Lancom 1790EF User Manual

Routers & VPN Gateways
LANCOM 1790EF
High-speed Internet via Gigabit Ethernet or fiber optics
This business VPN router connects small and medium-sized companies that demand high levels of security and
performance. Thanks to the SFP port, it is the ideal basis for a professional high-speed VPN site connectivity -
via fiber optics or by connecting external modems over a Gigabit Ethernet WAN port.
a
High-speed Internet via Gigabit Ethernet or fiber optics
a
SD-WAN - automatic VPN and VLAN configuration via the LANCOM Management Cloud
a
a
Network virtualization with up to 16 networks on one device (ARF)
a
Security Made in Germany
a
Maximum future compatibility, reliability, and security
DATASHEET
LANCOM 1790EF
High-speed Internet via Gigabit Ethernet or fiber optics
The LANCOM 1790EF is a powerful VPN router for
connection to external cable modems. The SFP port connects
to a fiber-optic cable (FTTx) to provide high-speed Internet
access for any industry or field of application and forms the
basis for high-performance, reliable networking.
Secure site networking via VPN
The LANCOM 1790EF offers a high level of security. The 5
already integrated IPSec VPN channels guarantee maximum
encryption for the secure connection of mobile employees
and the protection of corporate data. With the LANCOM
VPN Option, the router can be upgraded with up to 25 VPN
channels. So the network is optimally scalable and the
infrastructure grows when needed - without additional
hardware components.
Radical simplification of the configuration with
SD-WAN
In combination with the LANCOM Management Cloud, the
LANCOM 1790EF opens the way for automated
management. The software-defined WAN (SD-WAN) enables
the automatic setup of secure VPN connections between
sites, including network virtualization and backup across the
wide-area network: A few mouse clicks is all it takes to enable
the VPN function and select the required VLANs for each
site. The laborious configuration of individual tunnel
endpoints is no longer required at all.
Stateful Inspection Firewall
Equipped with a stateful inspection firewall, the LANCOM
1790EF protects the whole network. With features such as
intrusion prevention and Denial-of-Service protection, the
business VPN router provides optimal protection and secures
all of the data on the network.
Advanced Routing & Forwarding
The LANCOM 1790EF provides up to 16 securely isolated IP
contexts, each of which has its own separate routing. This
is an elegant way of operating IP applications with one
central router and keeping the different communication
channels securely isolated from one another.
Security Made in Germany
Software development, hardware development and
production take place primarily in Germany, as does the
hosting of the network management. Special attention is
given to providing trusted solutions with outstanding security
features. Another important security characteristic of the
products is that they are free from backdoors, as awarded
by the Germany Federal Ministry of Economy with the quality
seal IT Security made in Germany.
Maximum future-proofing
LANCOM products are based on professional expertise, Years
of experience in IT, and high-quality materials. All of ours
devices are equipped with hardware that is dimensioned for
the future and, even reaching back to older product
generations, updates to the LANCOM Operating System
family are available several times a year, free of charge. This
guarantees a long service life while staying technically up to
date, which represents a true protection of your investment.
Furthermore, LANCOM infrastructures are easily scalable.
Maximum compatibility means that networks are easily
extended with additional LANCOM components.
