Vigor2955

Home \ VIGOR \ Dual Wan SSL VPN Router \ Vigor2955
 

Vigor2955

  • Dual-WAN with Load Balance and Fail-Over
  • 5-Port Gigabit switch for LAN connection
  • Object-based SPI Firewall with DoS defense
  • Content Security Management (CSM) for latest IM/P2P software and more
  • 200 x VPN LAN-to-LAN tunnels with 3DES hardware accelerator
  • Support VPN Load Balance and Fail-Over
  • 50 x SSL VPN concurrent tunnels and SSL application
  • QoS for prioritizing video, voice, online game and data traffic
  • USB for Printer Sharing, and 3G HSDPA USB Modem
  • Support Smart Monitor up to 100 PCs
  • Support TR-069 for VigorACS SI
  • 2 year warranty
Vigor2950Vigor2955
Ethernet WAN (main WAN) yes yes
Ethernet WAN (2nd WAN) yes yes
3G USB Port (2nd WAN) no yes
VigorACS SI (TR-069) yes yes
Smart Monitor yes yes























Overview

The Vigor2955 is a Dual WAN broadband router with Load Balance and Fail-Over. There are advanced features supporting secure network management (Firewall & CSM), bandwidth management (QoS, Session Limitation & Bandwidth Control), remote data access (VPN & SSL VPN), etc., making this router ideal broadband access devices for SOHO and business users.

The USB port allows connection with 3.5G USB modem as 2nd WAN and USB printer for printer sharing.

The 5 x Gigabit switch allowing faster sharing of larger files, such as video or media documents among network users.

The Vigor2955 is designed with object-based SPI (Stateful Packet Inspection) firewall to detect malicious packets, such as Denial of Service (DoS) attacks, and prevent these from jeopardizing the internal home or office network thus ensuring upmost network security and reliability.

The Content Security Management (CSM) feature allows control of access to websites based on their content; for instance, websites with obscene or objectionable content can be blocked by the parents to ensure safe browsing by young children in the family. Furthermore, peer-to-peer applications that tend to consume big bandwidth and sessions can be managed easily by ticking the CSM options.

The Vigor2955 supports 200 x LAN-to-LAN VPN tunnels secure remote data access, such as inter office, or home-office communication with strong VPN functionality with all major VPN protocols: PPTP, IPSEC, L2TP and L2TP over IPSEC, including advanced DES, 3DES encryption engine and IKE automated key management, etc.

The dual WAN feature allows to create dual VPN tunnel for VPN load balance and fail-over.

Without the necessity of installing VPN client, Remote Desktop application, or File Explore on individual PC, the Secure Socket Layer (SSL) virtual private network (VPN) facility lets remote workers connect to the office network at any one time. SSL is supported by standard web browsers such as Firefox and Internet Explore. For users of small offices and teleworkers who need to access head office internal applications, file server and file sharing, Vigor2955 allows up to 50 concurrent SSL sessions.

The Vigor2955 supports up to 100 PC users for Smart Monitor. It can capture, filter and analyze network information for different purposes by integrating with Vigor2955. With Smart Monitor, the administrator can adopt the content that user cares and restore the data to readability information and produce various reports for reference.




