Lancom UF-200 User Manual

Page 1
LANCOM R&S® Unified Firewalls
SECURE. NETWORKS.
LANCOM R&S® Unified Firewalls
Network security by design
LANCOM R&S® Unified Firewalls complement your network by the relevant feature of cybersecurity. These easy-to-operate
all-round solutions are tailored to the specific security needs of small and medium-sized businesses. Thanks to state-of-
the-art security technologies and unified threat management (UTM), these next-generation firewalls provide reliable cyber-
security. A prominent feature is the innovative graphical user interface granting a concise overview of all of the secured
areas in the company’s network. Formerly complex and time-consuming configurations are greatly simplified since security
policies can be systematically designed and enforced.
A Intuitive network visualization enabling easy implementation of security and compliance policies
A Detailed filtering and validation of applications and protocols
A Protection against spam, viruses, malware, and complex cyber attacks
A State-of-the-art security technologies such as R&S
A IT security “Made in Germany” and guaranteed without backdoors
A Option for virtual appliances
A Tried-and-tested procurement and support from LANCOM
A Integration into the LANCOM Management Cloud in preparation
®
PACE2 deep packet inspection
Page 2
DATASHEET
LANCOM R&S® Unified Firewalls
Easy to use, maximum security
The rise in cyber threats is leading to increasingly rigorous
demands on corporate security, data protection, and
the availability of complex IT systems. The LANCOM
®
R&S
Unified Firewalls are next-generation firewalls that
offer all-round cyber security thanks to unified threat
management (UTM). This includes the use of advanced
cyber-security technologie such as sandboxing and machine
learning. Furthermore, clustering and the use of redundant
hardware ensures that the company’s IT remains available
at all times (High Availability).
Intuitive web interface
The easy-to-use web-based user interface of the LANCOM
®
R&S
Unified Firewalls empowers users to deliver the highest
levels of cyber security. Human error in the configuration of
the firewall is greatly reduced as the network firewall rules
are clearly and graphically displayed. The browser-based
centralized management GUI enables granular fine tuning
while providing a comprehensive overview of the secured
devices and connections in the network. This not only facil-
iates the implementation of compliance policies but also
saves time by allowing rules to be combined efficiently.
The device is easy on resources, which saves on costs and
improves productivity. Insights are gained due to compre-
hensive audit and compliance reports.
Cloud-based protection against viruses and malware
Effective defense against malware and viruses is ensured
by the firewall, which reliably detects suspicious files. To
protect against as-yet unknown threats (zero-day exploits),
suspicious files are first loaded into a protected cloud. In this
isolated sandbox environment, the files can be securely and
reliably tested. Analyses using third-generation machine
learning based on billions of samples scan and proactively
block threats based on their behavior. The cloud is hosted
in Germany and complies with the European General Data
Protection Regulation (“GDPR”).
Screenshot of the web interface for creating and managing firewall rules
Page 3
DATASHEET
LANCOM R&S® Unified Firewalls
SSL inspection: Defense against complex cyber
attacks through encrypted channels
Data-traffic encryption is increasingly widespread and,
although this is welcome from the privacy point of view,
there is the risk that malware enter systems via encrypted
channels. Thanks to SSL inspection, even encrypted data
packets can be scanned and filtered, applications detected,
and compliance policies successfully implemented.
Deep packet inspection: Granular filtering and valida-
tion of applications and protocols
To protect against complex cyber attacks, the firewalls
use deep packet inspection (DPI) providing insights into
encrypted data traffic. Utilizing the industry-leading
Screenshot of the statistics in the web interface
R&S
classification of network traffic, protocols and applications,
as well as offer data loss prevention (DLP). Fine-grained
security policies actively regulate the use of certain applica-
tions, such as streaming services or browsers.
Network & security “Made in Germany”
LANCOM R&S
firewalls that are developed and programmed in Germany.
Their UTM functions ideally complement existing LANCOM
network infrastructures in terms of IT security. This consti-
tutes a future-proof protection for corporate networks,
guaranteed free of any backdoors.
®
PACE2 DPI engine, UTM firewalls enable accurate
®
Unified Firewalls are next-generation
Page 4
DATASHEET
LANCOM R&S® Unified Firewalls
Features: Appliances
LANCOM
®
Unied Firewalls
R&S
Network interfaces
Ports 4x GE copper 4x GE copper 8x GE copper 14x GE copper 8x GE copper
System performance
IPS/IDS throughput (Mbps) - 550 635 1,295 3,780
Firewall throughput (Mbps) 3,800 (UDP) 3,800 (UDP) 7,700 (UDP) 13,400 (UDP) 60,000 (UDP)
VPN throughput (Mbps) 430 (IPSec) 430 (IPSec) 620 (IPSec) 1,260 (IPSec) 4,280 (IPSec)
Concurrent sessions 1,000,000 1,000,000 1,000,000 2,000,000 16,700,000
New sessions per second 11,000 11,000 13,000 33,000 130,000
Number of users 5-30 concurrent users 5-30 concurrent users 30-100 concurrent users 100-200 concurrent users 100 concurrent users,
Power
Input voltage (V) 100-240 100-240 100-240 100-240 100-240
Power consumption (W) 36 36 150 150 2x300
Operating environment
Operating temperature (°C) 0-40 0-40 0-40 0-40 0-40
Relative humidity (%) 5-90 5-90 20-90 20-90 5-90
Dimensions
WxHxD (mm) 220 x 44 x 176 220 x 44 x 176 438 x 44 x 292 431 x 44 x 305 431 x 44 x 468
UF-100 UF-200 UF-300 UF-500 UF-900
(two slots for additional plug-in modules for 1G-ETH, 1G-SFP, and 10G-SFP+)
extendable in steps of 100 to max. 500
For dimensioning see LANCOM Techpaper Unied Firewall Sizing Guide.
Features: Virtual appliances
LANCOM R&S® Unied Firewalls
Network interfaces
Congurable switch ports 4 8 14 24
System performance
Number of users 5-30 concurrent users 30-100 concurrent users 100-200 concurrent users 100 concurrent users, extendable
For dimensioning see LANCOM Techpaper Unied Firewall Sizing Guide. The performance of virtual appliances depends on the underlying hardware.
UF-200 Virtual Appliance
UF-300 Virtual Appliance
UF-500 Virtual Appliance
UF-900 Virtual Appliance
in steps of 100 to max. 500
Page 5
DATASHEET
LANCOM R&S® Unified Firewalls
Features
Web lter URL and content lter
Application control* Layer-7 packet lter (DPI)
Antivirus HTTP/S, FTP, POP3/S, SMTP/S
Antispam POP3/S, SMTP/S
IDS (Intrusion Detection System) / IPS (Intrusion Prevention System)*
Proxies HTTPS, FTP, POP3/S, SMTP/S, SIP
LAN/WAN support Ethernet 10/100/1,000/10,000 Mbps
VLAN 4096 VLANs per interface
Bridge mode Layer-2 rewall
Monitoring & statistics Statistics (IDS/IPS, application control, surf control, antivirus/antispam)
Administration Object-oriented conguration
Web interface Self-explanatory functions
QoS Guaranteed QoS bandwidth congurable for Internet connections
Customizable rules for users
Blacklists / whitelists Import / export of URL lists
Blocks specied le types Category-based website blocking (individually denable)
Online scan technology HTTP(S) proxy support Override function
Filter by applications (e.g. Facebook, YouTube, BitTorrent, etc.) Blacklists / whitelists Protocol validation HTTP and IEC 104 decoder
R&S®PACE 2 (Protocol and Application Classication Engine)
*) available for LANCOM R&S
Congurable exceptions
Multi-level scanning (local and cloud-based) Sandboxing
Fast classication of zero-day threats through AI technologies (machine learning)
Congurable scan levels
GlobalView Cloud using Recurrent Pattern Detection (RPD) – spam detection based on the e-mail distribution patterns Blacklists / whitelists Automatic e-mail rejection/deletion
Protection from DoS, port scans, malware, botnets, exploits, and vulnerabilities More than 40,000 active signatures
Congurable exceptions
Scans all interfaces
*) available for LANCOM R&S
HTTP (transparent/non-transparent) Reverse proxy Supports Active Directory and local users Time-controlled
Congurable MTU (Ethernet/DSL)
xDSL Multi-WAN (weighted policy-based routing/failover) Load balancing Time restrictions for Internet connections Multiple, dynamic DNS support DHCP DMZ SNAT
802.1q header tagging (packet-based tagged VLANs) Compatible with bridging
Spanning Tree (bridge ID, port costs) Unlimited number of interfaces per bridge
Logging to external syslog servers
Export as CSV and XLS les
SNMP/v2c and v3 Connection tracking
