G3000-LW
Business VPN-Router
- LTE with MultiSIM
- WLAN according to 802.11 a/b/g/n/ac
- Quad-core CPU
- 400 VPN tunnels
- Fully implemented IPSec and OpenVPN
- Intelligent firewall
- MultiWAN Manager
- TPM chip
- Multi-protocol VPN
Functions and features
The G3000-LW is a VPN router with a capacity of up to 400 simultaneous VPN tunnel connections. This means that up to 400 branch offices can be securely and authentically connected to the host environment.
The intelligent backup management, the complex firewall and various routing and authentication protocols ensure a secure network connection for the host systems.
The integrated LTE backup with MultiSIM ensures increased reliability.
Various WLAN scenarios are possible thanks to the integrated WLAN in accordance with the ac standard (AP; client; AP/client).
The integrated TPM module and the option of using different VPN protocols ensure a high level of security.
Thanks to the diverse online paths (WAN via fibre optic or cable modem and mobile radio; operation behind a DSL modem), even demanding backup scenarios can be configured to ensure the best possible availability.
All features in detail
- Modular software structure
The modular software structure offers the option of integrating customised/custom-developed software. - DHCP (Dynamic Host Configuration Protocol)
A communication protocol that enables clients to retrieve and servers to assign the network configuration (client/relay/server) - Protocols
z. E.G. IP, TCP, UDP, PPP, ARP, RARP, ICMP - DNS (Domain Name System)
It manages the name space in networks, e.g. for converting domain names into IP addresses (client/relay/server). - Dynamic DNS
Dynamic DNS: It is used to dynamically update the IP address of a computer so that it can always be reached under the same name. - NTP (Network Time Protocol)
Standard for time synchronisation via networks (client/server) - Routing
Static routing (IPv4 forwarding)
Static routing (IPv6 forwarding)
Policy-based routing (PBR) - NAT (Network Address Translation)
Source and destination NAT/NAPT and masquerading - QoS (Quality of Service)
For prioritising data packets to meet the quality standard, especially for time-critical transmissions/applications - Real-time statistics and log function
- Syslog client
- TPM (Trusted Platform Module)
The TPM chip is comparable to a permanently installed smart card. The TPM protects cryptographic keys; these can be generated, used and securely stored within the TPM. It offers protection against software and hardware attacks (physical manipulation results in the destruction of the stored keys). In addition, the integrated random number generator (RNG) provides secure number sequences as the basis for securely encrypted communication. - Firewall
Zone-based stateful inspection firewall (IPv4/IPv6) with packet filter and demilitarised zone (DMZ);
Bridging firewall - OpenVPN
Free software based on OpenSSL for setting up a secure VPN via an encrypted connection. Both routed and bridged tunnels (client/server) are supported. - IPSec
Internet Protocol Security: for secure VPN communication via potentially insecure - L2TP (Layer 2 Tunneling Protocol), passthrough
Tunnelling protocol for transmitting the data link layer (Layer 2) of the OSI model between two networks - WireGuard
WireGuard uses the latest, particularly powerful cryptographic algorithms, e.g. the Noise Protocol Framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24 or HKDF. WireGuard gets a further performance boost from the fact that the software is executed on the server side as a Linux kernel module. WireGuard uses only public keys for identification and encryption and can therefore dispense with a certificate infrastructure. - Hash algorithms
MD5, SHA1, SHA2 256/512 - Diffie Hellman Groups
Schlüsselaustausch zum Sichern: 1, 2, 5, 14, 15, 16, 17, 18
Modulo Prime Groups with Prime Order Subgroup: 22, 23, 24
NIST Elliptic Curve Groups: 25, 26, 19, 20, 21
Brainpool Elliptic Curve Groups: 27, 28, 29, 30 - Encryption algorithms
AES 128/192/256, Blowfish, Twofish 128/256, Serpent 128/256 - Number of VPN tunnels
The number of configurable VPN tunnels is not limited by the software. Depending on the application, up to
- 30 VPN tunnels (VR2020 series),
- 400 VPN tunnels (G3000 & G4000 series) and
- 5000 VPN tunnels (G5000 series) are possible.
- MultiWAN manager with complex backup options
- Multihomed and multi-level backup target strategies
- Optimisation of switchover times
- Prevention of unnecessary switching
- Optimisation of switchback
- Prevention of switching instabilities (fluttering)
- Mobile telephony: Provider switching with MultiSIM
- Dynamic connection parameters (default route, policy-based routes, etc.)