Features

  1. Dual-WAN
    • Outbound Policy-based Load-balance
    • BoD (Bandwidth On Demand)
    • WAN Connection Fail-over
  2. Ethernet WAN Protocol
    • DHCP Client
    • Static IP
    • PPPoE
    • PPTP
    • L2TP
  3. Internet Features
    • Internet Fail-Over via 3G USB Modem
    • WAN IP Alias for each WAN : 32
  4. Firewall
    • Object-based & Policy-based Firewall
    • SPI ( Stateful Packet Inspection ) with new FlowTrack Mechanism
    • Multi-NAT
    • Port Redirection
    • Open Port
    • Address Mapping
    • DMZ Host
    • True IP DMZ Host
    • DoS / DDoS Protection
    • IP Address Anti-Spoofing
    • E-mail Alert
    • VLAN (Virtual LAN)
    • Bind IP to MAC Address
    • LAN User Web Authentication
  5. CSM (Content Security Management)
    • IM (Instant Messenger) Filter (e.g. MSN / Yahoo Messenger etc.)
    • Web IM Application Filter (e.g. eMessenger / WebMSN / WebYahooIM etc.)
    • VoIP Application Filter (e.g. Skype / Gizmo etc.)
    • P2P (Peer-to-Peer) Filter (e.g. BitTorrent / eMule / KazzaA etc.)
    • Protocol Filter (e.g. FTP / HTTP / POP3 etc.)
    • Web Application Filter :
      • Tunneling Filter (e.g. Socks4 / Socks5 / RealTunnel / UltraVPN etc.)
      • Streaming Filter (e.g. FlashVideo / SilverLight / PPStream / PPLive etc.)
      • Remote Control Filter (e.g. VNC / TeamViewer / WindowLiveSync etc.)
      • Web HD Filter (HTTP Upload / MS SkyDrive / OfficeLive / GDoc Uploader etc.)
    • URL Content Filter (Whitelist or Blacklist specific sites or keywords in URLs)
    • File Extension Filter (e.g. Image / Video / Audio / Compression files etc.)
    • GlobalView Web Content Filter ( Powered by *
      (e.g. Child Protection / Gambling / Porn & Sexually / Travel / Game / Sports etc.)
  6. VPN and Remote Access
    • Up to 200 Concurrent VPN Tunnels (incoming or outgoing)
    • VPN Client Wizard
    • VPN Server Wizard
    • Protocol :
      • PPTP
      • IPSec
      • L2TP
      • L2TP over IPSec
    • Encryption :
      • MPPE
      • Hardware-based AES
      • Hardware-based DES
      • Hardware-based 3DES
    • Authentication
      • Hardware-based MD5
      • Hardware-based SHA-1
    • IKE Authentication :
      • Pre-shared Key
      • Digital Signature (X.509)
    • LAN-to-LAN
    • Teleworker-to-LAN
    • RADIUS (Remote Authentication Dial In User Service) Client for dial-in teleworker
    • LDAP (Lightweight Directory Access Protocol) Client for dial-in teleworker
    • DHCP over IPSec
    • Dead Peer Detection (DPD)
    • Mobile One-Time Password
    • NAT-Traversal (NAT-T)
    • VPN Load Balance
    • VPN Fail Over
    • VPN Pass-through
  7. SSL VPN
    • Up to 50 SSL VPN Tunnels
    • SSL Web Proxy
    • Encryption :
      • AES (128 bits) and 3DES
      • RC4 (128 bits)
      • DES
    • SSL Application :
      • VPN (Virtual Network Computing)
      • RDP (Remote Desktop Protocol)
      • Samba Application
  8. Bandwidth Management
    • QoS (Quality of Service) :
      • Class-based Bandwidth Guarantee by User-Defined Traffic Categories
      • DiffServ Code Point Classifying
      • 4-level Priority for Each Direction (Inbound / Outbound)
      • Bandwidth Borrowed
    • Session Limitation
    • Bandwidth Limitation
  9. USB Applications
    • 3.5G USB Modem (can only act as WAN2)
    • Printer Sharing
  10. Network Feature
    • Supported Software :
      • Smart Monitor : Up to 100 PCs
      • VigorACS SI
    • IP Version: IPv4
    • IGMP Proxy / Snooping
    • DHCP Client / Relay / Server
    • Dynamic DNS
    • NTP (Network Time Protocol) Client
    • Time Scheduling
    • RADIUS Client
    • LDAP Client
    • DNS Cache / Proxy
    • UPnP
    • Wake on LAN
    • Routing Protocol :
      • Static Routing
      • RIP V2
  11. Network Management
    • Web-based User Interface (HTTP / HTTPS)
    • Management Session Timeout
    • Quick Start Wizard
    • CLI (Command Line Interface)
      • Telnet
      • SSH
    • Administration Access Control
    • Configuration Backup / Restore
    • Built-in Diagnostic Function :
      • System Status
      • Online Status
      • Dial-out Trigger
      • Routing Table
      • ARP Cache Table
      • DHCP Table
      • NAT Sessions Table
      • Data Flow Monitor
      • Traffic Graph
      • Ping Diagnosis
      • Trace Route
    • Firmware Upgrade :
      • TFTP
      • FTP
      • Web-based User Interface
      • TR-069
    • Logging via Syslog
    • SNMP Management MIB-II
    • TR-069