Role-based administration Command-line interface (SSH) Saves desktop as PDF and HTML IP-based access restriction for SSH and web client
Overview of the entire network Overview of all active services Browser-based, platform-independent
View ltering based on custom tags
QoS with ToS ags
QoS in VPN connections
®
Unied Firewall UF-200, UF-300, UF-500, and UF-900
®
Unied Firewall UF-200, UF-300, UF-500, and UF-900
Page 6
DATASHEET
LANCOM R&S® Unified Firewalls
Features
X.509 certicates CRL (Certicate Revocation List)
VPN User authentication
IPSec Full-tunnel mode
SSL Routing mode VPN
Backup and restore Local or remote access
User authentication Active Directory import
HA (High availabilty)* A second Unied Firewall of the same type is required
Warranty
Warranty claim 3 years
Accessories
LANCOM R&S® Unied Firewall Rack Mount
LANCOM R&S
LANCOM R&S
LANCOM R&S
®
8x 1G RJ45 Module Plug-in module for LANCOM R&S® Unied Firewall UF-900, 8x 1G ETH / RJ45
®
4x 1G SFP Module Plug-in module for LANCOM R&S® Unied Firewall UF-900, 4x 1G SFP
®
4x 10G SFP+ Module Plug-in module for LANCOM R&S® Unied Firewall UF-900, 4x 10G SFP+
Options
LANCOM Warranty Basic Option Option for extending the manufacturer warranty from 3 to 5 years
LANCOM Warranty Advanced Option Option for extending the manufacturer warranty from 3 to 5 years, and advanced replacement by the next working day on hardware
OCSP (Online Certicate Status Protocol) – network protocol for X.509 certicate status validation
Multi-CA support
Multi-host certicate support
High availability
Wizards for VPN and certicates
Site-to-site and client-to-site
Client conguration packages
IKEv1, IKEv2
PSK (pre-shared key) / certicates
DPD (Dead Peer Detection) NAT-T XAUTH, L2TP
Port conguration
Bridge mode VPN TCP/UDP
Specication of WINS and DNS servers
Automatic import during installation Automatic and scheduled backups Automatic upload (FTP, SCP) Disaster recovery from USB drive
Local user administration Authentication via web or client Single sign-on (Kerberos) Multiple logins Captive portal
Terminal Server Support (via Remote Desktop IP Virtualization)
Stateful failover Active/passive Hot standby Link aggregation
*) available for LANCOM R&S
Rack Mount for LANCOM R&S® Unied Firewall UF-100, UF-200. Inclusive for UF-300, UF-500 & UF-900.
failure
®
Unied Firewall UF-200, UF-300, UF-500, and UF-900
Page 7
DATASHEET
Hardware Appliances
LANCOM R&S® Unied Firewall UF-100 item no. 55011
®
LANCOM R&S
LANCOM R&S
LANCOM R&S
LANCOM R&S
Unied Firewall UF-200 item no. 55021
®
Unied Firewall UF-300 item no. 55031
®
Unied Firewall UF-500 item no. 55041
®
Unied Firewall UF-900 item no. 55051
Virtual Appliances
LANCOM R&S® UF-200 Virtual Appliance item no. 55022
®
LANCOM R&S
LANCOM R&S
LANCOM R&S
UF-300 Virtual Appliance item no. 55032
®
UF-500 Virtual Appliance item no. 55042
®
UF-900 Virtual Appliance item no. 55052
Licenses
LANCOM R&S® UF-100-1Y License
item no. 55101
(1 Year)
LANCOM R&S
UF-100-3Y License
item no. 55102
®
(3 Years)
LANCOM R&S (5 Years)
LANCOM R&S (1 Year)
LANCOM R&S
UF-100-5Y License
®
UF-200-1Y License
®
UF-200-3Y License
item no. 55103
item no. 55104
item no. 55105
®
(3 Years)
LANCOM R&S (5 Years)
LANCOM R&S
UF-200-5Y License
®
UF-300-1Y License
item no. 55106
item no. 55107
®
(1 Year)
LANCOM R&S (3 Years)
LANCOM R&S (5 Years)
LANCOM R&S
UF-300-3Y License
®
UF-300-5Y License
®
UF-500-1Y License
item no. 55108
item no. 55109
item no. 55110
®
(1 Year)
LANCOM R&S
UF-500-3Y License
item no. 55111
®
(3 Years)
LANCOM R&S (5 Years)
LANCOM R&S (1 Year) (+100)
LANCOM R&S
UF-500-5Y License
®
UF-900-1Y License
®
UF-900-3Y License
item no. 55112
item no. 55113
item no. 55114
®
(3 Years) (+100)
®
LANCOM R&S (5 Years) (+100)
UF-900-5Y License
item no. 55115
LANCOM, LANCOM Systems and LCOS are registered trademarks. All other names or descriptions used may be trademarks or registered trademarks of their owners. Subject to change without notice. No liability for technical errors and/or omissions. 12/2018
www.lancom-systems.com
LANCOM Systems GmbH I Adenauerstr. 20/B2 I 52146 Wuerselen I Germany I E-mail info@lancom.de
Loading...