LANCOM 1781EF
Scope of features: as of LCOS version 8.5x
Firewall
Stateful inspection firewall Incoming/Outgoing Traffic inspection based on connection information. Trigger for firewall rules depending on backup status,
e.g. simplified rule sets for low-bandwidth backup lines. Limitation of the number of sessions per remote site (ID)
Packet filter Check based on the header information of an IP packet (IP or MAC source/destination addresses; source/destination ports,
DiffServ attribute); remote-site dependant, direction dependant, bandwidth dependant
Extended port forwarding Network Address Translation (NAT) based on protocol and WAN address, i.e. to make internal webservers accessible from WAN
N:N IP address mapping N:N IP address mapping for translation of IP addresses or entire networks
Tagging The firewall marks packets with routing tags, e.g. for policy-based routing
Actions Forward, drop, reject, block sender address, close destination port, disconnect
Notification Via e-mail, SYSLOG or SNMP trap
Quality of Service
Traffic shaping Dynamic bandwidth management with IP traffic shaping
Bandwidth reservation Dynamic reservation of minimum and maximum bandwidths, totally or connection based, separate settings for send and receive
directions. Setting relative bandwidth limits for QoS in percent
DiffServ/TOS Priority queuing of packets based on DiffServ/TOS fields
Packet-size control Automatic packet-size control by fragmentation or Path Maximum Transmission Unit (PMTU) adjustment
Layer 2/Layer 3 tagging Automatic or fixed translation of layer-2 priority information (802.11p-marked Ethernet frames) to layer-3 DiffServ attributes in
routing mode. Translation from layer 3 to layer 2 with automatic recognition of 802.1p-support in the destination device
Security
Intrusion Prevention Monitoring and blocking of login attempts and port scans
IP spoofing Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowed
Access control lists Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPI
Denial of Service protection Protection from fragmentation errors and SYN flooding
General Detailed settings for handling reassembly, PING, stealth mode and AUTH port
URL blocker Filtering of unwanted URLs based on DNS hitlists and wildcard filters. Extended functionality with Content Filter Option
Password protection Password-protected configuration access can be set for each interface
Alerts Alerts via e-mail, SNMP-Traps and SYSLOG
Authentication mechanisms PAP, CHAP, MS-CHAP and MS-CHAPv2 as PPP authentication mechanism
Anti-theft Anti-theft ISDN site verification over B or D channel (self-initiated call back and blocking)
Adjustable reset button Adjustable reset button for 'ignore', 'boot-only' and 'reset-or-boot'
High availability / redundancy
VRRP VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby
groups or reciprocal backup between multiple active devices including load balancing and user definable backup priorities
FirmSafe For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates
UMTS backup* Operation of an external UMTS/HSDPA USB card at the USB host port
ISDN backup In case of failure of the main connection, a backup connection is established over ISDN. Automatic return to the main connection
Analog/GSM modem backup Optional operation of an analog or GSM modem at the serial interface
Load balancing Static and dynamic load balancing over up to 4 WAN connections. Channel bundling with Multilink PPP (if supported by network
operator)
VPN redundancy Backup of VPN connections across different hierarchy levels, e.g. in case of failure of a central VPN concentrator and re-routing
to multiple distributed remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active
connections). Up to 32 alternative remote stations, each with its own routing tag, can be defined per VPN connection. Automatic
selection may be sequential, or dependant on the last connection, or random (VPN load balancing)
Line monitoring Line monitoring with LCP echo monitoring, dead-peer detection and up to 4 addresses for end-to-end monitoring with ICMP
polling
*) Note: A UMTS USB modem is not supplied. Supported UMTS USB modem at www.lancom.eu/umts-support
