diff --git a/source/Firewalls.tex b/source/Firewalls.tex
index 0be6551..c5568a7 100644
--- a/source/Firewalls.tex
+++ b/source/Firewalls.tex
@@ -21,46 +21,127 @@ What is the network doing?
  \item Aguri
 \end{itemize}
 
-%
-% Authentication
-
 \section{Authentication}
 Two-factor authentication using TOTP.
 
-%
-% Hardware
-
 \section{Firewall Hardware Overview}
 Hardware.
 
+\begin{itemize}
+    \item OPNsense is based on FreeBSD \\ \url{https://opnsense.org/}
+        \\ \url{https://wiki.opnsense.org/index.html}
+    \item Iris FW1100 datasheet \\ \url{https://www.supermicro.com/products/system/1U/1018/SYS-1018D-FRN8T.cfm}
+\end{itemize}
+
+The Supermicro SuperServer 1018D-FRN8T is a 1U server with front I/O.
+That means that both the rear I/O ports as well as the I/O expansion
+ports are found along the front side of the rack. In many cases this
+is a desirable configuration as it can make cabling very simple.
 
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ss-front.png}
+    \caption{Supermicro SuperServer 1018D-FRN8T Front}
+    \label{fig:supermicroSSfront} 
+\end{figure}
+
+The rear of the unit has a redundant 400W power supply. Rated at 80
+Plus Platinum the power supplies are efficient as well. The remainder
+of the rear is simply a bezel for fans.
+
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ss-rear.png}
+    \caption{Supermicro SuperServer 1018D-FRN8T Rear}
+    \label{fig:supermicroSSrear}
+\end{figure}
+
+The onboard I/O is plentiful. There are two USB 3.0 ports along with
+a VGA port for KVM carts. Above the USB ports there is a RJ-45
+Ethernet port for out-0f-band management that can be directly
+connected to a dedicated management network. 
+%-------------------
+Furthermore there are
+six 1GbE ports connected to two Intel i210-at controllers and an
+Intel i350-am4 controller. The two SFP+ ports are controlled by the
+Xeon D’s Intel X552 NIC. For firewalls and other appliances, this is
+a very strong configuration.
+
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/iris-fw1100-front.png}
+    \caption{Supermicro SuperServer 1018D-FRN8T interfaces}
+    \label{fig:supermicroSSinterfaces}
+\end{figure}
+
+Inside the system we see a redundant set of fans near the PSU bezel
+and a very small motherboard inside. One can see our two stacks of
+Seagate Enterprise Capacity V3 1TB 7200rpm drives as well. We removed
+the PCIe riser and the airflow shroud from this picture to show off
+the internals better.
+
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ss-noshroud.png}
+    \caption{Supermicro SuperServer 1018D-FRN8T Internal no shroud}
+    \label{fig:supermicroSSnoshroud}
+\end{figure}
+
+\subsection{Remote Management}
+
+Supermicro’s IPMI and KVM-over-IP enables deployment flexibility.
+One can do remote power up, power down, and reset of the server in
+the event that it becomes unresponsive.
+
+\begin{itemize}
+    \item fan speeds, chassis intrusion sensors, thermal sensors,
+        and etc. can be monitored remotely
+    \item remote power control. One can do remote power up, power
+        down, and reset of the server in the event that it becomes
+        unresponsive.
+    \item alerts can be setup to notify the admins of issues.
+    \item remotely mount CD images and floppy images to the machine
+        over the dedicated management Ethernet controller. This keeps
+        maintenance traffic off of the primary Intel NICs.
+        At the same time it removes the need for an optical disk to
+        be connected to the Supermicro motherboard.
+\end{itemize}
+
+Supermicro’s BIOS has a feature: the BMC IP address shows
+up on the post screen!
+If you have a KVM cart hooked up to the system, it gives an
+indicator of which machine one is connected to during post.
+
+Supermicro does include KVM-over-IP functionality with the motherboard.
+
+\newpage
+\section{Alternatives Firewalls Hardware Overview}
 Some resellers:
 \begin{itemize}
- \item \url{https://www.deciso.com/}
- \item \url{https://www.pfwhardware.com/}
- \item \url{https://www.osnet.eu/}
+    \item \url{https://www.deciso.com/}
+    \item \url{https://www.pfwhardware.com/}
+    \item \url{https://www.osnet.eu/}
 \end{itemize}
 
