Lancom Systems 3550 Wireless Router Gateway/Firewall 108Mbit LS61112 User Manual
Product codes
LS61112
LANCOM 3550 Wireless
Firewall
Stateful inspection firewall
Direction- dependant check based on connection information
Packet filter
Check based on the header information of an IP packet (IP or MAC source/destination addresses; source/destination ports,
DiffServ attribute); remote- site dependant, direction dependant, bandwidth dependant
DiffServ attribute); remote- site dependant, direction dependant, bandwidth dependant
Masquerading
Network Address Translation (NAT), N:N mapping for the translation or masking of IP addresses
Port mapping
Provision of services from behind masqueraded computers, for example, to make an internal web server available from the
outside (inverse masquerading)
outside (inverse masquerading)
Tagging
The firewall marks packets with routing tags, e.g. for policy- based routing
Actions
Forward, drop, reject, block sender address, close destination port, disconnect
Messaging
Via e- mail, SYSLOG or SNMP trap
Quality of Service
Traffic shaping
Dynamic bandwidth management with IP traffic shaping
Bandwidth reservation
Dynamic reservation of minimum and maximum bandwidths, absolute or connection- related, separate settings for send and
receive directions
receive directions
DiffServ/TOS
Priority packet queuing based on DiffServ/TOS fields
Packet- size control
Automatic packet- size control by fragmentation or Path Maximum Transmission Unit (PMTU) adjustment.
Layer 2/Layer 3 tagging
Automatic or fixed translation of layer- 2 priority information (802.11p- marked Ethernet frames) to layer- 3 DiffServ attributes in
routing mode. Translation from layer 3 to layer 2 with automatic recognition of 802.1p- support in the destination device.
routing mode. Translation from layer 3 to layer 2 with automatic recognition of 802.1p- support in the destination device.
Security
Intrusion Prevention
Monitoring and blockage of login attempts and port scans
IP spoofing
Source IP address check on all interfaces: The only accepted IP addresses belong to the previously defined IP network
Access Control lists
Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPI
Denial of Service protection
Protection from fragmentation errors and SYN flooding
General
Detailed settings for handling reassembly, PING, stealth mode and AUTH port
URL blocker
Filtering of unwanted URLs based on DNS hitlists and wildcard filters
Password protection
Password- protected configuration access can be set for each interface
Alerts
Alerts via e- mail, SNMP- Traps and SYSLOG
Authentication mechanisms
PAP, CHAP and MS- CHAP as PPP authentication mechanism
High availability / redundancy
VRRP
VRRP (Virtual Router Redundancy Protocol) for non- proprietary backup in case of failure of a device or remote station. Enables
passive standby groups or reciprocal backup between multiple active devices including load balancing and freely definable
backup priorities
passive standby groups or reciprocal backup between multiple active devices including load balancing and freely definable
backup priorities
FirmSafe
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates
UMTS backup*
Operation of an external UMTS/HSDPA card in the external CardBus slot. Supported cards: See Internet
VPN redundancy
Control of up to 16 redundant VPN gateways for high availability or load balancing
Line monitoring
Line monitoring with LCP echo monitoring, dead- peer detection and up to 4 addresses for end- to- end monitoring with ICMP
polling.
polling.
Notice
A UMTS card is not supplied
VPN
Number of VPN tunnels
5 IPSec connections active simultaneously, 25 connections configurable
IKE
IPSec key exchange with Preshared Key or certificate
Certificates
X.509 digital certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL, upload of PKCS#12 files via
HTTPS interface
HTTPS interface
Algorithms
3DES (168 bit), AES (128, 192 or 256 bit), Blowfish (128 bit), RSA (128 or - 448 bit) and CAST (128 bit); MD- 5 or SHA- 1 hashes
NAT- Traversal
NAT- Traversal (NAT- T) support for VPN over routes without VPN passthrough
IPCOMP
VPN data compression based on LZS or Deflate compression for higher IPSec throughput
Dynamic DNS (dynDNS)
Enables the registration of IP addresses with a dynDNS provider in the case that fixed IP addresses are not used for the VPN
connection
connection
Specific DNS forwarding
DNS forwarding according to DNS domain, e.g. internal names are translated by proprietary DSN servers in the VPN; external
names are translated by Internet DNS servers.
names are translated by Internet DNS servers.