Functions and features
The G4000 is a VPN (Central Site Gateway) concentrator with a capacity of up to 400 simultaneous VPN tunnel connections. This means that up to 400 remote sites can be connected to the host environment in a secure and authenticated manner.
Its modular and thus highly flexible architecture allows for expansion with additional interfaces, e.g. Ethernet and fiber.
The intelligent backup management, the complex firewall and various routing and authentication protocols provide a secure network connection of the host systems.
VRRP and the redundant power supply unit installed as standard ensure the high availability of the VPN concentrator.
The G4000 is launched in a 19" design and is intended for convenient installation in a server cabinet in conjunction with a rack mount system.
Due to the quad-core CPU and the 2GB main memory, the G4000 has sufficient power reserves to connect even large networks at any time without problems.
With the built-in LCD display, the most important device parameters are always in the foreground.
All features in detail
- Modular software structure
The modular software structure offers the possibility to integrate customer-specific/customer-developed software.
- DHCP (Dynamic Host Configuration Protocol)
A communication protocol that allows clients to retrieve and servers to assign the network configuration (client/relay/server)
z. B. IP, TCP, UDP, PPP, ARP, RARP, ICMP
- DNS (Domain Name System)
It manages the namespace in networks, e.g. for the conversion of domain names into IP addresses (client/relay/server).
- Dynamic DNS
Dynamic DNS: It is used to dynamically update the IP address of a computer so that it can always be reached under the same name.
- NTP (Network Time Protocol)
Standard for time synchronization over networks (client/server)
Static Routing (IPv4 Forwarding)
Static Routing (IPv6 Forwarding)
Policy-based routing (PBR)
- NAT (Network Address Translation)
Source and Destination NAT/NAPT and Masquerading
- QoS (Quality of Service)
For prioritizing data packets to meet quality standards, especially for time-critical transmissions/applications
- Real-time statistics and log function
- TPM (Trusted Platform Module)
The TPM chip is comparable to a fixed smart card. The TPM protects cryptographic keys; these can be generated, used and securely stored within the TPM. It provides protection against software and hardware attacks (physical manipulation results in the destruction of the stored keys). In addition, the integrated random number generator (RNG) provides secure number sequences as a basis for securely encrypted communication.
Zone based Stateful Inspection Firewall (IPv4/IPv6) with Packet Filter and Demilitarized Zone (DMZ);
Free software based on OpenSSL for building a secure VPN over an encrypted connection. Both routed and bridged tunnels (client/server) are supported.
Internet Protocol Security: for secure VPN communication over potentially insecure IP networks. IKEv1/IKEv2/MOBIKE (client/server and IPSec passthrough) are supported.
- L2TP (Layer 2 Tunneling Protocol), passthrough
Tunnel protocol for transferring the security layer (layer 2) of the OSI model between two networks
WireGuard uses the latest, particularly powerful cryptographic algorithms, e.g. the Noise Protocol Framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24 or HKDF. WireGuard gets a further performance boost from the fact that the software runs as a Linux kernel module on the server side. WireGuard uses only public keys for identification and encryption and can therefore do without a certificate infrastructure.
- Hash Algorithms
MD5, SHA1, SHA2 256/512
- Diffie Hellman Groups
Key exchange for backup: 1, 2, 5, 14, 15, 16, 17, 18
Modulo Prime Groups with Prime Order Subgroup: 22, 23, 24
NIST Elliptic Curve Groups: 25, 26, 19, 20, 21
Brainpool Elliptic Curve Groups: 27, 28, 29, 30
- Encryption algorithms
AES 128/192/256, Blowfish, Twofish 128/256, Serpent 128/256
- Number of VPN tunnels
The number of configurable VPN tunnels is not limited on the software side. Depending on the application, up to
30 VPN tunnels (VR2020 series),
400 VPN tunnels (G3000- & G4000 series) and
5000 VPN tunnels (G5000 series) possible.
- MultiWAN manager with complex backup options
- Multihomed and multi-level backup target strategies
- Optimization of switching times
- Preventing unnecessary switching
- Optimization of the downshift
- Prevention of switching instabilities (flutter)
- Mobile radio: Provider switching with MultiSIM
- Dynamic connection parameters (Default Route, Policy based Routes, etc.)
- Configurable connection check (Ping, LCP echo etc.)
- VRRP (Virtual Router Redundancy Protocol)
With support of Multi group VRRP
Over the network using Command Line (SSH) and HTTPS and over Command Line (SSH) using the console port
- Remote configuration/maintenance
Remote configuration/maintenance can be carried out via TR-069 Standard if required. A configuration via TDT C.O.R.E. is also possible.
- Firmware update
Firmware updates can be implemented via SSH, HTTPS and (TR-069).
- SNMP (Simple Network Management Protocol)
SNMP is a network protocol developed to monitor and control network elements from a central station.
- Checkmk agent
For connection to the network management system Checkm
Energy-efficient and fanless x86 processor architecture
- Working memory
- System memory
Future-proof 512 MB SLC Flash
3 Ports (10/100/1000 Mbit/s)
1 LCD display 2x 40 characters, 6 keys to display status information, to perform reboots and factory resets
- USB Ports
2 Ports (USB 3.0);
e.g. backup, UPS management via USB-to-Serial-Adapter
- Crypto Engine
Hardware acceleration for encryption/decryption
- TPM (Trusted Platform Module)
For secure storage of secret keys
- Console port
The Sub-D9 RS232 configuration interface (Console) provides a
simple possibility to address the gateway independent of the network.
- Real-time clock (RTC)
CMOS hardware clock
- Not available
- Not available
- Not available
- Robust metal housing
- Dimensions (without angle)
428x275x44 (WxDxH in mm)
approx. 3,8 kg
- Operating temperature
0°C bis +50°C
- Rack mounting rails
20″ or 26″ (not included in delivery)
- Redundant power supply unit
- Average power consumption
3 years bring-in manufacturer warranty
G4000, 2x power cable, 2x 19" mounting bracket, Quickstart guide
Model overview Gateways
|G5000||see Ethernet||optional||3x||up to 5000|
|G4000||see Ethernet||3x||up to 400|
|G3000||see Ethernet||3x||up to 400|
|G3000-W||see Ethernet||3x||up to 400|
|G3000-L||see Ethernet||3x||up to 400|
|G3000-LW||see Ethernet||3x||up to 400|
|G3000-LL||2x||see Ethernet||3x||up to 400|
|G3000-LLW||2x||see Ethernet||3x||up to 400|