G3000-LW

Business VPN-Router

  • LTE with MultiSIM
  • WLAN according to 802.11 a/b/g/n/ac
  • Quad-core CPU
  • 400 VPN tunnels
  • Fully implemented IPSec and OpenVPN
  • Intelligent firewall
  • MultiWAN Manager
  • TPM chip
  • Multi-protocol VPN

Functions and features

The G3000-LW is a VPN router with a capacity of up to 400 simultaneous VPN tunnel connections. This means that up to 400 branch offices can be securely and authentically connected to the host environment.

The intelligent backup management, the complex firewall and various routing and authentication protocols ensure a secure network connection for the host systems.

The integrated LTE backup with MultiSIM ensures increased reliability.

Various WLAN scenarios are possible thanks to the integrated WLAN in accordance with the ac standard (AP; client; AP/client).

The integrated TPM module and the option of using different VPN protocols ensure a high level of security.

Thanks to the diverse online paths (WAN via fibre optic or cable modem and mobile radio; operation behind a DSL modem), even demanding backup scenarios can be configured to ensure the best possible availability.


All features in detail

  • Modular software structure
    The modular software structure offers the option of integrating customised/custom-developed software.
  • DHCP (Dynamic Host Configuration Protocol)
    A communication protocol that enables clients to retrieve and servers to assign the network configuration (client/relay/server)
  • Protocols
    z. E.G. IP, TCP, UDP, PPP, ARP, RARP, ICMP
  • DNS (Domain Name System)
    It manages the name space in networks, e.g. for converting domain names into IP addresses (client/relay/server).
  • Dynamic DNS
    Dynamic DNS: It is used to dynamically update the IP address of a computer so that it can always be reached under the same name.
  • NTP (Network Time Protocol)
     Standard for time synchronisation via networks (client/server)
  • Routing
    Static routing (IPv4 forwarding)
    Static routing (IPv6 forwarding)
    Policy-based routing (PBR)
  • NAT (Network Address Translation)
    Source and destination NAT/NAPT and masquerading
  • QoS (Quality of Service)
    For prioritising data packets to meet the quality standard, especially for time-critical transmissions/applications
  • Real-time statistics and log function
  • Syslog client
  • TPM (Trusted Platform Module)
    The TPM chip is comparable to a permanently installed smart card. The TPM protects cryptographic keys; these can be generated, used and securely stored within the TPM. It offers protection against software and hardware attacks (physical manipulation results in the destruction of the stored keys). In addition, the integrated random number generator (RNG) provides secure number sequences as the basis for securely encrypted communication.
  • Firewall
    Zone-based stateful inspection firewall (IPv4/IPv6) with packet filter and demilitarised zone (DMZ);
    Bridging firewall
  • OpenVPN
    Free software based on OpenSSL for setting up a secure VPN via an encrypted connection. Both routed and bridged tunnels (client/server) are supported.
  • IPSec
    Internet Protocol Security: for secure VPN communication via potentially insecure
  • L2TP (Layer 2 Tunneling Protocol), passthrough
    Tunnelling protocol for transmitting the data link layer (Layer 2) of the OSI model between two networks
  • WireGuard
    WireGuard uses the latest, particularly powerful cryptographic algorithms, e.g. the Noise Protocol Framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24 or HKDF. WireGuard gets a further performance boost from the fact that the software is executed on the server side as a Linux kernel module. WireGuard uses only public keys for identification and encryption and can therefore dispense with a certificate infrastructure.
  • Hash algorithms
    MD5, SHA1, SHA2 256/512
  • Diffie Hellman Groups
    Schlüsselaustausch zum Sichern: 1, 2, 5, 14, 15, 16, 17, 18
    Modulo Prime Groups with Prime Order Subgroup: 22, 23, 24
    NIST Elliptic Curve Groups: 25, 26, 19, 20, 21
    Brainpool Elliptic Curve Groups: 27, 28, 29, 30
  • Encryption algorithms
    AES 128/192/256, Blowfish, Twofish 128/256, Serpent 128/256
  • Number of VPN tunnels
    The number of configurable VPN tunnels is not limited by the software. Depending on the application, up to
    - 30 VPN tunnels (VR2020 series),
    - 400 VPN tunnels (G3000 & G4000 series) and
    - 5000 VPN tunnels (G5000 series) are possible.
  • MultiWAN manager with complex backup options
    - Multihomed and multi-level backup target strategies
    - Optimisation of switchover times
    - Prevention of unnecessary switching
    - Optimisation of switchback
