Lancom Systems 1751 UMTS LS61621/54235100 Benutzerhandbuch
Produktcode
LS61621/54235100
LANCOM 1751 UMTS
Scope of features: as of LCOS version 7.2
Firewall
Stateful inspection firewall
Incoming/Outgoing Traffic inspection based on connection information
Packet filter
Check based on the header information of an IP packet (IP or MAC source/destination addresses; source/destination ports,
DiffServ attribute); remote- site dependant, direction dependant, bandwidth dependant
DiffServ attribute); remote- site dependant, direction dependant, bandwidth dependant
Extended port forwarding
Network Address Translation (NAT) based on protocol and WAN address, i.e. to make internal webservers accessible from WAN
N:N IP address mapping
N:N IP address mapping for translation of IP addresses or entire networks
Tagging
The firewall marks packets with routing tags, e.g. for policy- based routing
Actions
Forward, drop, reject, block sender address, close destination port, disconnect
Notification
Via e- mail, SYSLOG or SNMP trap
Quality of Service
Traffic shaping
Dynamic bandwidth management with IP traffic shaping
Bandwidth reservation
Dynamic reservation of minimum and maximum bandwidths, totally or connection bases, separate settings for send and receive
directions
directions
DiffServ/TOS
Priority queuing of packets based on DiffServ/TOS fields
Packet- size control
Automatic packet- size control by fragmentation or Path Maximum Transmission Unit (PMTU) adjustment.
Layer 2/Layer 3 tagging
Automatic or fixed translation of layer- 2 priority information (802.11p- marked Ethernet frames) to layer- 3 DiffServ attributes in
routing mode. Translation from layer 3 to layer 2 with automatic recognition of 802.1p- support in the destination device.
routing mode. Translation from layer 3 to layer 2 with automatic recognition of 802.1p- support in the destination device.
Security
Intrusion Prevention
Monitoring and blocking of login attempts and port scans
IP spoofing
Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowed
Access control lists
Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPI
Denial of Service protection
Protection from fragmentation errors and SYN flooding
General
Detailed settings for handling reassembly, PING, stealth mode and AUTH port
URL blocker
Filtering of unwanted URLs based on DNS hitlists and wildcard filters
Password protection
Password- protected configuration access can be set for each interface
Alerts
Alerts via e- mail, SNMP- Traps and SYSLOG
Authentication mechanisms
PAP, CHAP and MS- CHAP as PPP authentication mechanism
Anti- theft
Anti- theft ISDN site verification over B or D channel (self- initiated call back and blocking) or by GPS positioning.
Adjustable reset button
Adjustable reset button for "ignore", "boot- only" and "reset- or- boot
High availability / redundancy
VRRP
VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby
groups or reciprocal backup between multiple active devices including load balancing and user definable backup priorities
groups or reciprocal backup between multiple active devices including load balancing and user definable backup priorities
FirmSafe
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates
UMTS backup
In case of failure of the main connection, a backup connection is established over the internal UMTS modem; automatic return
to the main connection
to the main connection
ISDN backup
In case of failure of the main connection, a backup connection is established over ISDN; automatic return to the main connection
Load balancing
Static and dynamic load balancing over up to 4 WAN connections; channel bundling with Multilink PPP (if supported by network
operator)
operator)
VPN redundancy
Control of up to 16 redundant VPN gateways for high availability or load balancing
Line monitoring
Line monitoring with LCP echo monitoring, dead- peer detection and up to 4 addresses for end- to- end monitoring with ICMP
polling.
polling.
VPN
1- Click- VPN Client assistant
One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced
VPN Client
VPN Client
1- Click- VPN Site- to- Site
Creation of VPN connections between LANCOM router via drag and drop in LANconfig
Number of VPN tunnels
5 IPSec connections active simultaneously (25 with VPN- 25 Option), 25 connections configurable (50 with VPN- 25 Option).
Configuration of all remote sites via one configuration entry when using the RAS user template or Proadaptive VPN
Configuration of all remote sites via one configuration entry when using the RAS user template or Proadaptive VPN
Hardware accelerator (optional)
Activated 3DES/AES hardware encryption with the VPN- 25 Option
IKE
IPSec key exchange with Preshared Key or certificate
Certificates
X.509 digital certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL, upload of PKCS#12 files via
HTTPS interface
HTTPS interface
Certificate rollout
Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol)