Lancom UF-200 User Manual

LANCOM R&S® Unified Firewalls

SECURE. NETWORKS.

LANCOM R&S® Unified Firewalls

Network security by design

LANCOM R&S® Unified Firewalls complement your network by the relevant feature of cybersecurity. These easy-to-operate

all-round solutions are tailored to the specific security needs of small and medium-sized businesses. Thanks to state-of-

the-art security technologies and unified threat management (UTM), these next-generation firewalls provide reliable cyber-

security. A prominent feature is the innovative graphical user interface granting a concise overview of all of the secured

areas in the company’s network. Formerly complex and time-consuming configurations are greatly simplified since security

policies can be systematically designed and enforced.

A Intuitive network visualization enabling easy implementation of security and compliance policies

A Detailed filtering and validation of applications and protocols

A Protection against spam, viruses, malware, and complex cyber attacks

A State-of-the-art security technologies such as R&S

A Protection against zero-day threats due to integrated sandboxing and machine learning

A IT security “Made in Germany” and guaranteed without backdoors

A Option for virtual appliances

A Tried-and-tested procurement and support from LANCOM

A Integration into the LANCOM Management Cloud in preparation

®

PACE2 deep packet inspection

DATASHEET

LANCOM R&S® Unified Firewalls

Easy to use, maximum security

The rise in cyber threats is leading to increasingly rigorous

demands on corporate security, data protection, and

the availability of complex IT systems. The LANCOM

®

R&S

Unified Firewalls are next-generation firewalls that

offer all-round cyber security thanks to unified threat

management (UTM). This includes the use of advanced

cyber-security technologie such as sandboxing and machine

learning. Furthermore, clustering and the use of redundant

hardware ensures that the company’s IT remains available

at all times (High Availability).

Intuitive web interface

The easy-to-use web-based user interface of the LANCOM

®

R&S

Unified Firewalls empowers users to deliver the highest

levels of cyber security. Human error in the configuration of

the firewall is greatly reduced as the network firewall rules

are clearly and graphically displayed. The browser-based

centralized management GUI enables granular fine tuning

while providing a comprehensive overview of the secured

devices and connections in the network. This not only facil-

iates the implementation of compliance policies but also

saves time by allowing rules to be combined efficiently.

The device is easy on resources, which saves on costs and

improves productivity. Insights are gained due to compre-

hensive audit and compliance reports.

Cloud-based protection against viruses and malware

Effective defense against malware and viruses is ensured

by the firewall, which reliably detects suspicious files. To

protect against as-yet unknown threats (zero-day exploits),

suspicious files are first loaded into a protected cloud. In this

isolated sandbox environment, the files can be securely and

reliably tested. Analyses using third-generation machine

learning based on billions of samples scan and proactively

block threats based on their behavior. The cloud is hosted

in Germany and complies with the European General Data

Protection Regulation (“GDPR”).

Screenshot of the web interface for creating and managing firewall rules

DATASHEET

LANCOM R&S® Unified Firewalls

SSL inspection: Defense against complex cyber

attacks through encrypted channels

Data-traffic encryption is increasingly widespread and,

although this is welcome from the privacy point of view,

there is the risk that malware enter systems via encrypted

channels. Thanks to SSL inspection, even encrypted data

packets can be scanned and filtered, applications detected,

and compliance policies successfully implemented.

Deep packet inspection: Granular filtering and valida-

tion of applications and protocols

To protect against complex cyber attacks, the firewalls

use deep packet inspection (DPI) providing insights into

encrypted data traffic. Utilizing the industry-leading

Screenshot of the statistics in the web interface

R&S

classification of network traffic, protocols and applications,

as well as offer data loss prevention (DLP). Fine-grained

security policies actively regulate the use of certain applica-

tions, such as streaming services or browsers.

Network & security “Made in Germany”

LANCOM R&S

firewalls that are developed and programmed in Germany.

Their UTM functions ideally complement existing LANCOM

network infrastructures in terms of IT security. This consti-

tutes a future-proof protection for corporate networks,

guaranteed free of any backdoors.

®

PACE2 DPI engine, UTM firewalls enable accurate

®

Unified Firewalls are next-generation

DATASHEET

LANCOM R&S® Unified Firewalls

Features: Appliances

LANCOM

®

Unied Firewalls

R&S

Network interfaces

Ports 4x GE copper 4x GE copper 8x GE copper 14x GE copper 8x GE copper

System performance

IPS/IDS throughput (Mbps) - 550 635 1,295 3,780

Firewall throughput (Mbps) 3,800 (UDP) 3,800 (UDP) 7,700 (UDP) 13,400 (UDP) 60,000 (UDP)

VPN throughput (Mbps) 430 (IPSec) 430 (IPSec) 620 (IPSec) 1,260 (IPSec) 4,280 (IPSec)

Concurrent sessions 1,000,000 1,000,000 1,000,000 2,000,000 16,700,000

New sessions per second 11,000 11,000 13,000 33,000 130,000

Number of users 5-30 concurrent users 5-30 concurrent users 30-100 concurrent users 100-200 concurrent users 100 concurrent users,

Power

Input voltage (V) 100-240 100-240 100-240 100-240 100-240

Power consumption (W) 36 36 150 150 2x300

Operating environment

Operating temperature (°C) 0-40 0-40 0-40 0-40 0-40

Relative humidity (%) 5-90 5-90 20-90 20-90 5-90

Dimensions

WxHxD (mm) 220 x 44 x 176 220 x 44 x 176 438 x 44 x 292 431 x 44 x 305 431 x 44 x 468

UF-100 UF-200 UF-300 UF-500 UF-900

(two slots for additional
plug-in modules for
1G-ETH, 1G-SFP, and
10G-SFP+)

extendable in steps of
100 to max. 500

For dimensioning see LANCOM Techpaper Unied Firewall Sizing Guide.

Features: Virtual appliances

LANCOM
R&S® Unied Firewalls

Network interfaces

Congurable switch ports 4 8 14 24

System performance

Number of users 5-30 concurrent users 30-100 concurrent users 100-200 concurrent users 100 concurrent users, extendable

For dimensioning see LANCOM Techpaper Unied Firewall Sizing Guide. The performance of virtual appliances depends on the underlying hardware.

UF-200
Virtual Appliance

UF-300
Virtual Appliance

UF-500
Virtual Appliance

UF-900
Virtual Appliance

in steps of 100 to max. 500

DATASHEET

LANCOM R&S® Unified Firewalls

Features

Web lter URL and content lter

Application control* Layer-7 packet lter (DPI)

Antivirus HTTP/S, FTP, POP3/S, SMTP/S

Antispam POP3/S, SMTP/S

IDS (Intrusion Detection System) /
IPS (Intrusion Prevention System)*

Proxies HTTPS, FTP, POP3/S, SMTP/S, SIP

LAN/WAN support Ethernet 10/100/1,000/10,000 Mbps

VLAN 4096 VLANs per interface

Bridge mode Layer-2 rewall

Monitoring & statistics Statistics (IDS/IPS, application control, surf control, antivirus/antispam)

Administration Object-oriented conguration

Web interface Self-explanatory functions

QoS Guaranteed QoS bandwidth congurable for Internet connections

Customizable rules for users

Blacklists / whitelists
Import / export of URL lists

Blocks specied le types
Category-based website blocking (individually denable)

Online scan technology
HTTP(S) proxy support
Override function

Filter by applications (e.g. Facebook, YouTube, BitTorrent, etc.)
Blacklists / whitelists
Protocol validation
HTTP and IEC 104 decoder

R&S®PACE 2 (Protocol and Application Classication Engine)

*) available for LANCOM R&S

Congurable exceptions

Multi-level scanning (local and cloud-based)
Sandboxing

Fast classication of zero-day threats through AI technologies (machine learning)

Congurable scan levels

GlobalView Cloud using Recurrent Pattern Detection (RPD) – spam detection based on the e-mail distribution patterns
Blacklists / whitelists
Automatic e-mail rejection/deletion

Protection from DoS, port scans, malware, botnets, exploits, and vulnerabilities
More than 40,000 active signatures

Congurable exceptions

Scans all interfaces

*) available for LANCOM R&S

HTTP (transparent/non-transparent)
Reverse proxy
Supports Active Directory and local users
Time-controlled

Congurable MTU (Ethernet/DSL)

xDSL
Multi-WAN (weighted policy-based routing/failover)
Load balancing
Time restrictions for Internet connections
Multiple, dynamic DNS support
DHCP
DMZ
SNAT

802.1q header tagging (packet-based tagged VLANs)
Compatible with bridging

Spanning Tree (bridge ID, port costs)
Unlimited number of interfaces per bridge

Logging to external syslog servers

Export as CSV and XLS les

SNMP/v2c and v3
Connection tracking

Role-based administration
Command-line interface (SSH)
Saves desktop as PDF and HTML
IP-based access restriction for SSH and web client

Overview of the entire network
Overview of all active services
Browser-based, platform-independent

View ltering based on custom tags

QoS with ToS ags

QoS in VPN connections

®

Unied Firewall UF-200, UF-300, UF-500, and UF-900

®

Unied Firewall UF-200, UF-300, UF-500, and UF-900

DATASHEET

LANCOM R&S® Unified Firewalls

Features

X.509 certicates CRL (Certicate Revocation List)