Specifications

Technical Specifications of Vigor2955
Hardware Interface LAN 5-port 10/100/1000 base-TX switch
WAN 2-port 10/100 base-TX Ethernet
USB 1-port USB 1.1
WAN Protocol Ethernet PPPoE, PPTP, DHCP client, static IP, L2TP, BPA
Dual WAN Outbound Policy Based Load Balance
  • Allow your local network to access Internet using multiple Internet connections with high-level of Internet connectivity availability
  • Two dedicated Ethernet WAN ports (10/100Mb/s)
  • WAN fail-over or load-balanced connectivity
Bandwidth on Demand service/IP based preference rules or auto-weight
VPN Protocols PPTP, IPSec, L2TP, L2TP over IPSec
Up to 200 sessions simultaneously LAN to LAN, remote access (teleworker-to-LAN), dial-in or dial-out
VPN Trunking VPN load-balancing and VPN backup
SSL VPN Allow users to use a web browser for secure remote user login tunnel mode, application mode, proxy mode and SSTP
LDAP Lightweight directory access protocol. The enterprises use LDAP authentication technology to allow administrator, IT personnel and users to be authenticated when trying to access company's intranet environment.
VPN Throughput 50Mbps
NAT-Traversal (NAT-T) VPN over routes without VPN pass-through
PKI certificate Digital signature (X.509)
IKE Authentication Pre-shared key; IKE phase 1 aggressive/standard modes & phase 2 selectable lifetimes
Authentication Hardware-based MD5, SHA-1
Encryption MPPE and hardware-based AES/DES/3DES
RADIUS Client Authentication for PPTP remote dial-in
DHCP over IPSec Because DrayTek add a virtual NIC on the PC, thus, while connecting to the server via IPSec tunnel, PC will obtain an IP address from the remote side through DHCP protocol, which is quite similar with PPTP
Dead Peer Detection (DPD) When there is traffic between the peers, it is not necessary for one peer to send a keep-alive to check for liveness of the peer because the IPSec traffic serves as implicit proof of the availability of the peer
Smart VPN software Utility Provided free of charge for teleworker convenience ( Windows environment)
Easy of Adoption No additional client or remote site licensing required
Industrial-standard Interoperability Compatible with other leading 3rd party vendor VPN devices
Firewall Stateful Packet Inspection (SPI) Outgoing/Incoming traffic inspection based on connection information
Content Security Management (CSM) Appliance-based gateway security and content filtering
Multi-NAT You have been allocated multiple public IP address by your ISP. You hence can have a one-to-one relationship between a public IP address and an internal/private IP address. This means that you have the protection of NAT(see earlier) but the PC can be addressed directly from the outside world by its aliased public IP address, but still by only opening specific ports to it (for example TCP port 80 for an http/web server)
Port Redirection The packet is forwarded to a specific local PC if the port number matches with the defined port number. You can also translate the external port to another port locally
Open Ports As port redirection (above) but allows you to define a range of ports
DMZ Host This opens up a single PC completely. All incoming packets will be forwarded onto the PC with the local IP address you set. The only exceptions are packets received in response to outgoing requests from other local PC or incoming packets which match rules in the other two methods.
The precedence is as follows :
Port Redirection > Open Ports > DMZ
Policy-based IP Packet Filter The header information of an IP packet (IP or MAC source/destination addresses; source/destination ports; DiffServ attribute; direction dependent, bandwidth dependent, remote-site dependent
DoS/DDoS Prevention Act of preventing customers, users, clients or other computers from accessing data on a computer
IP Address Anti-spoofing Source IP address check on all interface: only IP address classified within the defined IP networks are allowed
Object-based Firewall Utilizes object-oriented approach to firewall policy
Notification E-mail alert and logging via syslog
Bind IP to MAC Address Flexible DHCP with 'IP-MAC binding
USB
3.5G USB Modem (USB 3.5G backup only for WAN1)
Printer Sharing
Content Filter URL Keyword Blocking
Whitelist and Blacklist, Java applet, cookies, active X, compressed, executable, multimedia file blocking
Web Content Filter Dynamic URL filtering database
Time Schedule Control Set rule according to your specific office hours
System Management Web-based User Interface ( HTTP/HTTPS) Integrated web server for the configuration of routers via Internet browsers with HTTP or HTTPS
Draytek's Quick Start Wizard Let administrator adjust time zone and promptly set up the Internet (PPPoE, PPTP, Static IP, DHCP)
User Administration RADIUS user administration for dial-in access (PPP/PPTP)
