LANCOM 1711 VPN
Scope of features: as of LCOS version 7.2
| Firewall |
|
|
| Stateful inspection firewall | Incoming/Outgoing Traffic inspection based on connection information |
|
|
|
|
|
| Packet filter | Check based on the header information of an IP packet (IP or MAC source/destination addresses; source/destination ports, |
|
|
| DiffServ attribute); |
|
|
|
|
|
| Extended port forwarding | Network Address Translation (NAT) based on protocol and WAN address, i.e. to make internal webservers accessible from WAN |
|
|
|
|
|
| N:N IP address mapping | N:N IP address mapping for translation of IP addresses or entire networks |
|
|
|
|
|
| Tagging | The firewall marks packets with routing tags, e.g. for |
|
|
|
|
|
| Actions | Forward, drop, reject, block sender address, close destination port, disconnect |
|
|
|
|
|
| Notification | Via |
|
|
|
|
|
| Quality of Service |
|
|
| Traffic shaping | Dynamic bandwidth management with IP traffic shaping |
|
|
|
|
|
| Bandwidth reservation | Dynamic reservation of minimum and maximum bandwidths, totally or connection bases, separate settings for send and receive |
|
|
| directions |
|
|
|
|
|
| DiffServ/TOS | Priority queuing of packets based on DiffServ/TOS fields |
|
|
|
|
|
| Automatic |
| |
|
|
|
|
| Layer 2/Layer 3 tagging | Automatic or fixed translation of |
|
|
| routing mode. Translation from layer 3 to layer 2 with automatic recognition of |
|
| Security |
|
|
| Intrusion Prevention | Monitoring and blocking of login attempts and port scans |
|
|
|
|
|
| IP spoofing | Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowed |
|
|
|
|
|
| Access control lists | Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPI |
|
|
|
|
|
| Denial of Service protection | Protection from fragmentation errors and SYN flooding |
|
|
|
|
|
| General | Detailed settings for handling reassembly, PING, stealth mode and AUTH port |
|
|
|
|
|
| URL blocker | Filtering of unwanted URLs based on DNS hitlists and wildcard filters |
|
|
|
|
|
| Password protection |
| |
|
|
|
|
| Alerts | Alerts via |
|
|
|
|
|
| Authentication mechanisms | PAP, CHAP and |
|
|
|
|
|
|
| ||
|
|
|
|
| Adjustable reset button | Adjustable reset button for "ignore", |
|
|
|
|
|
| High availability / redundancy |
|
|
| VRRP | VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby |
|
|
| groups or reciprocal backup between multiple active devices including load balancing and user definable backup priorities |
|
|
|
|
|
| FirmSafe | For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates |
|
|
|
|
|
| ISDN backup | In case of failure of the main connection, a backup connection is established over ISDN; automatic return to the main connection |
|
|
|
|
|
| Analog/GSM modem backup | Optional operation of an analog or GSM modem at the serial interface |
|
|
|
|
|
| Load balancing | Static and dynamic load balancing over up to 4 WAN connections; channel bundling with Multilink PPP (if supported by network |
|
|
| operator) |
|
|
|
|
|
| VPN redundancy | Control of up to 16 redundant VPN gateways for high availability or load balancing |
|
|
|
|
|
| Line monitoring | Line monitoring with LCP echo monitoring, |
|
|
| polling. |
|
| VPN |
|
|
| One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced |
| |
|
| VPN Client |
|
|
|
|
|
| Creation of VPN connections between LANCOM router via drag and drop in LANconfig |
| |
|
|
|
|
| Number of VPN tunnels | 5 IPSec connections active simultaneously (25 with |
|
|
| Configuration of all remote sites via one configuration entry when using the RAS user template or Proadaptive VPN |
|
|
|
|
|
| Hardware accelerator (optional) | Activated 3DES/AES hardware encryption with the |
|
|
|
|
|
| IKE | IPSec key exchange with Preshared Key or certificate |
|
|
|
|
|
| Certificates | X.509 digital certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL, upload of PKCS#12 files via |
|
|
| HTTPS interface |
|
| Certificate rollout | Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol) |
|
|
|
|
|