ER8411
Omada VPN Gateway with 10G Ports
- Integrated into Omada SDN: Zero-Touch Provisioning (ZTP)*3, Centralized Cloud Management, and Intelligent Monitoring.
- Centralized Management: Cloud access and Omada app for ultra convenience and easy management.
- Two 10GE SFP+ Ports: 1× WAN and 1× WAN/LAN 10GE SFP+ ports provide high-bandwidth aggregation connectivity.
- Up to 10 WAN Ports: Fiber and RJ45 WAN ports with load balance raise the utilization rate of multi-line broadband.
- Highly Secure VPN: Enterprise-standard SSL/ IPSec / PPTP / L2TP VPN & OpenVPN / WireGuard / L2TP over IPSec VPN are ideal for use across multiple branches and for WFH.
- Abundant Security Features: Powerful Firewall, DoS defense, IP/MAC/URL filtering, and IP-MAC Binding, and One-Click ALG Activation provide world-class security.
-
Centralized Cloud Management
Seamless integration into the Omada SDN platform
-
Quad-Core 2.2 GHz CPU
Enterprise–level hardware design provides maximum performance
-
Two 10GE SFP+ Ports
High-bandwidth aggregation with 1× WAN and 1× WAN/LAN ports
-
Up to 10 WAN Ports
Multi-WAN Load Balance raises the utilization rate of multi-line broadband*1
-
Two USB 3.0 Ports
Available 4G/3G Modem connection for LTE WAN backup
-
High-Capacity Performance
Supports up to 2,300,000 concurrent sessions
-
High-Security VPN
Enterprise-standard SSL / IPSec / PPTP / L2TP VPN & OpenVPN / L2TP over IPSec VPN / WireGuard
-
Enhanced Security
Powerful Firewall, DoS defense, IP/MAC/URL/ Keyword filtering
-
Dual Redundant Power Supplies
Carrier-class reliability for enterprise networking
High-Capacity Performance with Quad-Core 2.2 GHz CPU
Manage your entire business network with the right amount of processing power. Dual redundant power supplies further ensure carrier-class reliability for enterprise networking.
Dual Redundant Power Supplies
Quad-Core 2.2 GHz CPU
Maximize the 10G Broadband with Omada Enterprise Gateway
Maximized 10G Broadband with the Omada Enterprise Gateway Build your lightning-fast network with Omada ER8411 — an enterprise VPN gateway with 10G ports. It surpasses the need for high-speed, reliable, and safe enterprise networks, ideal for large-scale deployments such as offices, schools, and hotels.
1× 10G SFP+ WAN/LAN Port
1× 10G SFP+ WAN Port
Easily Build a Whole 10G Enterprise Network
10G Gateway
Full 10G Fiber Switch
Core Server / NAS
-
PoE Switch with 10G Uplink
Connects PoE Devices, Hassle-Free
-
WiFi 6E and WiFi 6 Access Points
With 10G or 2.5G PortsConnect WiFi 6 APs with 10G or 2.5G PoE Switches
-
Switch with 10G Uplink
Lightning-Fast Wired Connections
10× WAN Ports & One USB WAN for Mobile Broadband
Up to 10× WAN SFP+, SFP, and RJ45 ports allow the gateway to support various internet access requirements.*1 Multi-WAN Load Balancing distributes data streams according to the bandwidth proportion of every WAN port to raise the utilization rate of multi-line broadband. Connect a 4G/3G modem to one of the USB 3.0 ports for LTE WAN backup.
Note: At least one of the ten WAN/LAN ports needs to function as a LAN.
2× USB 3.0 Ports
(Single 4G/3G Modem connection for LTE WAN backup)
1× Gigabit SFP WAN/LAN Port
1× 10G SFP+ WAN/LAN Port
1× 10G SFP+ WAN Port
8× Gigabit RJ45 WAN/LAN Ports
High-Security and High-Performance VPN
ER8411 supports pass-through traffic and multiple VPN protocols, including SSL, IPSec, PPTP, WireGuard, and L2TP in Client/Server mode. One-click auto IPSec VPN simplifies VPN configuration and facilitates network management and deployment.*2 The gateway also features built-in VPN engine hardware, allowing support and management of hundreds of IPSec, PPTP, L2TP, SSL VPN, and OpenVPN Tunnels.
Robust Security Features
Powerful Firewall
Advanced firewall policies
protect your network and data.
IP/MAC/URL/Keyword Filtering
Forcefully prevent viruses and attacks from intruders.
Convenient VLAN Support
Create virtual network segments for
enhanced security and simplified
network management.
IP-MAC Binding
Reserves static IP assignment for
clients to defend against ARP
attacks and spoofing.
DoS Defense
Automatically detects and blocks
Denial of Service (DoS) attacks such
as TCP/UDP/ICMP Flooding, Ping of
Death, and other related threats.
One-Click ALG Activation
One-Click ALG Activation for
applications such as FTP, H323, SIP,
IPSec, and PPTP.
