Lancom Systems 1781A 62601 Benutzerhandbuch
Produktcode
62601
Firewall
Incoming/Outgoing Traffic inspection based on connection information. Trigger for firewall rules depending on backup status, e.g. simplified rule
sets for low-bandwidth backup lines. Limitation of the number of sessions per remote site (ID)
sets for low-bandwidth backup lines. Limitation of the number of sessions per remote site (ID)
Stateful inspection firewall
Check based on the header information of an IP packet (IP or MAC source/destination addresses; source/destination ports, DiffServ attribute);
remote-site dependant, direction dependant, bandwidth dependant
remote-site dependant, direction dependant, bandwidth dependant
Packet filter
Network Address Translation (NAT) based on protocol and WAN address, i.e. to make internal webservers accessible from WAN
Extended port forwarding
N:N IP address mapping for translation of IP addresses or entire networks
N:N IP address mapping
The firewall marks packets with routing tags, e.g. for policy-based routing; Source routing tags for the creation of independent firewall rules for
different ARF contexts
different ARF contexts
Tagging
Forward, drop, reject, block sender address, close destination port, disconnect
Actions
Via e-mail, SYSLOG or SNMP trap
Notification
Quality of Service
Dynamic bandwidth management with IP traffic shaping
Traffic shaping
Dynamic reservation of minimum and maximum bandwidths, totally or connection based, separate settings for send and receive directions. Setting
relative bandwidth limits for QoS in percent
relative bandwidth limits for QoS in percent
Bandwidth reservation
Priority queuing of packets based on DiffServ/TOS fields
DiffServ/TOS
Automatic packet-size control by fragmentation or Path Maximum Transmission Unit (PMTU) adjustment
Packet-size control
Automatic or fixed translation of layer-2 priority information (IEEE 802.11p-marked Ethernet frames) to layer-3 DiffServ attributes in routing mode.
Translation from layer 3 to layer 2 with automatic recognition of IEEE 802.11p-support in the destination device
Translation from layer 3 to layer 2 with automatic recognition of IEEE 802.11p-support in the destination device
Layer 2/Layer 3 tagging
Security
Monitoring and blocking of login attempts and port scans
Intrusion Prevention
Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowed
IP spoofing
Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPI
Access control lists
Protection from fragmentation errors and SYN flooding
Denial of Service protection
Detailed settings for handling reassembly, PING, stealth mode and AUTH port
General
Password-protected configuration access can be set for each interface
Password protection
Alerts via e-mail, SNMP-Traps and SYSLOG
Alerts
PAP, CHAP, MS-CHAP and MS-CHAPv2 as PPP authentication mechanism
Authentication mechanisms
Anti-theft ISDN site verification over B or D channel (self-initiated call back and blocking)
Anti-theft
Adjustable reset button for 'ignore', 'boot-only' and 'reset-or-boot'
Adjustable reset button
High availability / redundancy
VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby groups or reciprocal
backup between multiple active devices including load balancing and user definable backup priorities
backup between multiple active devices including load balancing and user definable backup priorities
VRRP
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates
FirmSafe
In case of failure of the main connection, a backup connection is established over ISDN. Automatic return to the main connection
ISDN backup
Optional operation of an analog or GSM modem at the serial interface
Analog/GSM modem backup
Static and dynamic load balancing over up to 4 WAN connections. Channel bundling with Multilink PPP (if supported by network operator)
Load balancing
Backup of VPN connections across different hierarchy levels, e.g. in case of failure of a central VPN concentrator and re-routing to multiple distributed
remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active connections). Up to 32 alternative remote
stations, each with its own routing tag, can be defined per VPN connection. Automatic selection may be sequential, or dependant on the last
connection, or random (VPN load balancing)
remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active connections). Up to 32 alternative remote
stations, each with its own routing tag, can be defined per VPN connection. Automatic selection may be sequential, or dependant on the last
connection, or random (VPN load balancing)
VPN redundancy
Line monitoring with LCP echo monitoring, dead-peer detection and up to 4 addresses for end-to-end monitoring with ICMP polling
Line monitoring
VPN
Enables IPsec VPN based on TCP (at port 443 like HTTPS) which can go through firewalls in networks where e. g. port 500 for IKE is blocked. Suitable
for client-to-site connections (with LANCOM Advanced VPN Client 2.22 or later) and site-to-site connections (LANCOM VPN gateways or routers
with LCOS 8.0 or later). IPSec over HTTPS is based on the NCP VPN Path Finder technology
for client-to-site connections (with LANCOM Advanced VPN Client 2.22 or later) and site-to-site connections (LANCOM VPN gateways or routers
with LCOS 8.0 or later). IPSec over HTTPS is based on the NCP VPN Path Finder technology
IPSec over HTTPS
LANCOM 1781A
Features as of: LCOS 9.00