 \begin{itemize}
- \item (8) 1 gig ethernet ports
-  Connects to (1) 100M ethernet upstream fiber optic
-  Connects to (1) 100M ethernet upstream wifi
-  Various LAN
- \item (Hot swap?) Dual Power Supplies
- \item (How swap?) RAID (Linux md), with SSD storage.
- \item 2.5'' drive bays
- \item Total ~8GHz CPU
- \item ~8-16 gigs RAM ? Depends on OS.
- \item Two servers total, for standby/failover
+    \item (8) 1 gig ethernet ports
+        Connects to (1) 100M ethernet upstream fiber optic
+        Connects to (1) 100M ethernet upstream wifi
+        Various LAN
+    \item (Hot swap?) Dual Power Supplies
+    \item (How swap?) RAID (Linux md), with SSD storage.
+    \item 2.5'' drive bays
+    \item Total ~8GHz CPU
+    \item ~8-16 gigs RAM ? Depends on OS.
+    \item Two servers total, for standby/failover
 \end{itemize}
 
-%
-% Firewall
-\section{Overview}
+\section{IP-tables Firewall}
+\subsection{Overview}
 Most servers and workstations run GNU/Linux, which uses iptables.
 
 
-\section{iptables}
+\subsection{iptables}
 iptables is part of the Netfilter project and has been included by default in
 the Linux kernel for many years.
 
@@ -70,7 +151,7 @@ the Linux kernel for many years.
  \label{fig:www-netfilter}
 \end{figure}
 
-\section{Requirements}
+\subsection{Requirements}
 There are a lot of operating systems to consider to use as a firewall...
 
 Notes on some requirements in a firewall.
@@ -106,8 +187,8 @@ Notes on some requirements in a firewall.
 \end{itemize}
 
 
-\section{Firewall Operating Systems in Use}
-\subsection{Debian}
+\subsection{Firewall Operating Systems in Use}
+\Large{Debian}
 
 \href{https://www.debian.org/}{Debian}
 
@@ -122,7 +203,7 @@ Linux's iptables is used on servers.
  \label{fig:www-debian-in-firewalls-chapter}
 \end{figure}
 
-\subsection{Proxmox setups iptables-firewall}
+\Large{Proxmox setups iptables-firewall}
 During Proxmox installation on the nodes, firewall is being confugured.
 Some of nodes configurations can be found in chapter Free software under 
 path apps/forksand-nodes-bootstrap/...
diff --git a/source/resources/images/sf-fw/ss-board.png b/source/resources/images/sf-fw/ss-board.png
new file mode 100644
index 0000000..ac6f437
Binary files /dev/null and b/source/resources/images/sf-fw/ss-board.png differ
diff --git a/source/resources/images/sf-fw/ss-front.png b/source/resources/images/sf-fw/ss-front.png
new file mode 100644
index 0000000..45a8022
Binary files /dev/null and b/source/resources/images/sf-fw/ss-front.png differ
diff --git a/source/resources/images/sf-fw/ss-noshroud.png b/source/resources/images/sf-fw/ss-noshroud.png
new file mode 100644
index 0000000..72ed605
Binary files /dev/null and b/source/resources/images/sf-fw/ss-noshroud.png differ
diff --git a/source/resources/images/sf-fw/ss-rear.png b/source/resources/images/sf-fw/ss-rear.png
new file mode 100644
index 0000000..38eeb7d
Binary files /dev/null and b/source/resources/images/sf-fw/ss-rear.png differ