Seamless Integration into Omada SDN
The Omada Software Defined Networking (SDN) platform integrates network devices including access points, switches, and gateways to provide 100% centralized cloud management and create a highly scalable network—all controlled from a single interface.
-
Hardware, Software, or Cloud-Based Controllers
-
Centralized Cloud Management
-
Intelligent Monitoring
-
Zero-Touch Provisioning (ZTP)*3
Internet
Cloud Access
Wall Plate AP
WiFi 6 Ceiling Mount AP
Outdoor AP
JetStream PoE Switches
Omada VPN Gateway
ER8411
Web Browser
Omada App
Omada Hardware Controller
Or
Omada Software Controller
SECURITY | |
---|---|
Access Control | Source/Destination IP Based Access Control |
Filtering | • WEB Group Filtering*5• URL Filtering• Web Security*5 |
ARP Inspection | • Sending GARP Packets*5• ARP Scanning*5• IP-MAC Binding*5 |
Attack Defense | • TCP/UDP/ICMP Flood Defense• Block TCP Scan (Stealth FIN/Xmas/Null)• Block Ping from WAN |
HARDWARE FEATURES | |
---|---|
Standards and Protocols | • IEEE 802.3, IEEE802.3u, IEEE802.3ab, IEEE802.3z, IEEE 802.3x, IEEE 802.1q• TCP/IP, DHCP, ICMP, NAT, PPPoE, NTP, HTTP, HTTPS, DNS, IPSec, PPTP, L2TP, OpenVPN, SNMP, WireGuard VPN |
Interface | • 2× 10GE SFP+ Ports (1 WAN, 1 WAN/LAN)• 1× 1GE SFP WAN/LAN Ports• 8× 1GE RJ45 WAN/LAN Ports• 1× RJ45 Console Ports• 2× USB Ports (Connecting 4G/3G Modem as WAN Backup) |
Network Media | • 10BASE-T: UTP category 3, 4, 5 cable (Max 100 m)EIA/TIA-568 100Ω STP (Max 100 m)• 100BASE-TX: UTP category 5, 5e cable (Max 100 m)EIA/TIA-568 100Ω STP (Max 100 m)• 1000BASE-T: UTP category 5e, 6 cable (Max 100 m) |
Fan Quantity | 2 |
Button | Reset Button |
Power Supply | Redundant Dual Power Supplies (100–240 VAC, 50/60 Hz) |
PoE Budget | - |
Flash | 4MB SPI NOR + 256 MB NAND |
DRAM | 4 GB DDR4 |
LED | PWR, SYS, WAN, LAN, USB, FAN |
Dimensions ( W x D x H ) | 17.3 × 8.7 × 1.7 in (440 × 220 × 44 mm) |
Protection | 4 kV surge protection |
Enclosure | Steel |
Mounting | Rack Mountable |
Max Power Consumption | • 26.36 W (with USB 3.0 connected)• 19.12 W (without USB 3.0 connected) |
PERFORMANCE | |
---|---|
IPS Throughput | TCP: 4924 Mbps;UDP: 4521 Mbps |
DPI Throughput | TCP: 5524 Mbps; UDP: 3547 Mbps |
WireGuard VPN | 1411 Mbps |
Concurrent Session | 2,300,000 |
New Sessions /Second | 20,000 |
NAT (Static IP) | • Upload: 9445.82 Mbps• Download: 9449.26 Mbps |
NAT(DHCP) | • Upload: 9426.83 Mbps• Download: 9426.20 Mbps |
NAT(PPPoE) | • Upload: 9413.96 Mbps• Download: 9102.01 Mbps |
NAT (L2TP) | • Upload: 9064.66 Mbps• Download: 8587.57 Mbps |
NAT (PPTP) | • Upload: 8712.11 Mbps• Download: 8505.61 Mbps |
64 Byte Packet Forwarding Rate | • Upload: 1080 Mbps• Download: 1030 Mbps |
IPsec VPN Throughput | • ESP-SHA1-AES256: 3099.4 Mbps• ESP-SHA256-AES256: 2928.4 Mbps• ESP-SHA384-AES256: 2935.7 Mbps• ESP-SHA512-AES256: 2878 Mbps |
OpenVPN | UDP: 4424.1 Mbps |
L2TP VPN Throughput | • Unencrypted: 10497 Mbps• Encrypted: 3178.5 Mbps |
PPTP VPN Throughput | • Unencrypted: 10143 Mbps• Encrypted: 952 Mbps |
SSL VPN Throughput | 4486 Mbps |
66 Byte Packet forwarding rate | - |
1,518 Byte Packet forwarding rate | • Upload: 9970 Mbps• Download: 9970 Mbps |
BASIC FUNCTIONS | |
---|---|
WAN Connection Type | • Static/Dynamic IP• PPPoE• PPTP• L2TP• 6to4 Tunnel• Pass-Through• Mobile Broadband: 4G/3G modem for backup via USB port |
MAC Clone | Modify WAN/LAN MAC Address*4 |
DHCP | • DHCP Server/Client• DHCP Address Reservation• Multi-net DHCP• Multi-IP Interfaces |
IPv6 | WAN Connection |
VLAN | 802.1Q VLAN |
IPTV | IGMP v2/v3 Proxy |
ADVANCED FUNCTIONS | |
---|---|