CLI (Command Line Interface, Telnet/SSH) Remotely administer computers via the telnet
DHCP Client/Relay/Server Provides an easy-to configure function for your local IP network
Dynamic DNS When you connect to your ISP, by broadband you are normally allocated an dynamic IP address. i.e. the public IP address your router is allocated changes each time you connect to the ISP. If you want to run a local server, remoter users cannot predict your current IP address to find you
Administration Access Control The password can be applied to authentication of administrators
Configuration Backup/Restore If the hardware breaks down, you can recover the failed system within an acceptable time. Through TFTP, the effective way is to backup and restore configuration between remote hosts
Port-based VLAN Create separate groups of users via segmenting each of the Ethernet ports. Hence, they can or can't communicate with users in other segments as required
Built-in Diagnostic Function Dial-out trigger, routing table, ARP cache table, DHCP table, NAT sessions table, data flow monitor, traffic graph, ping diagnosis, trace route
NTP Client/Call Scheduling The Vigor has a real time clock which can update itself from your browser manually or more conveniently automatically from an Internet time server (NTP). This enables you to schedule the router to dial-out to the Internet at a preset time, or restrict INternet access to certain hours. A schedule can also be applied to LAN-to-LAN profiles (VPN or direct dial) or some of the content filtering options
Firmware Upgrade via TFTP/HTTP/FTP Using the TFTP server and the firmware upgrade utility software, you may easily upgrade to the latest firmware whenever enhanced features are added
Remote Maintenance With Telnet/SSL, SSH (with password or public key), browser (HTTP/HTTPS). TFTP or SNMP, firmware upgrade via HTTP/HTTPS or TFTP
Wake On LAN A PC on LAN can be woken up from an idle/stand by state by the router it connects when it receives a special 'wake up' packet on its Ethernet interface
Logging via Syslog Syslog is a method of logging router activity
SNMP Management SNMP management via SNMP V2, MIB II
Bandwidth Management Traffic Shaping Dynamic bandwidth management with IP traffic shaping
Bandwidth Reservation Reserve minimum and maximum bandwidths by connection based or total data through send/receive directions
Packet Size Control Specify size of data packet
DiffServ Codepoint Classifying Priority queuing of packets based on DiffServ
4 Priority Levels (Inbound/Outbound) Prioritization in terms of Internet usage
Individual IP Bandwidth/Session Limitation Define session/bandwidth limitation based on IP address
Bandwidth Borrowing Transmission rates control of data services through packet scheduler
User-defined Class-based Rules More flexibility
Routing Functions Router IP and NetBIOS/IP-multi-protocol router
Advanced Routing and Forwarding Complete independent management and configuration of IP networks in the device, i.e. individual settings for DHCP, DNS, firewall, VLAN, routing, QoS etc
DNS DNS cache/proxy
DHCP DHCP client/relay/server
NTP NTP client, automatic adjustment for daylight-saving time
Policy-based Routing Based on firewall rules, certain data types are marked for specific routing, e.g. to particular remote sites or lines
Dynamic Routing It is with routing protocol of RIP v2. Learning and propagating routes; separate settings for WAN and LAN
Static Routing An instruction to re-route particular traffic through to another local gateway, instead of sending it onto the Internet with the rest of the traffic. A static route is just like a 'diversion sign' on a road
Content Security Management Featuring URL keyword filtering - whitelist or blacklist specific sites or keyword in URLs
Block web sites by category (subject to subscription)
Prevent accessing of web sites by using their direct IP address (thus URLs only)
Blocking automatic download of Java applets and Active X controls
Blocking of web site cookies
Block http downloads of file types (binary, compressed, multimedia)
Time schedules & exclusions for enabling/disabling these restrictions
Block P2P (Peer-to-Peer) file sharing programs (e.g. Kazaa, WinMX etc.)
Block Instant messaging programs (e.g. IRC, MSN/Yahoo Messenger)
Support Smart Monitor (Free & Optional Utility ) Network service analyze, User Management, System Management, System Management, Top10 ranking system, Up to 100 PC Users
Warranty 2-year limited warranty, technical support through e-mail and Internet FAQ/Application Notes
Firmware Upgrade Free Firmware upgrade form Internet
Temperature Operating : 0°C ~ 45°C
Storage : -25°C ~ 70°C
Humidity 10% ~ 90% ( non-condensing )
Max. Power 22 Watt
Dimension L273 * W166 * H44.6 ( mm )
Power AC 100~240V, 50/60Hz