DATASHEET
LANCOM 1790EF
Layer 2 features
4.096 IDs based on IEEE 802.1q, dynamic assignment, Q-in-Q taggingVLAN
IGMP-SnoopingMulticast
Protocols
Layer 3 features
Firewall
Security
IPv4 services
IPv6 services
IPv6 protocols
WAN protocols
Security
High availability / redundancy
Ethernet over GRE-Tunnel (EoGRE), L2TPv3, ARP-Lookup, LLDP, DHCP option 82, IPv6-Router-Advertisement-Snooping, DHCPv6-Snooping, LDRA (Lightweight DHCPv6 Relay Agent), Spanning Tree, Rapid Spanning Tree, ARP, Proxy ARP, BOOTP, DHCP, LACP
Stateful inspection firewall including paket filtering, extended port forwarding, N:N IP address mapping, paket tagging, support for DNS targets, user-defined rules and notifications
Traffic shaping, bandwidth reservation, DiffServ/TOS, packetsize control, layer-2-in-layer-3 taggingQuality of Service
Intrusion Prevention, IP spoofing, access control lists, Denial of Service protection, detailed settings for handling reassembly, session-recovery, PING, stealth mode and AUTH port, URL blocker, password protection, programmable reset button
PAP, CHAP, MS-CHAP, and MS-CHAPv2PPP authentication mechanisms
VRRP (Virtual Router Redundancy Protocol), analog/GSM modem backupHigh availability / redundancy
IPv4-, IPv6-, NetBIOS/IP multiprotokoll router, IPv4/IPv6 dual stackRouter
SD-WAN Application Routing in connection with the LANCOM Management CloudSD-WAN Application Routing
ARF (Advanced Routing and Forwarding) up to separate processing of 16 contextsRouter virtualization
HTTP and HTTPS server for configuration by web interface, DNS client, DNS server, DNS relay, DNS proxy, dynamic DNS client, DHCP client, DHCP relay and DHCP server including autodetection, NetBIOS/IP proxy, NTP client, SNTP server, policy-based routing, Bonjour-Proxy, RADIUS
HTTP and HTTPS server for configuration by web interface, DHCPv6 client, DHCPv6 server, DHCPv6 relay, DNS client, DNS server, dynamic DNS client, NTP client, SNTP server, Bonjour-Proxy, RADIUS
RIPv2, BGPv4, OSPFv2, LISP (Locator/ID Separation Protocol)Dynamic routing protocols
DNS, HTTP, HTTPS, ICMP, NTP/SNTP, NetBIOS, PPPoE (server), RADIUS, RADSEC (secure RADIUS), RTP, SNMPv1,v2c,v3, TFTP, TACACS+IPv4 protocols
NDP, stateless address autoconfiguration (SLAAC), stateful address autoconfiguration (DHCPv6), router advertisements, ICMPv6, DHCPv6, DNS, HTTP, HTTPS, PPPoE, RADIUS, SMTP, NTP, BGP, LISP, Syslog, SNMPv1,v2c,v3
VDSL, ADSL1, ADSL2 or ADSL2+ additional with external DSL modem at an ETH portWAN operating mode
PPPoE, Multi-PPPoE, ML-PPP, GRE, EoGRE, PPTP (PAC or PNS), L2TPv2 (LAC or LNS), L2TPv3 with Ethernet-Pseudowire and IPoE (using DHCP or no DHCP), RIP-1, RIP-2, VLAN, IPv6 over PPP (IPv6 and IPv4/IPv6 dual stack session), IP(v6)oE (autokonfiguration, DHCPv6 or static)
6to4, 6in4, 6rd (static and over DHCP), Dual Stack Lite (IPv4-in-IPv6-Tunnel)Tunneling protocols (IPv4/IPv6)
Monitoring and blocking of login attempts and port scansIntrusion Prevention
Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowedIP spoofing
Filtering of IP or MAC addresses and preset protocols for configuration accessAccess control lists
Protection from fragmentation errors and SYN floodingDenial of Service protection
Detailed settings for handling reassembly, PING, stealth mode and AUTH portGeneral
Filtering of unwanted URLs based on DNS hitlists and wildcard filters. Extended functionality with Content Filter OptionURL blocker
Password-protected configuration access can be set for each interfacePassword protection
Alerts via e-mail, SNMP traps and SYSLOGAlerts
PAP, CHAP, MS-CHAP and MS-CHAPv2 as PPP authentication mechanismAuthentication mechanisms
Adjustable reset button for 'ignore', 'boot-only' and 'reset-or-boot'Adjustable reset button
VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station.VRRP
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updatesFirmSafe
Optional operation of an analog or GSM modem at the serial interfaceAnalog/GSM modem backup
LCOS 10.32
DATASHEET
LANCOM 1790EF
High availability / redundancy
Load balancing
VPN redundancy
VPN
IPSec over HTTPS
Number of VPN tunnels
Certificates
XAUTH
Proadaptive VPN
Algorithms
LANCOM Dynamic VPN
Dynamic DNS
Specific DNS forwarding
Static and dynamic load balancing over up to 4 WAN connections (incl. client binding). Channel bundling with Multilink PPP (if supported by network operator)
Backup of VPN connections across different hierarchy levels, e.g. in case of failure of a central VPN concentrator and re-routing to multiple distributed remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active connections). Up to 32 alternative remote stations, each with its own routing tag, can be defined per VPN connection. Automatic selection may be sequential, or dependant on the last connection, or random (VPN load balancing)
Line monitoring with LCP echo monitoring, dead-peer detection and up to 4 addresses for end-to-end monitoring with ICMP pollingLine monitoring
Enables IPsec VPN based on TCP (at port 443 like HTTPS) which can go through firewalls in networks where e. g. port 500 for IKE is blocked. Suitable for client-to-site connections and site-to-site connections. IPSec over HTTPS is based on the NCP VPN Path Finder technology
Max. number of concurrent active IPSec, PPTP (MPPE) and L2TPv2 tunnels: 5 (25 with VPN 25 Option). Unlimited configurable connections. Configuration of all remote sites via one configuration entry when using the RAS user template or Proadaptive VPN.