VPN User authentication

IPSec Full-tunnel mode

SSL Routing mode VPN

Backup and restore Local or remote access

User authentication Active Directory import

HA (High availabilty)* A second Unied Firewall of the same type is required

Warranty

Warranty claim 3 years

Accessories

LANCOM R&S® Unied Firewall
Rack Mount

LANCOM R&S

LANCOM R&S

LANCOM R&S

®

8x 1G RJ45 Module Plug-in module for LANCOM R&S® Unied Firewall UF-900, 8x 1G ETH / RJ45

®

4x 1G SFP Module Plug-in module for LANCOM R&S® Unied Firewall UF-900, 4x 1G SFP

®

4x 10G SFP+ Module Plug-in module for LANCOM R&S® Unied Firewall UF-900, 4x 10G SFP+

Options

LANCOM Warranty Basic Option Option for extending the manufacturer warranty from 3 to 5 years

LANCOM Warranty Advanced Option Option for extending the manufacturer warranty from 3 to 5 years, and advanced replacement by the next working day on hardware

OCSP (Online Certicate Status Protocol) – network protocol for X.509 certicate status validation

Multi-CA support

Multi-host certicate support

High availability

Wizards for VPN and certicates

Site-to-site and client-to-site

Client conguration packages

IKEv1, IKEv2

PSK (pre-shared key) / certicates

DPD (Dead Peer Detection)
NAT-T
XAUTH, L2TP

Port conguration

Bridge mode VPN
TCP/UDP

Specication of WINS and DNS servers

Automatic import during installation
Automatic and scheduled backups
Automatic upload (FTP, SCP)
Disaster recovery from USB drive

Local user administration
Authentication via web or client
Single sign-on (Kerberos)
Multiple logins
Captive portal

Terminal Server Support (via Remote Desktop IP Virtualization)

Stateful failover
Active/passive
Hot standby
Link aggregation

*) available for LANCOM R&S

Rack Mount for LANCOM R&S® Unied Firewall UF-100, UF-200. Inclusive for UF-300, UF-500 & UF-900.

failure

®

Unied Firewall UF-200, UF-300, UF-500, and UF-900

DATASHEET

Hardware Appliances

LANCOM R&S® Unied Firewall UF-100 item no. 55011

®

LANCOM R&S

LANCOM R&S

LANCOM R&S

LANCOM R&S

Unied Firewall UF-200 item no. 55021

®

Unied Firewall UF-300 item no. 55031

®

Unied Firewall UF-500 item no. 55041

®

Unied Firewall UF-900 item no. 55051

Virtual Appliances

LANCOM R&S® UF-200 Virtual Appliance item no. 55022

®

LANCOM R&S

LANCOM R&S

LANCOM R&S

UF-300 Virtual Appliance item no. 55032

®

UF-500 Virtual Appliance item no. 55042

®

UF-900 Virtual Appliance item no. 55052

Licenses

LANCOM R&S® UF-100-1Y License

item no. 55101

(1 Year)

LANCOM R&S

UF-100-3Y License

item no. 55102

®

(3 Years)

LANCOM R&S
(5 Years)

LANCOM R&S
(1 Year)

LANCOM R&S

UF-100-5Y License

®

UF-200-1Y License

®

UF-200-3Y License

item no. 55103

item no. 55104

item no. 55105

®

(3 Years)

LANCOM R&S
(5 Years)

LANCOM R&S

UF-200-5Y License

®

UF-300-1Y License

item no. 55106

item no. 55107

®

(1 Year)

LANCOM R&S
(3 Years)

LANCOM R&S
(5 Years)

LANCOM R&S

UF-300-3Y License

®

UF-300-5Y License

®

UF-500-1Y License

item no. 55108

item no. 55109

item no. 55110

®

(1 Year)

LANCOM R&S

UF-500-3Y License

item no. 55111

®

(3 Years)

LANCOM R&S
(5 Years)

LANCOM R&S
(1 Year) (+100)

LANCOM R&S

UF-500-5Y License

®

UF-900-1Y License

®

UF-900-3Y License

item no. 55112

item no. 55113

item no. 55114

®

(3 Years) (+100)

®

LANCOM R&S
(5 Years) (+100)

UF-900-5Y License

item no. 55115

LANCOM, LANCOM Systems and LCOS are registered trademarks. All other names or descriptions used may be trademarks or registered trademarks of their owners. Subject to change without notice. No liability for technical errors and/or omissions. 12/2018

www.lancom-systems.com

LANCOM Systems GmbH I Adenauerstr. 20/B2 I 52146 Wuerselen I Germany I E-mail info@lancom.de