Application

The Vigor2955 as a VPN gateway and a central firewall for multi-site offices and tele-workers. With its high data throughput of 90Mbps. Dual WAN, VPN trunking and 5 Gigabit LAN ports, the device facilitates productivity of versatile business operations. To secure communications between sites is the establishment of VPN tunnels up to 200 simultaneous tunnels.


Figure 1. Front Panel

High user-friendliness and efficiency

Its well-structured Web User Interface offers user-friendly configuration. The WUI also provides IP layer QoS (Quality of Service), NAT session/bandwidth management to help users control and allocate the bandwidth on networks.

More extendability

With a dedicated VPN co-processor, the hardware encryption of AES/DES/3DES and hardware key hash of SHA-1/MD5 are seamlessly handled, thus maintaining maximum router performance. For remote tele-workers and inter-office links, the Vigor2955 supports up to 200 simultaneous VPN tunnels (such as IPSec/PPTP/L2TP protocols) and 50 sessions of SSL VPN by using LDAP/RADIUS authentication.


Figure 2. VPN Trunking : VPN Load Balancing & Fail-Over
Figure 3. SSL VPN with LDAP/RADIUS authentication Application

Without the necessity of installing VPN client on individual PC, the Secure Socket Layer (SSL) virtual private network (VPN) facility lets remote workers connect to the office network at any time. SSL is supported by standard web browsers such as FireFox and IE. For users of small offices and tele-workers who need to access enterprises' internal applications, file server and file sharing, Vigor2955 security router series allow up to 50 concurrent SSL sessions.


Figure 4. Extendability Application

Maximum degree of operational reliability

It allows users to access Internet and combine the bandwidth of the dual WAN to speed up the transmission through the network. Each WAN port can connect to different ISPs, even if the ISPs use different technology to provide telecommunication service (such as DSL, cable modem, etc.). If any connection problem occurred on one of the ISP connections, all the traffic can be guided and switched to the normal communication port for proper operation.


Figure 5. Dual WAN Application

Security without compromise

The Vigor2955 also provides high-security firewall options with both IP-layer and content based protection. The DoS/DDoS prevention and URL/Web content filter strengthen the security outside and inside the network. The enterprise-level CSM (Content Security Management) enables users to control and manage IM (Instant Messenger) and P2P (Peer to Peer) applications more efficiently. The CSM hence prevents inappropriate content from distracting employees and impeding productivity. Furthermore, the CSM can keep office networks threat-free and available. With CSM, you can protect confidential and essential data from modification or theft.


Figure 6. Security without compromise


Dual Wan SSL VPN Router

Vigor2930 Series

 

Click here Get a Quote from Us.