G3000-L

SMB VPN-Concentrator

  • Quad-core CPU
  • LTE with Multi-SIM
  • 400 VPN tunnel
  • Fully implemented IPSec and OpenVPN
  • Intelligent Firewall
  • MultiWAN Manager
  • TPM chip
  • Multiprotocol VPN

Functions and features

The G3000-L is a VPN (Central Site Gateway) with a capacity of up to 400 simultaneous VPN tunnel connections. This means that up to 400 branch offices can be connected to the host environment in a secure and authenticated manner.

The intelligent backup management, the complex firewall and various routing and authentication protocols ensure a secure network connection of the host systems.

The integrated LTE backup with MultiSIM provides increased reliability.

High security is provided by the integrated TPM module and the possibility of using different VPN protocols.

The wide range of online paths (WAN via fibre-optic or cable modem and mobile radio; operation behind a DSL modem) means that even demanding backup scenarios can be configured to ensure the best possible availability.


All features in detail

  • Modular software structure
    The modular software structure offers the possibility to integrate customer-specific/customer-developed software.
  • DHCP (Dynamic Host Configuration Protocol)
    A communication protocol that allows clients to retrieve and servers to assign the network configuration (client/relay/server)
  • Protocols
    z. B. IP, TCP, UDP, PPP, ARP, RARP, ICMP
  • DNS (Domain Name System)
    It manages the namespace in networks, e.g. for the conversion of domain names into IP addresses (client/relay/server).
  • Dynamic DNS
    Dynamic DNS: It is used to dynamically update the IP address of a computer so that it can always be reached under the same name.
  • NTP (Network Time Protocol)
    Standard for time synchronization over networks (client/server)
  • Routing
    Static Routing (IPv4 Forwarding)
    Static Routing (IPv6 Forwarding)
    Policy-based routing (PBR)
  • NAT (Network Address Translation)
    Source and Destination NAT/NAPT and Masquerading
  • QoS (Quality of Service)
    For prioritizing data packets to meet quality standards, especially for time-critical transmissions/applications
  • Real-time statistics and log function
  • Syslog-Client
  • TPM (Trusted Platform Module)
    The TPM chip is comparable to a fixed smart card. The TPM protects cryptographic keys; these can be generated, used and securely stored within the TPM. It provides protection against software and hardware attacks (physical manipulation results in the destruction of the stored keys). In addition, the integrated random number generator (RNG) provides secure number sequences as a basis for securely encrypted communication.
  • Firewall
    Zone based Stateful Inspection Firewall (IPv4/IPv6) with Packet Filter and Demilitarized Zone (DMZ);
    Bridging Firewall
  • OpenVPN
    Free software based on OpenSSL for building a secure VPN over an encrypted connection. Both routed and bridged tunnels (client/server) are supported.
  • IPSec
    Internet Protocol Security: for secure VPN communication over potentially insecure IP networks. IKEv1/IKEv2/MOBIKE (client/server and IPSec passthrough) are supported.
  • L2TP (Layer 2 Tunneling Protocol), passthrough
    Tunnel protocol for transferring the security layer (layer 2) of the OSI model between two networks
  • WireGuard
    WireGuard uses the latest, particularly powerful cryptographic algorithms, e.g. the Noise Protocol Framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24 or HKDF. WireGuard gets a further performance boost from the fact that the software runs as a Linux kernel module on the server side. WireGuard uses only public keys for identification and encryption and can therefore do without a certificate infrastructure.
  • Hash Algorithms
    MD5, SHA1, SHA2 256/512
  • Diffie Hellman Groups
    Key exchange for backup: 1, 2, 5, 14, 15, 16, 17, 18
    Modulo Prime Groups with Prime Order Subgroup: 22, 23, 24
    NIST Elliptic Curve Groups: 25, 26, 19, 20, 21
    Brainpool Elliptic Curve Groups: 27, 28, 29, 30
  • Encryption algorithms
    AES 128/192/256, Blowfish, Twofish 128/256, Serpent 128/256
  • Number of VPN tunnels
    The number of configurable VPN tunnels is not limited on the software side. Depending on the application, up to
    30 VPN tunnels (VR2020 series),
    400 VPN tunnels (G3000- & G4000 series) and
    5000 VPN tunnels (G5000 series) possible.
  • MultiWAN manager with complex backup options
    - Multihomed and multi-level backup target strategies
    - Optimization of switching times
    - Preventing unnecessary switching
    - Optimization of the downshift
    - Prevention of switching instabilities (flutter)
    - Mobile radio: Provider switching with MultiSIM
    - Dynamic connection parameters (Default Route, Policy based Routes, etc.)
    - Configurable connection check (Ping, LCP echo etc.)
  • VRRP (Virtual Router Redundancy Protocol)
    With support of Multi group VRRP
  • Administration/Configuration
    Over the network using Command Line (SSH) and HTTPS and over Command Line (SSH) using the console port
  • Remote configuration/maintenance
    Remote configuration/maintenance can be carried out via TR-069 Standard if required. A configuration via TDT C.O.R.E. is also possible.
  • Firmware update
    Firmware updates can be implemented via SSH, HTTPS and (TR-069).
  • SNMP (Simple Network Management Protocol)
    SNMP is a network protocol developed to monitor and control network elements from a central station.
  • Checkmk agent
    For connection to the network management system Checkm
  • Processor
    Energy-efficient and fanless x86 processor architecture
  • Working memory
    2 GB
  • System memory
    Future-proof 512 MB SLC Flash
  • Ethernet-Ports
    3 Ports (10/100/1000 Mbit/s)
  • LEDs
    11 LEDs
    For status information there are one power LED, 9 status LEDs and 1 alarm LED is available.
  • USB Ports
    2 Ports (USB 3.0);
    e.g. backup, UPS management via USB-to-Serial-Adapter
  • Crypto Engine
    Hardware acceleration for encryption/decryption
  • TPM (Trusted Platform Module)
    For secure storage of secret keys
  • Console port
    The Sub-D9 RS232 configuration interface (Console) provides a
    simple possibility to address the gateway independent of the network.
  • Reset button
    To restart or reset the router
  • Real-time clock (RTC)
    CMOS hardware clock
  • Not available
  • LTE
    FDD (=Frequency Division Duplex)
    - Category 4
    – Download max. 150 Mbps
    – Upload max. 50 Mbps
    Bands:
    – 1 (2100 MHz)
    – 3 (1800 MHz)
    – 5 (850 MHz)
    – 7 (2600 MHz)
    – 8 (900 MHz)
    – 20 (800 MHz)
    TDD (=Frequency Division Duplex)
    – Category 4
    – Download max. 130 Mbps
    – Upload max. 30 Mbps
    Bands:
    – 38 (2600 MHz)
    – 40 (2300 MHz)
    – 41 (2500 MHz)
  • UMTS (WCDMA/HSPA+/DC-HSPA+)
    FDD (=Frequency Division Duplex)
    – Download Categroy 24 / Upload Category 6
    – Dual Carrier (DC-HSPA+) Download max. 42.2 Mbps
    – USUPA Upload max. 5.76 Mbps
    – UMTS Down- and Upload max. 384 Kbps
    Bands:
    – 1 (2100 MHz)
    – 5 (850 MHz)
    – 8 (900 MHz)
  • Dual Band GSM/GPRS/EDGE
    Multi-slot class 12
    Frequency bands:
    – 3: DCS 1800 (MHz)
    – 8: PCS 1900 (MHz)
    – EDGE
    Download max. 296 Kbps, Upload max. 236.8 Kbps
    – GPRS
    Download max. 107 Kbps, Upload max. 85.6 Kbps
  • MultiSIM
    For the use of 2 SIM cards (mini-SIM) for backup scenarios.
    Both SIM slots are located on the front of the device and
    are so easily accessible.
  • Antenna connection
    2x SMA (female)