Integrated hardware accelerator for 3DES/AES encryption and decryptionHardware accelerator
Integrated, buffered realtime clock to save the date and time during power failure. Assures timely validation of certificates in any caseRealtime clock
Generates real random numbers in hardware, e. g. for improved key generation for certificates immediately after switching-onRandom number generator
One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced VPN Client1-Click-VPN Client assistant
Creation of VPN connections between LANCOM routers via drag and drop in LANconfig1-Click-VPN Site-to-Site
IPSec key exchange with Preshared Key or certificate (RSA signature, digital signature)IKE, IKEv2
Convenient generation of digital X.509 certificates via an own certifaction authority (SCEP-CA) on the webpage or via SCEP.Smart Certificate*
X.509 digital multi-level certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL. Secure Key Storage protects a private key (PKCS#12) from theft.
Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol) per certificate hierarchyCertificate rollout
CRL retrieval via HTTP per certificate hierarchyCertificate revocation lists (CRL)
Check X.509 certifications by using OCSP (Online Certificate Status Protocol) in real time as an alternative to CRLsOCSP Client
Offers validity information for certificates created with Smart Certificate via OCSPOCSP Server/Responder*
XAUTH client for registering LANCOM routers and access points at XAUTH servers incl. IKE-config mode. XAUTH server enables clients to register via XAUTH at LANCOM routers. Connection of the XAUTH server to RADIUS servers provides the central authentication of VPN-access with user name and password. Authentication of VPN-client access via XAUTH and RADIUS connection additionally by OTP token
Configuration of all VPN client connections in IKE ConfigMode via a single configuration entryRAS user template
Automated configuration and dynamic creation of all necessary VPN and routing entries based on a default entry for site-to-site connections. Propagation of dynamically learned routes via RIPv2 if required
3DES (168 bit), AES-CBC and -GCM (128, 192 or 256 bit), Blowfish (128 bit), RSA (1024-4096 bit), ECDSA (P-256-, P-384-, P-521-curves) and CAST (128 bit). OpenSSL implementation with FIPS-140 certified algorithms. MD-5, SHA-1, SHA-256, SHA-384 or SHA-512 hashes
NAT-Traversal (NAT-T) support for VPN over routes without VPN passthroughNAT-Traversal
Enables VPN connections from or to dynamic IP addresses. The IP address is communicated via the ICMP or UDP protocol in encrypted form. Dynamic dial-in for remote sites via connection template
Enables the registration of IP addresses with a Dynamic DNS provider in the case that fixed IP addresses are not used for the VPN connection
DNS forwarding according to DNS domain, e.g. internal names are translated by proprietary DNS servers in the VPN. External names are translated by Internet DNS servers
Allows the selective forwarding of traffic for IKEv2 depending on the addressed DNS domain.Split DNS
Connecting private IPv4 networksIPv4 VPN
Use of IPv4 VPN over IPv6 WAN connectionsIPv4 VPN over IPv6 WAN
Connecting private IPv6 networksIPv6 VPN
LCOS 10.32
DATASHEET
LANCOM 1790EF
VPN
Use of IPv6 VPN over IPv4 WAN connectionsIPv6 VPN over IPv4 WAN
Radius
Performance
Routing-Performance
VoIP
SIP ALG
Interfaces
Ethernet ports
SFP slot
Port configuration
USB 2.0 host port
Serial interface
Management and monitoring
Management functions
Monitoring functions
Monitoring statistics
Hardware
RADIUS authorization and accounting, outsourcing of VPN configurations in external RADIUS server in IKEv2, RADIUS CoA (Change of Authorization)
Only with VPN 25 option*)
Data regarding the overall routing performance can be found inside the LANCOM tech paper "Routing-Performance" on www.lancom-systems.com
The SIP ALG (Application Layer Gateway) acts as a proxy for SIP communication. For SIP calls the ALG opens the necessary ports for the corresponding media packets. Automatic address translation (STUN is no longer needed).