- Configurable connection check (ping, LCP echo, etc.) - VRRP (Virtual Router Redundancy Protocol)
- With support for Multi group VRRP
- Management/configuration
Via the network using Command Line (SSH) and HTTPS as well as via Command Line (SSH) using the console port - Remote configuration/maintenance
If required, remote configuration/maintenance can be carried out using the TR-069 standard. Configuration via TDT C.O.R.E. is also possible. - Firmware update
Firmware updates can be realised via SSH, HTTPS and (TR-069). - SNMP (Simple Network Management Protocol)
SNMP is a network protocol that was developed to monitor and control network elements from a central station. - Checkmk agent
For connection to the Checkmk network management system
- Processor
Energy-efficient and fanless x86 processor architecture - Working memory
2 GB - System memory
Future-proof 512 MB SLC flash - Ethernet-Ports
3 Ports (10/100/1000 Mbit/s) - LEDs
11 LEDs
A power LED, 9 status LEDs and 1 alarm LED are available for status information.
1 alarm LED are available. - USB Ports
2 ports (USB 3.0);
e.g. backup, UPS management via USB-to-serial adapter. - Crypto Engine
Hardware acceleration for encryption/decryption. - TPM (Trusted Platform Module)
For secure storage of keys and certificates - Console port
The Sub-D9 RS232 configuration interface (console) offers a simple way of
easy way to address the gateway independently of the network. - Reset button
For restarting or resetting the router - Real-time clock (RTC)
CMOS hardware clock
- WLAN standards
WLAN 5 (IEEE802.11ac compliant (3×3 MIMO up to 1299 Mbit/s),
backwards compatible with IEEE802.11a/b/g/n.
Supports IEEE802.11d, e, h, i, k, r, vtimestamp, w.) - WLAN modes
Access points mode, ad-hoc mode, station/client mode - Frequency range
2,412 – 2,472 GHz
5,180 – 5,825 GHz - Dynamic Frequency Selection (DFS)
Can perform an automatic channel change,
if another device is detected on the channel in use;
Required for the operation of 5 GHz WLAN devices in Germany - Modulation techniques
OFDM: BPSK, QPSK, DBPSK, DQPSK, CCK, 16-QAM, 64-QAM, 256-QAM - Security features
WiFi Protect Access Support (WPA, WPA2, WPA-ENT), WEP, AES, TKIP, MAC address filter - Antenna connection
3x RP-SMA (male)
- EN LTE
FDD (=Frequency Division Duplex)
– Category 4
– Download max. 150 Mbps
– Upload max. 50 Mbps
Bands:
– 1 (2100 MHz)
– 3 (1800 MHz)
– 5 (850 MHz)
– 7 (2600 MHz)
– 8 (900 MHz)
– 20 (800 MHz)
TDD (=Frequency Division Duplex)
– Category 4
– Download max. 130 Mbps
– Upload max. 30 Mbps
Bands:
– 38 (2600 MHz)
– 40 (2300 MHz)
– 41 (2500 MHz) - UMTS (WCDMA/HSPA+/DC-HSPA+)
– Download category 24 / Upload category 6
– Dual Carrier (DC-HSPA+) Download max. 42.2 Mbps
– HSUPA upload max. 5.76 Mbps
– UMTS download and upload max. 384 Kbps
Bands:
– 1 (2100 MHz)
– 5 (850 MHz)
– 8 (900 MHz) - Dual Band GSM/GPRS/EDGE
Multi-slot class 12
Frequency bands:
– 3: DCS 1800 (MHz)
– 8: PCS 1900 (MHz)
– EDGE
Download max. 296 Kbps, Upload max. 236.8 Kbps
– GPRS
Download max. 107 Kbps, Upload max. 85.6 Kbps - MultiSIM
For the use of 2 SIM cards (mini SIM) for backup scenarios.
Both SIM slots are located on the front of the device and are therefore
easily accessible. - Antenna connection
2x SMA (female)
- GNSS (Global Navigation Satellite System)
Various international satellite systems are used to determine positions:
GPS, GLONASS, BeiDou, Galileo, QZSS - Antenna connection
1x SMA (female)
- Metal housing
Wall bracket and top-hat rail clip included - Dimensions
188x39x157 (WxHxD in mm, without antennas). - Weight
approx. 850 g - Operating temperature
-20° C to +50° C (during operation) - Air humidity
85% (non-condensing) - Power supply
12V (barrel connector), 2A - Input voltage
12V DC - Average power consumption
≤ 6W
G3000-LW, CATHEAD LTE & WLAN antenna, power supply, patch cable, quick start guide