 

  • GNSS (Global Navigation Satellite System)
    The global satellite systems NAVSTAR GPS (Global Positioning System) and GLONASS (GLObal NAvigation Satellite System) are used for positioning. The tracking sensitivity is better than -158 dBm.
  • Antenna connection
    1x SMA (female)
  • Robust metal housing
    Optional with top-hat rail clip
  • Dimensions
    188x39x157 (BxHxT in mm, without Antennas).
  • Weight
    approx. 850 g
  • Operating temperature
    -20° C to +50° C (during operation)
  • Humidity
    85% (non-condensing)
  • Power supply
    12V (hollow plug), 2A
  • Input voltage
    12V DC
  • Power consumption
    ≤ 6W

3 years bring-in manufacturer warranty

G3000-L, CATHEAD LTE antenna, plug-in power supply, patch cable, quick start guide

Model overview Gateways

ProductModelDSLLTEWLANWANSFP-PortSeriellEthernetVPN-Tunnel
G5000see Ethernetoptional3xup to 5000
G4000see Ethernet3xup to 400
G3000see Ethernet3xup to 400
G3000-Wsee Ethernet3xup to 400
G3000-Lsee Ethernet3xup to 400
G3000-LWsee Ethernet3xup to 400
G3000-LL2xsee  Ethernet3xup to 400
G3000-LLW2xsee Ethernet3xup to 400