10/100/1000 Mbps Gigabit EthernetWAN: Ethernet
4 individual 10/100/1000 Mbps Ethernet ports; up to 3 ports can be operated as additional WAN ports with load balancing. Ethernet ports can be electrically disabled within LCOS configuration. The ports support energy saving according to IEEE 802.3az
Slot for Small Form-factor Pluggable Gigabit Ethernet transceivers ('mini-GBIC'). Compatible to optional LANCOM SFP modules for fiber connections over short distances (SX) or long distances (LX). By default an additional LAN port that can be configured as a WAN port
Each Ethernet port can be freely configured (LAN, DMZ, WAN, monitor port, off). LAN ports can be operated as a switch or separately. Additionally, external DSL modems or termination routers can be operated as a WAN port with load balancing and policy-based routing. DMZ ports can be operated with their own IP address range without NAT
USB 2.0 hi-speed host port for connecting USB printers (USB print server), serial devices (COM port server), USB data storage (FAT file system); bi-directional data exchange is possible
Serial configuration interface / COM port (8 pin Mini-DIN): 9,600 - 115,000 baud, suitable for optional connection of analog/GPRS modems. Supports internal COM port server and allows for transparent asynchronous transmission of serial data via TCP
LANCOM Management Cloud, LANconfig, WEBconfig, LANCOM Layer 2 management (emergency management)Management
Alternative boot configuration, voluntary automatic updates for LCMS and LCOS, individual access and function rights up to 16 administrators, RADIUS and RADSEC user management, remote access (WAN or (W)LAN, access rights (read/write) adjustable seperately), SSL, SSH, HTTPS, Telnet, TFTP, SNMP, HTTP, access rights via TACACS+, scripting, timed control of all parameters and actions through cron job
Two stored firmware versions, incl. test mode for firmware updatesFirmSafe
configurable automatic checking and installation of firmware updatesautomatic firmware update
LANCOM Management Cloud, LANmonitor, WLANmonitorMonitoring
Device SYSLOG, SNMPv1,v2c,v3 incl. SNMP-TRAPS, extensive LOG and TRACE options, PING and TRACEROUTE for checking connections, internal logging buffer for firewall events
Extensive Ethernet, IP and DNS statistics; SYSLOG error counter, accounting information exportable via LANmonitor and SYSLOG, Layer 7 Application Detection including application-centric tracking of traffic volume
IPerf is a tool for measurements of the bandwidth on IP networks (integrated client and server)IPerf
Performance monitoring of connectionsSLA-Monitor (ICMP)
SD-LAN – automatic LAN configuration via the LANCOM Management CloudSD-LAN
SD-WAN – automatic WAN configuration via the LANCOM Management CloudSD-WAN
0,99 lbs (450 g)Weight
12 V DC, external power adapter (230 V) with bayonet cap to protect against accidentally unpluggingPower supply
Temperature range 0–40° C; humidity 0–95%; non-condensingEnvironment
Robust synthetic housing, rear connectors, ready for wall mounting, Kensington lock; 210 x 45 x 140 mm (W x H x D)Housing
LCOS 10.32
DATASHEET
LANCOM 1790EF
Hardware
None; fanless design without rotating parts, high MTBFFans
11 wattPower consumption (max)
Declarations of conformity*
EN 60950-1, EN 55022, EN 55024CE
IPv6 Ready GoldIPv6
Made in GermanyCountry of Origin
You will find all declarations of conformity in the products section of our website at www.lancom-systems.com*) Note
Scope of delivery
Hardware Quick Reference (DE/EN), Installation Guide (DE/EN)Manual
2 Ethernet cables, 3mCable
Power supply unit
Support
Options
LANCOM Public Spot
LANCOM All-IP Option
LANCOM Public Spot PMS Accounting Plus
LANCOM VoIP +10 Option
LANCOM Management Cloud
LANCOM LMC-B-1Y LMC License
LANCOM LMC-B-3Y LMC License
LANCOM LMC-B-5Y LMC License
External power adapter (230 V), NEST 12 V/1.5 A DC/S, coaxial power connector 2.1/5.5 mm bayonet, temperature range from -5 to +45° C, LANCOM item no. 111301 (EU)/LANCOM item no 110829 (UK)
3 years supportWarranty
Regular free updates (LCOS operating system and LANtools) via InternetSoftware updates
LANCOM VPN-25 Option (25 channels), item no. 60083VPN
LANCOM Content Filter +10 user (additive up to 100), 1 year subscription, item no. 61590LANCOM Content Filter
