Lancom Systems DSL/I-10+ LS61133 User Manual
Product codes
LS61133
LANCOM DSL/I-10+
Firewall
Stateful inspection firewall
Direction- dependant check based on connection information
Packet filter
Check based on the header information of an IP packet (IP or MAC source/destination addresses; source/destination ports,
DiffServ attribute); remote- site dependant, direction dependant, bandwidth dependant
DiffServ attribute); remote- site dependant, direction dependant, bandwidth dependant
Masquerading
Network Address Translation (NAT), N:N mapping for the translation or masking of IP addresses
Port mapping
Provision of services from behind masqueraded computers, for example, to make an internal web server available from the
outside (inverse masquerading)
outside (inverse masquerading)
Tagging
The firewall marks packets with routing tags, e.g. for policy- based routing
Actions
Forward, drop, reject, block sender address, close destination port, disconnect
Messaging
Via e- mail, SYSLOG or SNMP trap
Quality of Service
Traffic shaping
Dynamic bandwidth management with IP traffic shaping
Bandwidth reservation
Dynamic reservation of minimum and maximum bandwidths, absolute or connection- related, separate settings for send and
receive directions
receive directions
DiffServ/TOS
Priority packet queuing based on DiffServ/TOS fields
Packet- size control
Automatic packet- size control by fragmentation or Path Maximum Transmission Unit (PMTU) adjustment.
Layer 2/Layer 3 tagging
Automatic or fixed translation of layer- 2 priority information (802.11p- marked Ethernet frames) to layer- 3 DiffServ attributes in
routing mode. Translation from layer 3 to layer 2 with automatic recognition of 802.1p- support in the destination device.
routing mode. Translation from layer 3 to layer 2 with automatic recognition of 802.1p- support in the destination device.
Security
Intrusion Prevention
Monitoring and blockage of login attempts and port scans
IP spoofing
Source IP address check on all interfaces: The only accepted IP addresses belong to the previously defined IP network
Access Control lists
Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPI
Denial of Service protection
Protection from fragmentation errors and SYN flooding
General
Detailed settings for handling reassembly, PING, stealth mode and AUTH port
URL blocker
Filtering of unwanted URLs based on DNS hitlists and wildcard filters
Password protection
Password- protected configuration access can be set for each interface
Alerts
Alerts via e- mail, SNMP- Traps and SYSLOG
Authentication mechanisms
PAP, CHAP and MS- CHAP as PPP authentication mechanism
Anti- theft
Anti- theft ISDN site verification over B or D channel (self- initiated call back and blocking)
High availability / redundancy
VRRP
VRRP (Virtual Router Redundancy Protocol) for non- proprietary backup in case of failure of a device or remote station. Enables
passive standby groups or reciprocal backup between multiple active devices including load balancing and freely definable
backup priorities
passive standby groups or reciprocal backup between multiple active devices including load balancing and freely definable
backup priorities
FirmSafe
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates
ISDN backup
In case of failure of the main connection, a backup connection is established over ISDN; automatic return to the main connection
Analog/GSM modem backup
Optional operation of an analog or GSM modem at the serial interface
Load balancing
Static and dynamic load balancing over up to 2 WAN connections; channel bundling with Multilink PPP (if supported by network
operator)
operator)
Line monitoring
Line monitoring with LCP echo monitoring, up to 4 addresses for end- to- end monitoring with ICMP polling.
Firewall throughput (max.)
1470- byte packet size
72 Mbps
256- byte packet size
9 Mbps