FAQ LANCOM Trusted Access

Yes, as an IT security solution made in Germany, LANCOM Trusted Access is subject to and complies with European legal standards and is therefore GDPR-compliant.  The LANCOM Trusted Access Client and the LANCOM Management Cloud (LMC) are developed in Germany, and all cloud data is hosted in data centres in Germany. For maximum data security and data protection, data exchange for user authentication takes place exclusively via the LMC. All other user data runs directly between the LTA client and LTA gateway - without being decoupled via an external cloud.

Whether you need cloud-managed VPN client networking for far-reaching network access or want to take the step to a comprehensive zero-trust security architecture - LANCOM Trusted Access offers suitable expansion levels. For further information, please refer to the LANCOM Trusted Access Client data sheet. Please note that LTA is not available for Private LMC.

LANCOM Service & Support is there to help and advise you if you need assistance with software problems or have technical information requests. You can find out what requirements apply in the LANCOM Trusted Access support services info paper.

To operate the LANCOM Trusted Access solution, you need the following three LANCOM components and a central user database:

• LANCOM Trusted Access Client (LTA Client): Available as 1, 3 or 5 year licences, client licensing is done centrally via the LANCOM Management Cloud
• LANCOM Management Cloud (LMC) (LTA Controller):  Configuration, monitoring, licence management and connection to Active Directory
• LANCOM Trusted Access Gateway (LTA Gateway): LANCOM VPN router or LANCOM R&S®Unified Firewall For small installations, an existing VPN router can be used for site networking and remote access. In larger scenarios, we recommend outsourcing the LTA gateway function to a firewall HA cluster in a DMZ, for example.
• Central user database with Microsoft Entra ID Connect (formerly Azure AD Connect) for linking to existing Microsoft Active Directory. Alternatively, internal user management in the LMC is also available for small installations without AD (LMC internal user table).

• Microsoft Windows 10 / 11 (on Intel x86 or x86-64 processor architecture)
• MacOS (in preparation)

• All LCOS-based routers (hardware or vRouter) as of LCOS 10.80
• All LCOS FX-based firewalls (hardware or vFirewall) from LCOS FX 10.13

LANCOM Trusted Access Client

Licences for the LANCOM Trusted Access Client can be purchased with terms of 1, 3 and 5 years for different numbers of users (1, 10, 25, 100, 250 or 1,000). Licences are per user (i.e. not per end device). With an LTA licence, up to three end devices can be used in parallel per user. All LTA licences are always assigned to exactly one project in the LANCOM Management Cloud (LMC) (queried when ordering) and are non-transferable. The employees of a company who are either added and activated in the local user administration or are included in the primary group of the IdP user administration (suitable Active Directory group, e.g. "LTA User") are decisive for the user count. All potentially authorised users are therefore subject to licensing.

Trusted Access Gateway (router or firewall)

All LTA gateways must have an active LMC licence.
On LCOS-based gateways, one free VPN channel is required per user. Content filtering for web traffic is only available in conjunction with the corresponding LANCOM Content Filter software option. An active Basic or Full licence is required on LCOS FX-based gateways. Content filtering, IDS / IPS, antivirus and SSL inspection for web traffic is only available in conjunction with a corresponding full licence.

Yes, a free LTA starter licence is available. This allows you to test LANCOM Trusted Access for a maximum of 30 days and 25 users. The prerequisite for this is an LMC organisation or an LMC project, which is made available free of charge via the partner programme. The LTA starter licence is stored once in your licence management under "LTA user licences" and is automatically activated after the configuration of the first LTA user or a user group activation from an Active Directory. LTA operation in NFR and demo projects without a chargeable LMC licence is not supported.

If you have activated insufficient LTA licences for the number of managed LTA users, you will receive corresponding messages. After a multi-stage reminder process, all accesses will be blocked. To prevent this, please purchase additional licences in good time.

• Configuration of LTA gateways with LANconfig is currently not supported

With LTA, user authentication according to the zero trust principle is usually carried out via a central user database ("identity provider", e.g. an Active Directory). This can be either a local Microsoft Active Directory (with LMC connection via Azure AD Connect) or a cloud-hosted Active Directory (Microsoft Entra ID, formerly Azure AD). For small companies without a centralised user database, a user management system integrated into the LANCOM Management Cloud is available as an alternative (LMC-internal user table).

LANCOM Systems offers a comprehensive Trusted Access onboarding programme with step-by-step instructions and training videos as well as further information for different scenarios and thematic focuses (sales, technology). This programme is aimed at LANCOM partners who want to set up Trusted Access in their company and/or with their customers.