Datasheet
LANCOM 1611+
Firewall
Stateful inspection firewall Direction-dependant check based on connection information
Paket filter Check based on the header information of an IP packet (IP or MAC source/destination addresses; source/destination ports,
DiffServ attribute); remote-site dependant, direction dependant, bandwidth dependant
Masquerading Network Address Translation (NAT), N:N mapping for the translation or masking of IP addresses
Port mapping Provision of services from behind masqueraded computers, for example, to make an internal web server available from the
outside (inverse masquerading)
Tagging The firewall marks packets with routing tags, e.g. for policy-based routing
Actions Forward, drop, reject, block sender address, close destination port, disconnect
Alerting Via e-mail, SYSLOG or SNMP trap
Quality of service
Traffic shaping Dynamic bandwidth management with IP traffic shaping
Load balancing Dynamic reservation of minimum and maximum bandwidths, absolute or connection-related, separate settings for send and
receive directions
DiffServ/TOS Priority packet queuing based on DiffServ/TOS fields
Packet size control Automatic packet size control by fragmentation or Path Maximum Transmission Unit (PMTU) adjustment
Security
Intrusion prevention Monitoring and blockage of login attempts and port scans
IP spoofing Source IP address check on all interfaces: The only accepted IP addresses belong to the previously defined IP network
Acccess control lists Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPI
Denial-of-Service protection Protection from fragmentation errors and SYN flooding
General Detailed settings for handling reassembly, PING, stealth mode and AUTH port
URL blocker Filtering of unwanted URLs based on DNS hitlists and wildcard filters
Password protection Password-protected configuration access can be set for each interface
Alerting Warning via e-mail, SNMP-Traps and SYSLOG
Authentication protocols PAP, CHAP and MS-CHAP as PPP authentication mechanism
Theft protection Anti-theft ISDN site verification (self-initiated call back and blocking)
High availability / redundancy
VRRP VRRP (Virtual Router Redundancy Protocol) for vendor-independent backup in case of failure of a device or remote station.
Enables passive standby groups or reciprocal backup between multiple active devices including load balancing and freely
definable backup priorities
FirmSafe For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates
ISDN backup In case of failure of the main connection, a backup connection is established over ISDN; automatic return to the main
connection
Analog/GSM modem backup Optional operation of an analog or GSM modem at the serial interface
Load balancing Static and dynamic load balancing over up to 2 WAN connections; channel bundling with Multilink PPP (if supported by
network operator)
VPN redundancy Configuration of redundant WAN connections with optional load balancing
Line monitoring Line monitoring with LCP echo monitoring, up to 4 addresses for end-to-end monitoring with ICMP polling
VPN
Number of VPN tunnels 5 IPSec connections active simultaneously, 25 connections configurable
IKE IPSec key exchange with Preshared Key or certificate
Certificates X.509 digital certificate support, compatible with Microsoft Server / enterprise server and OpenSSL, upload of PKCS#12 files via
HTTPS interface
Algorithms 3DES (168 bit), AES (128, 192 or 256 bit), Blowfish (128 - 448 bit), RSA (128 or -448 bit) and CAST (128 bit); MD-5 or SHA-1
hashes
NAT traversal NAT traversal (NAT-T) support for VPN over routes without VPN passthrough
IPCOMP VPN data compression based on LZS or deflate compression algorithms for higher IPSec throughput
LANCOM Dynamic VPN Enables VPN connections from or to dynamic IP addresses. The IP address is communicated via ISDN B- or D-channel or with
the ICMP or UDP protocol in encrypted form