VPN
XAUTH client for registering LANCOM routers and access points at XAUTH servers incl. IKE-config mode. XAUTH server enables clients to register
via XAUTH at LANCOM routers. Connection of the XAUTH server to RADIUS servers provides the central authentication of VPN-access with user
name and password. Authentication of VPN-client access via XAUTH and RADIUS connection additionally by OTP token
XAUTH
Configuration of all VPN client connections in IKE ConfigMode via a single configuration entryRAS user template
Automated configuration and dynamic creation of all necessary VPN and routing entries based on a default entry for site-to-site connections.
Propagation of dynamically learned routes via RIPv2 if required
Proadaptive VPN
3DES (168 bit), AES (128, 192 or 256 bit), Blowfish (128 bit), RSA (128 or -448 bit) and CAST (128 bit). OpenSSL implementation with FIPS-140
certified algorithms. MD-5 or SHA-1 hashes
Algorithms
NAT-Traversal (NAT-T) support for VPN over routes without VPN passthroughNAT-Traversal
VPN data compression based on Deflate compression for higher IPSec throughput on low-bandwidth connections (must be supported by remote
endpoint)
IPCOMP
Enables VPN connections from or to dynamic IP addresses. The IP address is communicated via ISDN B- or D-channel or with the ICMP or UDP
protocol in encrypted form. Dynamic dial-in for remote sites via connection template
LANCOM Dynamic VPN
Enables the registration of IP addresses with a Dynamic DNS provider in the case that fixed IP addresses are not used for the VPN connectionDynamic DNS
DNS forwarding according to DNS domain, e.g. internal names are translated by proprietary DNS servers in the VPN. External names are translated
by Internet DNS servers
Specific DNS forwarding
Content Filter (optional)
Activate the 30-day trial version after free registration under http://www.lancom.eu/routeroptionsDemo version
Worldwide, redundant rating servers from IBM Security Solutions for querying URL classifications. Database with over 100 million entries covering
about 10 billion web pages. Web crawlers automatically search and classify web sites to provide nearly 150,000 updates per day: They use text
classification by optical character recognition, key word searches, classification by word frequency and combinations, web-site comparison of text,
images and page elements, object recognition of special characters, symbols, trademarks and prohibited images, recognition of pornography and
nudity by analyzing the concentration of skin tones in images, by structure and link analysis, by malware detection in binary files and installation
packages
URL filter database/rating server
Additional filtering of HTTPS requests with separate firewall entriesHTTPS filter
Filter rules can be defined in each profile by collecting category profiles from 58 categories, for example to restrict Internet access to business
purposes only (limiting private use) or by providing protection from content that is harmful to minors or hazardous content (e.g. malware sites).
Clearly structured selection due to the grouping of similar categories. Content for each category can be allowed, blocked, or released by override
Categories/category profiles
Each category can be given an optional manual override that allows the user to access blocked content on a case-by-case basis. The override
operates for a limited time period by blocking the category or domain, or a combination of both. Optional notification of the administrator in case
of overrides
Override
Lists that are manually configured to explicitly allow (whitelist) or block (blacklist) web sites for each profile, independent of the rating server.
Wildcards can be used when defining groups of pages or for filtering sub pages
Black-/whitelist
Timeframes, blacklists, whitelists and categories are collected into profiles that can be activated separately for content-filter actions. A default
profile with standard settings blocks racist, pornographic, criminal, and extremist content as well as anonymous proxies, weapons/military, drugs,
SPAM and malware
Profiles
Timeframes can be flexibly defined for control over filtering depending on the time of day or weekday, e.g. to relax controls during break times for
private surfing
Time frames
Activation of the content filter by selecting the required firewall profile that contains content-filter actions. Firewall rules enable the flexible use of
your own profiles for different clients, networks or connections to certain servers
Flexible firewall action
Response pages displayed by the content filter in case of blocked sites, errors or overrides can be custom designed. Variables enable the inclusion
of current information such as the category, URL, and rating-server categorization. Response pages can be issued in any language depending on
the language set in the user's web browser
Individual display pages (for blocked, error,
override)
As an alternative to displaying the device's own internal response pages to blockings, errors or overrides, you can redirect to external web serversRedirection to external pages
Automatic notification of license expiry by e-mail, LANmonitor, SYSLOG or SNMP trap. Activation of license renewal at any time before expiry of
the current license (the new licensing period starts immediately after expiry of the current license)
License management
Display of the number of checked and blocked web pages by category in LANmonitor. Logging of all content-filter events in LANmonitor; log file
created daily, weekly or monthly. Hit list of the most frequently called pages and rating results. Analysis of the connection properties; minimum,
maximum and average rating-server response time
Statistics
Messaging in case of content-filter events optionally by e-mail, SNMP, SYSLOG or LANmonitorNotifications
Wizard sets up the content filters for a range of typical scenarios in a few simple steps, including the creation of the necessary firewall rules with
the corresponding action
Wizard for typical configurations
Simultaneous checking of HTTP traffic for a maximum of 100 different IP addresses in the LANMax. users
LANCOM 1781EW
Features as of: LCOS 8.60
