Lancom Systems OAP-3G 61539 Benutzerhandbuch

LANCOM OAP-3G

Scope of features: as of LCOS version 8.5x

Categories/category profiles

Filter rules can be defined in each profile by collecting category profiles from 58 categories, for example to restrict Internet 
access to business purposes only (limiting private use) or by providing protection from content that is harmful to minors or 
hazardous content (e.g. malware sites). Clearly structured selection due to the grouping of similar categories. Content for each 
category can be allowed, blocked, or released by override

Override

Each category can be given an optional manual override that allows the user to access blocked content on a case- by- case basis. 
The override operates for a limited time period by blocking the category or domain, or a combination of both. Optional 
notification of the administrator in case of overrides

Black- /whitelist

Lists that are manually configured to explicitly allow (whitelist) or block (blacklist) web sites for each profile, independent of the 
rating server. Wildcards can be used when defining groups of pages or for filtering sub pages

Profiles

Timeframes, blacklists, whitelists and categories are collected into profiles that can be activated separately for content- filter 
actions. A default profile with standard settings blocks racist, pornographic, criminal, and extremist content as well as 
anonymous proxies, weapons/military, drugs, SPAM and malware

Time frames

Timeframes can be flexibly defined for control over filtering depending on the time of day or weekday, e.g. to relax controls 
during break times for private surfing

Flexible firewall action

Activation of the content filter by selecting the required firewall profile that contains content- filter actions. Firewall rules enable 
the flexible use of your own profiles for different clients, networks or connections to certain servers

Individual display pages (for blocked, 
error, override)

Response pages displayed by the content filter in case of blocked sites, errors or overrides can be custom designed. Variables 
enable the inclusion of current information such as the category, URL, and rating- server categorization. Response pages can be 
issued in any language depending on the language set in the user's web browser

Redirection to external pages

As an alternative to displaying the device's own internal response pages to blockings, errors or overrides, you can redirect to 
external web servers

License management

Automatic notification of license expiry by e- mail, LANmonitor, SYSLOG or SNMP trap. Activation of license renewal at any time 
before expiry of the current license (the new licensing period starts immediately after expiry of the current license)

Statistics

Display of the number of checked and blocked web pages by category in LANmonitor. Logging of all content- filter events in 
LANmonitor; log file created daily, weekly or monthly. Hit list of the most frequently called pages and rating results. Analysis of 
the connection properties; minimum, maximum and average rating- server response time

Notifications

Messaging in case of content- filter events optionally by e- mail, SNMP, SYSLOG or LANmonitor

Wizard for typical configurations

Wizard sets up the content filters for a range of typical scenarios in a few simple steps, including the creation of the necessary 
firewall rules with the corresponding action

Max. users

Simultaneous checking of HTTP traffic for a maximum of 100 different IP addresses

Router

IP and NetBIOS/IP multi- protocol router

Advanced Routing and Forwarding

Separate processing of 16 contexts due to virtualization of the routers. Mapping to VLANs and complete independent 
management and configuration of IP networks in the device, i.e. individual settings for DHCP, DNS, Firewalling, QoS, VLAN, 
Routing etc. Automatic learning of routing tags for ARF contexts from the routing table

HTTP

HTTP and HTTPS server for configuration by web interface

DNS

DNS client, DNS server, DNS relay, DNS proxy and dynamic DNS client

DHCP

DHCP client, DHCP relay and DHCP server with autodetection. Cluster of several LANCOM DHCP servers per context (ARF 
network) enables caching of all DNS assignments at each router. DHCP forwarding to multiple (redundant) DHCP servers

NetBIOS

NetBIOS/IP proxy

NTP

NTP client and SNTP server, automatic adjustment for daylight- saving time

Policy- based routing

Policy- based routing based on routing tags. Based on firewall rules, certain data types are marked for specific routing, e.g. to 
particular remote sites or lines

Dynamic routing

Dynamic routing with RIPv2. Learning and propagating routes; separate settings for LAN and WAN. Extended RIPv2 including 
HopCount, Poisoned Reverse, Triggered Update for LAN (acc. to RFC 2453) and WAN (acc. to RFC 2091) as well as filter options 
for propagation of routes. Definition of RIP sources with wildcards

VLAN

VLAN ID definable per interface and routing context (4,094 IDs) IEEE 802.1q

ARP lookup

Packets sent in response to LCOS service requests (e.g. for Telnet, SSH, SNTP, SMTP, HTTP(S), SNMP, etc.) via Ethernet can be 
routed directly to the requesting station (default) or to a target determined by ARP lookup

COM port forwarding

COM- port server for the DIN interface. For a serial device connected to it, the server manages its own virtual COM port via Telnet 
(RFC 2217) for remote maintenance (works with popular virtual COM- port drivers compliant with RFC 2217). Switchable newline 
conversion and alternative binary mode. TCP keepalive according to RFC 1122 with configurable keepalive interval, 
retransmission timeout and retries

IP

ARP, proxy ARP, BOOTP, DHCP, DNS, HTTP, HTTPS, IP, ICMP, NTP/SNTP, NetBIOS, PPPoE (server), RADIUS, RIP- 1, RIP- 2, RTP, 
SIP, SNMP, TCP, TFTP, UDP, VRRP, VLAN

Ethernet

PPPoE, Multi- PPPoE, ML- PPP, PPTP (PAC or PNS) and plain Ethernet (with or without DHCP), RIP- 1, RIP- 2, VLAN, IP