Manuals / Lancom Systems / Computer Equipment / Network Router

Lancom Systems 1711 Scope of features as of LCOS version, Firewall, Quality of Service, Security

Models: 1711

1 7
Download 7 pages 33.19 Kb
Page 3
Image 3
Scope of features: as of LCOS version 7.2

LANCOM 1711 VPN

Scope of features: as of LCOS version 7.2

 

Firewall

 

 

 

Stateful inspection firewall

Incoming/Outgoing Traffic inspection based on connection information

 

 

 

 

 

 

Packet filter

Check based on the header information of an IP packet (IP or MAC source/destination addresses; source/destination ports,

 

 

 

DiffServ attribute); remote-site dependant, direction dependant, bandwidth dependant

 

 

 

 

 

 

Extended port forwarding

Network Address Translation (NAT) based on protocol and WAN address, i.e. to make internal webservers accessible from WAN

 

 

 

 

 

 

N:N IP address mapping

N:N IP address mapping for translation of IP addresses or entire networks

 

 

 

 

 

 

Tagging

The firewall marks packets with routing tags, e.g. for policy-based routing

 

 

 

 

 

 

Actions

Forward, drop, reject, block sender address, close destination port, disconnect

 

 

 

 

 

 

Notification

Via e-mail, SYSLOG or SNMP trap

 

 

 

 

 

 

Quality of Service

 

 

 

Traffic shaping

Dynamic bandwidth management with IP traffic shaping

 

 

 

 

 

 

Bandwidth reservation

Dynamic reservation of minimum and maximum bandwidths, totally or connection bases, separate settings for send and receive

 

 

 

directions

 

 

 

 

 

 

DiffServ/TOS

Priority queuing of packets based on DiffServ/TOS fields

 

 

 

 

 

 

Packet-size control

Automatic packet-size control by fragmentation or Path Maximum Transmission Unit (PMTU) adjustment.

 

 

 

 

 

 

Layer 2/Layer 3 tagging

Automatic or fixed translation of layer-2 priority information (802.11p-marked Ethernet frames) to layer-3 DiffServ attributes in

 

 

 

routing mode. Translation from layer 3 to layer 2 with automatic recognition of 802.1p-support in the destination device.

 

 

Security

 

 

 

Intrusion Prevention

Monitoring and blocking of login attempts and port scans

 

 

 

 

 

 

IP spoofing

Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowed

 

 

 

 

 

 

Access control lists

Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPI

 

 

 

 

 

 

Denial of Service protection

Protection from fragmentation errors and SYN flooding

 

 

 

 

 

 

General

Detailed settings for handling reassembly, PING, stealth mode and AUTH port

 

 

 

 

 

 

URL blocker

Filtering of unwanted URLs based on DNS hitlists and wildcard filters

 

 

 

 

 

 

Password protection

Password-protected configuration access can be set for each interface

 

 

 

 

 

 

Alerts

Alerts via e-mail, SNMP-Traps and SYSLOG

 

 

 

 

 

 

Authentication mechanisms

PAP, CHAP and MS-CHAP as PPP authentication mechanism

 

 

 

 

 

 

Anti-theft

Anti-theft ISDN site verification over B or D channel (self-initiated call back and blocking)

 

 

 

 

 

 

Adjustable reset button

Adjustable reset button for "ignore", "boot-only" and "reset-or-boot

 

 

 

 

 

 

High availability / redundancy

 

 

 

VRRP

VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby

 

 

 

groups or reciprocal backup between multiple active devices including load balancing and user definable backup priorities

 

 

 

 

 

 

FirmSafe

For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates

 

 

 

 

 

 

ISDN backup

In case of failure of the main connection, a backup connection is established over ISDN; automatic return to the main connection

 

 

 

 

 

 

Analog/GSM modem backup

Optional operation of an analog or GSM modem at the serial interface

 

 

 

 

 

 

Load balancing

Static and dynamic load balancing over up to 4 WAN connections; channel bundling with Multilink PPP (if supported by network

 

 

 

operator)

 

 

 

 

 

 

VPN redundancy

Control of up to 16 redundant VPN gateways for high availability or load balancing

 

 

 

 

 

 

Line monitoring

Line monitoring with LCP echo monitoring, dead-peer detection and up to 4 addresses for end-to-end monitoring with ICMP

 

 

 

polling.

 

 

VPN

 

 

 

1-Click-VPN Client assistant

One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced

 

 

 

VPN Client

 

 

 

 

 

 

1-Click-VPN Site-to-Site

Creation of VPN connections between LANCOM router via drag and drop in LANconfig

 

 

 

 

 

 

Number of VPN tunnels

5 IPSec connections active simultaneously (25 with VPN-25 Option), 25 connections configurable (50 with VPN-25 Option).

 

 

 

Configuration of all remote sites via one configuration entry when using the RAS user template or Proadaptive VPN

 

 

 

 

 

 

Hardware accelerator (optional)

Activated 3DES/AES hardware encryption with the VPN-25 Option

 

 

 

 

 

 

IKE

IPSec key exchange with Preshared Key or certificate

 

 

 

 

 

 

Certificates

X.509 digital certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL, upload of PKCS#12 files via

 

 

 

HTTPS interface

 

 

Certificate rollout

Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol)

 

 

 

 

 

Page 2 Page 4
Page 3
Image 3
Lancom Systems manual Scope of features as of LCOS version, Firewall, Quality of Service, Security, LANCOM 1711 VPN
Page 2 Page 4