G4050
Central Site Gateway
- Up to 400 VPN tunnels
- LCD display
- Integrated TPM chip
- VRRP for maximum availability
- Redundant power supply
- Quad-core CPU & 4GB RAM
Functions and features
The G4050 is a VPN concentrator (Central Site Gateway) with a capacity of up to 400 simultaneous VPN tunnel connections. This means that up to 400 branch offices can be securely and authentically connected to the host environment.
Its modular and therefore highly flexible architecture allows expansion with additional interfaces, e.g. Ethernet and fibre.
The intelligent backup management, the complex firewall and various routing and authentication protocols provide a secure network connection for the host systems.
The high availability of the VPN concentrator is ensured by VRRP and the redundant power supply unit installed as standard.
The G4050, in a 19" design, is conveniently installed in a server rack in conjunction with a rack mount system.
Thanks to the quad-core CPU and the 4GB main memory, the G4050 has sufficient performance reserves to connect even large networks at any time without any problems.
With the built-in LCD display, the most important device parameters are always in the foreground.
All features in detail
- Modular software structure
The modular software structure offers the option of integrating customised/custom-developed software. - DHCP (Dynamic Host Configuration Protocol)
A communication protocol that enables clients to retrieve and servers to assign the network configuration (client/relay/server) - Protocols
z. E.G. IP, TCP, UDP, PPP, ARP, RARP, ICMP - DNS (Domain Name System)
It manages the name space in networks, e.g. for converting domain names into IP addresses (client/relay/server). - Dynamic DNS
Dynamic DNS: It is used to dynamically update the IP address of a computer so that it can always be reached under the same name. - NTP (Network Time Protocol)
Standard for time synchronisation via networks (client/server) - Routing
Static routing (IPv4 forwarding)
Static routing (IPv6 forwarding)
Policy-based routing (PBR) - NAT (Network Address Translation)
Source and destination NAT/NAPT and masquerading - QoS (Quality of Service)
For prioritising data packets to meet the quality standard, especially for time-critical transmissions/applications - Real-time statistics and log function
- Syslog client
- TPM (Trusted Platform Module)
The TPM chip is comparable to a permanently installed smart card. The TPM protects cryptographic keys; these can be generated, used and securely stored within the TPM. It offers protection against software and hardware attacks (physical manipulation results in the destruction of the stored keys). In addition, the integrated random number generator (RNG) provides secure number sequences as the basis for securely encrypted communication. - Firewall
Zone-based stateful inspection firewall (IPv4/IPv6) with packet filter and demilitarised zone (DMZ);
Bridging firewall - OpenVPN
Free software based on OpenSSL for setting up a secure VPN via an encrypted connection. Both routed and bridged tunnels (client/server) are supported. - IPSec
Internet Protocol Security: for secure VPN communication via potentially insecure - L2TP (Layer 2 Tunneling Protocol), passthrough
Tunnelling protocol for transmitting the data link layer (Layer 2) of the OSI model between two networks - WireGuard
WireGuard uses the latest, particularly powerful cryptographic algorithms, e.g. the Noise Protocol Framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24 or HKDF. WireGuard gets a further performance boost from the fact that the software is executed on the server side as a Linux kernel module. WireGuard uses only public keys for identification and encryption and can therefore dispense with a certificate infrastructure. - Hash algorithms
MD5, SHA1, SHA2 256/512 - Diffie Hellman Groups
Schlüsselaustausch zum Sichern: 1, 2, 5, 14, 15, 16, 17, 18
Modulo Prime Groups with Prime Order Subgroup: 22, 23, 24
NIST Elliptic Curve Groups: 25, 26, 19, 20, 21
Brainpool Elliptic Curve Groups: 27, 28, 29, 30 - Encryption algorithms
AES 128/192/256, Blowfish, Twofish 128/256, Serpent 128/256 - Number of VPN tunnels
The number of configurable VPN tunnels is not limited by the software. Depending on the application, up to
- 30 VPN tunnels (VR2020 series),
- 400 VPN tunnels (G3000 & G4000 series) and
- 5000 VPN tunnels (G5000 series) are possible.
- MultiWAN manager with complex backup options
- Multihomed and multi-level backup target strategies
- Optimisation of switchover times
- Prevention of unnecessary switching
- Optimisation of switchback
- Prevention of switching instabilities (fluttering)
- Mobile telephony: Provider switching with MultiSIM
- Dynamic connection parameters (default route, policy-based routes, etc.)
- Configurable connection check (ping, LCP echo, etc.) - VRRP (Virtual Router Redundancy Protocol)
- With support for Multi group VRRP
- Management/configuration
Via the network using Command Line (SSH) and HTTPS as well as via Command Line (SSH) using the console port - Remote configuration/maintenance
If required, remote configuration/maintenance can be carried out using the TR-069 standard. Configuration via TDT C.O.R.E. is also possible. - Firmware update
Firmware updates can be realised via SSH, HTTPS and (TR-069). - SNMP (Simple Network Management Protocol)
SNMP is a network protocol that was developed to monitor and control network elements from a central station. - Checkmk agent
For connection to the Checkmk network management system
- Processor
Powerful and fanless quad-core processor based on an x86 processor architecture - Working memory
4GB - System memory
Future-proof 512 MB SLC flash - Ethernet-Ports
3 Ports (10/100/1000 Mbit/s) - Extension Slot
G4050: Without extension
G4051: 1 port SFP
G4052: 2-port 10/100/1000 Mbit/s Ethernet - LCD-Display
1 LCD display 2x 40 characters, 6 buttons for displaying status information, performing reboots and factory resets - USB-Ports
2x USB 3.0;
e.g. backup, UPS management via USB-to-serial adapter - TPM (Trusted Platform Module)
For secure storage of keys and certificates - Console port
The Sub-D9 RS232 configuration interface (console) offers a simple way of
easy way to address the gateway independently of the network. - Reset button
For restarting or resetting the router - Real-time clock (RTC)
CMOS hardware clock
- not available
- not available
- not available
- Robust metal housing
19″, 1U - Dimensions (without bracket)
428x275x44 (WxDxH in mm) - Weight
approx. 3.8 kg - Operating temperature
0°C bis +50°C - Air humidity
85% (non-condensing) - Rack mounting rails
20″ or 26″ (not included in the scope of delivery) - Redundant power supply unit
60W (90V-240V) - Average power consumption
≤ 6W
G4050, 2x power cable, 2x 19" mounting brackets, quick start guide
Gateways model overview
Product | Model | DSL | Mobile network | WLAN | WAN | SFP-Port | Serial | Ethernet | VPN-Tunnel |
---|---|---|---|---|---|---|---|---|---|
VK5000 | see Ethernet | optional | 4x | up to 5000 | |||||
VK5051 | see Ethernet | optional | 4x | up to 5000 | |||||
G4050 | see Ethernet | 3x | up to 400 | ||||||
G4051 | siehe Ethernet | 3x | up to 400 | ||||||
G4052 | see Ethernet | 5x (3+2) | up to 400 | ||||||
G3000 | see Ethernet | 3x | up to 400 | ||||||
G3000-W | see Ethernet | 3x | up to 400 | ||||||
G3000-L | (4G) | see Ethernet | 3x | up to 400 | |||||
G3000-5G | (5G) | see Ethernet | 3x | up to 400 | |||||
G3000-LW | (4G) | see Ethernet | 3x | up to 400 |