3am Sunday (ideal for things that must be done occasionally)
  • "NOT" profiles available, "NOT 24/7" being never (i.e. disabled)
• Optional Profiles Feature for configurable time, manual and ping-scan profiles

Pricing

FireBrick 105 firewall - £350
Feature key - £150