G5000 VPN Concentrator
- 5.000 VPN IPSec Tunnels
- 2.300 VPN OpenVPN Tunnels
- Fully implemented IPSec and OpenVPN
- Intelligent Firewall
- Perl Interpreter
- Intelligent Routing
G5000 Functions and Characteristics
The G5000 is a VPN Concentrator (Central Site Gateway) with a capacity of up to 5.000 simultaneous IPSec VPN respectively 2.300 OpenVPN Tunnel connections. That means up to 5.000/2.300 remote station connections can be secured and authenticated to the host environment.
Its modular and therefore flexible architechture enables expansion with additional modules such as ISDN, Ethernet, Fiber, etc.
The intelligent Backup Management, the complex high security firewall with Stateful Inspection und Intrusion Detection/Prevention as well as diverse routing and authentication protocols ensure a secure connection to the host systems.
The high availability of the VPN Concentrator is achieved using VRRP and the redundant power supply (fitted as standard).
The G5000 is delivered in 19" format and is equipped with a rack mount system for installation in server cabinets.
All Features at a Glance
Hardware Specification - Basic System
- High performance quad-core processor
- 4 GB DDR3 RAM
- 30 GB SSD (Solid State Disk)
- 4 expansion slots
- 1 PCI Express x16
- 1 PCI Express x4
- 2 PCI
- 2 10/100/1000 BaseT Ethernet Ports
- 4 USB 2.0 Ports ( e.g. backup, UPS administration)
- 1 RS232 console port (for monitoring and error diagnostic)
- 1 VGA and 1 PS/2 connection (for local monitoring and error diagnostic)
- Real-time clock
General Router Features
- Network Time Protocol (NTP) Client/Relay/Server
- Dynamic Host Control Protocol (DHCP) Client/Relay/Server
- Dynamic DNS (DynDNS) and secure DNS support
- Real-time Statistic and Log Function, Log Rotation, Syslog Client/Server
- FTP (Client/Server/Relay, e.g. for Webcams to buffer pictures)
- IP CAM Server and Transcoder (for video applications)
Routing Protocols
- IP Protocols such as e.g. IPv4, IPv6, TCP, UDP, ARP, RARP, ICMP
- Routing Information Protocol (RIPv1 and RIPv2) and RIPng
- Open Shortest Path First (OSPF)
- Border Gateway Protocol (BGP, BGPv4+)
- Intermediate system to intermediate system (IS-IS)
- Multicast support
- Spanning Tree Protocol (STP)
- Transparent Bridging
- Network Address Translation (NAT) Network Address Port Translation (NAPT)
- Point-to-Point Protocol over ATM (PPoA) (with DSL models)
- PPP over Ethernet (PPPoE)
- PPPoE and PPPoA bridging (with DSL models)
- Generic Routing Encapsulation (GRE)
- Web Cache Communication Protocol (WCCP)
- Multi Channel Connection (MCC)
Safety Features
- Stateful Inspection Firewall (extendable using Scripts)
- Bridging Firewall
- Demilitarized Zone (DMZ)
- IPSec (Client/Server)
- OpenVPN routed and bridged (Client/Server)
- Easy VPN Client/Server (XAuth)
- IPSec Passthrough
- Point-to-Point Tunnelling Protocol (PPTP), passthrough
- Layer 2 Tunnelling Protocol (L2TP), passthrough
- SSL/TLS Tunnel (client/server)
- EAP Client/Server
- Radius Client/Server
- Authentication: PAP, CHAP und PSK
- Digital certificates Public-Key-Infrastructure (PKI)
- MD5, SHA1, SHA2 256/512 Hash Algorithms (others on request)
- Diffie Hellman Group 1, 2, 5 for key exchange
- Encryption algorithms, DES, 3DES, AES 128/192/256, Blowfish, Twofish 128/256, Serpent 128/256 (others on request)
- Simple Certificate Enrolment Protocol (SCEP)
- HTTP Proxy Inspection Engine
- 802.1x
- Secure HTTP (HTTPS), SSH, SCP and FTP Authentication Proxies
- Up to 30 VPN Tunnels
QoS Features
- Hierarchical, sequencial planning for DiffServ classes (Traffic Shaping)
- Dynamic bandwidth management with DiffServ classes
- DiffServ Policing:
- Class Based Queue (CBQ)
- Token Bucket Flow (TBF)
- First In First Out (P/BFIFO)
- Stochastic Fair Queuing (SFQ)
- Diff-Serv Marker (DS_MARK)
- Hierarchical Token Bucket (HTB)
- Priority-based queuing (PTIO)
- Class-Based Marking (CBM)
High Availability Features
- TDT Connection-Manager with complex backup possibilities
- Multi-homed and multi-level backup-target strategies
- Optimising of switching times
- Prevention of unnecessary switching
- Optimising of switch-back
- Prevention of switching instability (chattering)
- Mobile telephone provider switching using dual SIM
- Dynamic connection parameters (Default Route, DNS, Gateway, etc.)
- Configurable connection monitoring (Ping, LCP-Echo, etc.)
- Emergency Reboot/Reset when e.g. 3G+/4G cannot be established
- Virtual Router Redundancy Protocol (Multigroup VRRP)
- Out-of-band management (with optional ISDN/3G+/4G modem, SMS)
Management Features
- Access management using Access Control Lists (ACL)
- Firmware Updates via Web interface or command line
- Differential Firmware Update (reduced size for updates via WAN)
- Simple Network Management Protocol (SNMPv1/2/3)
- Management via Command Line Interface (CLI), SSH, SCP and HTTPS
- SMS configuration and status request (only with mobile telephone models)
- Event handler, extendable with scripts (perl, bash)
Expansion Modules (optional)
- ADSL 2/2+ for Annex B or Annex A
- Wireless module for mobile networks (LTE/HSPA/UMTS/EDGE/GPRS)
- SFP 1000 BaseX Ethernet module for optical SFP module
- ISDN BRI / S0
- ISDN E1 / S2M
- 10/100/1000 BaseT Ethernet server adapter with 1, 2 or 4 ports
Technical Data - Basic System
- Dimensions: 2HE, 430x470x88mm (WxHxD)
- Rack installation rails (20“ or 26“)
- Operating temperature: 0°C - +50°C
- Humidity: 85% (non condensing)
- Redundant power supply: 420W (110-240V)
- Power consumption: ca. 77W
- Robust metal housing
- CE conformity and vibration tested