LANCOM Content Filter +25 user (additive up to 100), 1 year subscription, item no. 61591LANCOM Content Filter
LANCOM Content Filter +100 user (additive up to 100), 1 year subscription, item no. 61592LANCOM Content Filter
LANCOM Content Filter +10 user (additive up to 100), 3 year subscription, item no. 61593LANCOM Content Filter
LANCOM Content Filter +25 user (additive up to 100), 3 year subscription, item no. 61594LANCOM Content Filter
LANCOM Content Filter +100 user (additive up to 100), 3 year subscription, item no. 61595LANCOM Content Filter
Option to extend the manufacturer´s warranty from 3 to 5 years, item no. 10710LANCOM Warranty Basic Option S
Option to extend the manufacturer´s warranty from 3 to 5 years and replacement of a defective device, item no. 10715LANCOM Warranty Advanced Option S
Hotspot option for LANCOM products, versatile access (via voucher, e-mail, SMS), including a comfortable setup wizard, secure separation of guest access and internal network, item no. 60642
Upgrade option for the operation of the LANCOM routers with All-IP connections, support of PBX systems and telephony devices as well as voice & fax services, incl. Voice Call Manager, All-IP (TAE/RJ45) and cross-over adapters (TE/NT), item no. 61422
Extension of the LANCOM Public Spot (XL) Option for the connection to hotel billing systems with FIAS interface (such as Micros Fidelio) for authentication and billing of guest accesses for 178x/19xx routers, WLCs, and current central-site gateways, item no. 61638
LANCOM WLC Basic Option for Routers for up to 6 managed LANCOM access points or WLAN routers, item no. 61639LANCOM WLC Basic Option for Routers
LANCOM WLC AP Upgrade +6 Option, enables your WLC to manage 6 Access Points/WLAN router in addition, item no. 61629LANCOM WLC AP Upgrade +6
Upgrade for LANCOM VoIP router with 10 additional internal VoIP numbers (additionally up to 40) and 10 external SIP lines (additionally up to 55) item no. 61423
LANCOM LMC-B-1Y License (1 Year), enables the management of one category B device for one year via the LANCOM Management Cloud, item no. 50103
LANCOM LMC-B-3Y License (3 Years), enables the management of one category B device for three years via the LANCOM Management Cloud, item no. 50104
LANCOM LMC-B-5Y License (5 Years), enables the management of one category B device for five years via the LANCOM Management Cloud, item no. 50105
LCOS 10.32
DATASHEET
LANCOM 1790EF
Accessories
LANCOM SFP-SX-LC1, item no. 615561000Base-SX SFP module
LANCOM SFP-LX-LC1, item no. 615571000Base-LX SFP module
LANCOM SFP-CO1, item no. 61494SFP copper module
19" rack mount adaptor, item no. 6150119" Rack Mount
19" rack mount plus adaptor, item no. 6164419" Rack Mount
For simple, theft-proof mounting of LANCOM devices with plastic housings, item no. 61349LANCOM Wall Mount
For simple, theft-proof mounting of LANCOM devices with plastic housings, item no. 61345LANCOM Wall Mount (White)
LANCOM Serial Adapter Kit
Item number(s)
Chassis drawing
For the connection of V.24 modems with AT command set and serial interface for the connection to the LANCOM COM interface, incl. serial cable and connection plug, item no. 61500
LANCOM Advanced VPN Client for Windows 7, Windows 8, Windows 8.1, Windows 10, single license, item no. 61600VPN Client Software
LANCOM Advanced VPN Client for Windows 7, Windows 8, Windows 8.1, Windows 10, 10 licenses, item no. 61601VPN Client Software
LANCOM Advanced VPN Client for Windows 7, Windows 8, Windows 8.1, Windows 10, 25 licenses, item no. 61602VPN Client Software
LANCOM Advanced VPN Client for Mac OS X (10.5 Intel only, 10.6 or higher), single license, item no. 61606VPN Client Software
LANCOM Advanced VPN Client for Mac OS X (10.5 Intel only, 10.6 or higher), 10 licenses, item no. 61607VPN Client Software
62117LANCOM 1790EF (EU)
LCOS 10.32
www.lancom-systems.com
LANCOM Systems GmbH I Adenauerstr. 20/B2 I 52146 Wuerselen I Germany I E-mail info@lancom.de
LANCOM, LANCOM Systems, LCOS, LANcommunity and Hyper Integration are registered trademarks. All other names or descriptions used may be trademarks or registered trademarks of their owners. This document contains statements
relating to future products and their attributes. LANCOM Systems reserves the right to change these without notice. No liability for technical errors and/or omissions. 01/20
Loading...