Security
Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPIAccess control lists
Protection from fragmentation errors and SYN floodingDenial of Service protection
Detailed settings for handling reassembly, PING, stealth mode and AUTH portGeneral
Filtering of unwanted URLs based on DNS hitlists and wildcard filters. Extended functionality with Content Filter OptionURL blocker
Password-protected configuration access can be set for each interfacePassword protection
Alerts via e-mail, SNMP-Traps and SYSLOGAlerts
EAP-TLS, EAP-TTLS, PEAP, MS-CHAP, MS-CHAPv2 as EAP authentication mechanisms, PAP, CHAP, MS-CHAP and MS-CHAPv2 as PPP authentication
mechanisms
Authentication mechanisms
Anti-theft ISDN site verification over B or D channel (self-initiated call back and blocking)Anti-theft
Limitation of the allowed transfer protocols, source and target addresses on the WLAN interfaceWLAN protocol filters
Adjustable reset button for 'ignore', 'boot-only' and 'reset-or-boot'Adjustable reset button
Fixed redirection of any packet received over the WLAN interface to a dedicated target addressIP redirect
High availability / redundancy
VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby groups or reciprocal
backup between multiple active devices including load balancing and user definable backup priorities
VRRP
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updatesFirmSafe
Operation of an external UMTS/HSDPA USB card at the USB host portUMTS backup*
In case of failure of the main connection, a backup connection is established over ISDN. Automatic return to the main connectionISDN backup
Optional operation of an analog or GSM modem at the serial interfaceAnalog/GSM modem backup
Static and dynamic load balancing over up to 4 WAN connections. Channel bundling with Multilink PPP (if supported by network operator)Load balancing
Backup of VPN connections across different hierarchy levels, e.g. in case of failure of a central VPN concentrator and re-routing to multiple distributed
remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active connections). Up to 32 alternative remote
stations, each with its own routing tag, can be defined per VPN connection. Automatic selection may be sequential, or dependant on the last
connection, or random (VPN load balancing)
VPN redundancy
Line monitoring with LCP echo monitoring, dead-peer detection and up to 4 addresses for end-to-end monitoring with ICMP pollingLine monitoring
A UMTS USB modem is not supplied. Supported UMTS USB modem at www.lancom.eu/umts-support*) Note:
VPN
Enables IPsec VPN based on TCP (at port 443 like HTTPS) which can go through firewalls in networks where e. g. port 500 for IKE is blocked. Suitable
for client-to-site connections (with LANCOM Advanced VPN Client 2.22 or later) and site-to-site connections (LANCOM VPN gateways or routers
with LCOS 8.0 or later). IPSec over HTTPS is based on the NCP VPN Path Finder technology
IPSec over HTTPS
Max. number of concurrent active IPSec and PPTP tunnels (MPPE): 5 (25 with VPN 25 Option). Unlimited configurable connections. Configuration
of all remote sites via one configuration entry when using the RAS user template or Proadaptive VPN.
Number of VPN tunnels
Integrated hardware accelerator for 3DES/AES encryption and decryptionHardware accelerator
Integrated, buffered realtime clock to save the date and time during power failure. Assures timely validation of certificates in any caseRealtime clock
Generates real random numbers in hardware, e. g. for improved key generation for certificates immediately after switching-onRandom number generator
One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced VPN Client1-Click-VPN Client assistant
Creation of VPN connections between LANCOM routers via drag and drop in LANconfig1-Click-VPN Site-to-Site
IPSec key exchange with Preshared Key or certificateIKE
X.509 digital multi-level certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL, upload of PKCS#12 files via HTTPS
interface and LANconfig. Simultaneous support of multiple certification authorities with the management of up to nine parallel certificate hierarchies
as containers (VPN-1 to VPN-9). Simplified addressing of individual certificates by the hierarchy's container name (VPN-1 to VPN-9). Wildcards for
certificate checks of parts of the identity in the subject. Secure Key Storage protects a private key (PKCS#12) from theft
Certificates
Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol) per certificate hierarchyCertificate rollout
CRL retrieval via HTTP per certificate hierarchyCertificate revocation lists (CRL)
Check X.509 certifications by using OCSP (Online Certificate Status Protocol) in real time as an alternative to CRLsOCSP Client
LANCOM 1781EW
Features as of: LCOS 8.60