ACL | IP/Port/Protocol/Domain Name Filtering |
Advanced Routing | • Static Routing• Policy Routing |
Bandwidth Control | • IP/Port-based Bandwidth Control• Guarantee & Limited Bandwidth |
Load Balance | • Intelligent Load Balance• Application Optimized Routing• Link Backup (Timing*5, Failover)• Online Detection |
NAT | • One-to-One NAT*5• Multi-Net NAT• Port Forwarding• Port Triggering*5• NAT-DMZ• FTP/H.323/SIP/IPSec/PPTP ALG• UPnP |
Session Limit | IP-based Session Limit |
VPN | |
---|---|
SSL VPN | • SSL VPN Server• SSL VPN Client• 500 SSL VPN Tunnels |
IPsec VPN | • 300 IPSec VPN Tunnels• LAN-to-LAN, Client-to-LAN• Main, Aggressive Negotiation Mode• DES, 3DES, SHA1, SHA256, SHA384, SHA512, AES128, AES192, AES256 Encryption Algorithm• IKE v1/v2• MD5, SHA1 Authentication Algorithm• NAT Traversal (NAT-T)• Dead Peer Detection (DPD)• Perfect Forward Secrecy (PFS) |
PPTP VPN | • PPTP VPN Server• PPTP VPN Client (32)*6• 300 Tunnels (Shared with L2TP)• PPTP with MPPE Encryption |
L2TP VPN | • L2TP VPN Server• L2TP VPN Client (32)*6• 300 Tunnels (Shared with PPTP)• L2TP over IPSec |
OpenVPN | • OpenVPN Server• OpenVPN Client (10)*6• 110 OpenVPN Tunnels |
WireGuard VPN | • 300 Tunnels |
AUTHENTICATION | |
---|---|
Web Authentication | • No Authentication• Simple Password*2• Hotspot(Local User / Voucher*2 / SMS*2 / Radius*2)• External Radius Sever• External Portal Sever*2 |
MANAGEMENT | |
---|---|
Omada App | Yes. Requiring the use of OC300, OC200, Omada Cloud-Based Controller, or Omada Software Controller. |
Centralized Management | • Omada Hardware Controller (OC300)• Omada Hardware Controller (OC200)• Omada Software Controller• Omada Cloud-Based Controller |
Cloud Access | Yes. Requiring the use of OC300, OC200, Omada Cloud-Based Controller, or Omada Software Controller. |
Service | Dynamic DNS (Dyndns, No-IP, Peanuthull, Comexe) |
Maintenance | • Web Management Interface• Remote Management• Export & Import Configuration• SNMP v1/v2c/v3• Diagnostics (Ping & Traceroute)*5• NTP Synchronize*5• Syslog Support |
Zero-Touch Provisioning | Yes. Requiring the use of Omada Cloud-Based Controller. |
Management Features | • Automatic Device Discovery• Intelligent Network Monitoring• Abnormal Event Warnings• Unified Configuration• Reboot Schedule• Captive Portal Configuration |
OTHERS | |
---|---|
Certification | CE, FCC, RoHS |
Package Contents | • Omada 10G Multi-WAN Security Gateway ER8411• Power Cord• Rack-Mount Kit• Quick Installation Guide |
System Requirements | Microsoft Windows 98SE, NT, 2000, XP, Vista™ or Windows 7/8/8.1/10/11, MAC OS, NetWare, UNIX or Linux |
Environment | • Operating Temperature: 0–40 ℃ (32–104 ℉);• Storage Temperature: -40–70 ℃ (-40–158 ℉)• Operating Humidity: 10–90% RH non-condensing• Storage Humidity: 5–90% RH non-condensing |
1. At least one WAN/LAN port needs to function as a LAN port.
2. These functions requires the use of Omada Hardware Controller, Software Controller, or Cloud-Based Controller.
3. Zero-Touch Provisioning requires the use of Omada Cloud-Based Controller. Please go to Omada Cloud-Based Controller Product List to find all the models supported by Omada Cloud-Based Controller.
4. LAN MAC Address can be modified only in Standalone Mode.
5. These functions are supported only in Standalone Mode.
6. ER8411 can work as a VPN client and can connect with up to 32 PPTP/L2TP VPN servers and 10 OpenVPN servers.
7. For the complete compatibility list of 4G/3G modem, go to https://www.tp-link.com/er8411/compatibility/
Attention: It is recommended to use only one TL-SM5310-T module for the ER8411.