    - Prevention of switching instabilities (fluttering)
    - Mobile telephony: Provider switching with MultiSIM
    - Dynamic connection parameters (default route, policy-based routes, etc.)
    - Configurable connection check (ping, LCP echo, etc.)
  • VRRP (Virtual Router Redundancy Protocol)
    - With support for Multi group VRRP
  • Management/configuration
    Via the network using Command Line (SSH) and HTTPS as well as via Command Line (SSH) using the console port
  • Remote configuration/maintenance
    If required, remote configuration/maintenance can be carried out using the TR-069 standard. Configuration via TDT C.O.R.E. is also possible.
  • Firmware update
    Firmware updates can be realised via SSH, HTTPS and (TR-069).
  • SNMP (Simple Network Management Protocol)
    SNMP is a network protocol that was developed to monitor and control network elements from a central station.
  • Checkmk agent
    For connection to the Checkmk network management system
  • Processor
    Energy-efficient and fanless x86 processor architecture
  • Working memory
    2 GB
  • System memory
    Future-proof 512 MB SLC flash
  • Ethernet-Ports
    3 Ports (10/100/1000 Mbit/s)
  • LEDs
    11 LEDs
    A power LED, 9 status LEDs and 1 alarm LED are available for status information.
    1 alarm LED are available.
  • USB Ports
    2 ports (USB 3.0);
    e.g. backup, UPS management via USB-to-serial adapter.
  • Crypto Engine
    Hardware acceleration for encryption/decryption.
  • TPM (Trusted Platform Module)
    For secure storage of keys and certificates
  • Console port
    The Sub-D9 RS232 configuration interface (console) offers a simple way of
    easy way to address the gateway independently of the network.
  • Reset button
    For restarting or resetting the router
  • Real-time clock (RTC)
    CMOS hardware clock
  • WLAN standards
    WLAN 5 (IEEE802.11ac compliant (3×3 MIMO up to 1299 Mbit/s),
    backwards compatible with IEEE802.11a/b/g/n.
    Supports IEEE802.11d, e, h, i, k, r, vtimestamp, w.)
  • WLAN modes
    Access points mode, ad-hoc mode, station/client mode
  • Frequency range
    2,412 – 2,472 GHz
    5,180 – 5,825 GHz
  • Dynamic Frequency Selection (DFS)
    Can perform an automatic channel change,
    if another device is detected on the channel in use;
    Required for the operation of 5 GHz WLAN devices in Germany
  • Modulation techniques
    OFDM: BPSK, QPSK, DBPSK, DQPSK, CCK, 16-QAM, 64-QAM, 256-QAM
  • Security features
    WiFi Protect Access Support (WPA, WPA2, WPA-ENT), WEP, AES, TKIP, MAC address filter
  • Antenna connection
    3x RP-SMA (male)
  • EN LTE
    FDD (=Frequency Division Duplex)
    – Category 4
    – Download max. 150 Mbps
    – Upload max. 50 Mbps
    Bands:
    – 1 (2100 MHz)
    – 3 (1800 MHz)
    – 5 (850 MHz)
    – 7 (2600 MHz)
    – 8 (900 MHz)
    – 20 (800 MHz)
    TDD (=Frequency Division Duplex)
    – Category 4
    – Download max. 130 Mbps
    – Upload max. 30 Mbps
    Bands:
    – 38 (2600 MHz)
    – 40 (2300 MHz)
    – 41 (2500 MHz)
  • UMTS (WCDMA/HSPA+/DC-HSPA+)
    – Download category 24 / Upload category 6
    – Dual Carrier (DC-HSPA+) Download max. 42.2 Mbps
    – HSUPA upload max. 5.76 Mbps
    – UMTS download and upload max. 384 Kbps
    Bands:
    – 1 (2100 MHz)
    – 5 (850 MHz)
    – 8 (900 MHz)
  • Dual Band GSM/GPRS/EDGE
    Multi-slot class 12
    Frequency bands:
    – 3: DCS 1800 (MHz)
    – 8: PCS 1900 (MHz)
    – EDGE
    Download max. 296 Kbps, Upload max. 236.8 Kbps
    – GPRS
    Download max. 107 Kbps, Upload max. 85.6 Kbps
  • MultiSIM
    For the use of 2 SIM cards (mini SIM) for backup scenarios.
    Both SIM slots are located on the front of the device and are therefore
    easily accessible.
  • Antenna connection
    2x SMA (female)

 

  • GNSS (Global Navigation Satellite System)
    Various international satellite systems are used to determine positions:
    GPS, GLONASS, BeiDou, Galileo, QZSS
  • Antenna connection
    1x SMA (female)
  • Metal housing
    Wall bracket and top-hat rail clip included
  • Dimensions
    188x39x157 (WxHxD in mm, without antennas).
  • Weight
    approx. 850 g
  • Operating temperature
    -20° C to +50° C (during operation)
  • Air humidity
    85% (non-condensing)
  • Power supply
    12V (barrel connector), 2A
  • Input voltage
    12V DC
  • Average power consumption
    ≤ 6W

G3000-LW, CATHEAD LTE & WLAN antenna, power supply, patch cable, quick start guide

Router Model overview

ProductModelDSLLTEWLANWANSerialEthernetVPN-Tunnel
VR2020-D1xoptional4xup to 30
VR2020-LD1xoptional4xup to 30
G3000see Ethernet3xup to 400
G3000-Wsee Ethernet3xup to 400
G3000-L  (4G)see Ethernet3xup to 400
G3000-5G  (5G)see Ethernet3xup to 400
G3000-LWsee Ethernet3xup to 400