VigorPro 5300Vn

Multi-threat security architecture Anti-Virus, Anti-Intrusion & Anti-Spam Intrusion Prevention & Detection (Inline, Realtime) DrayTek patented MSSI (Multi-Stack Stateful Inspection) provides deep packet inspection Dual-WAN with Load Balance and Fail-Over 4-Port 10/100BaseT Ethernet switch for LAN connection VoIP and PBX functions Built-in 802.11n 300Mbps Wireless AP with Multiple SSID and Wireless Isolation Object-based SPI Firewall with DoS defense Content Security Management (CSM) for latest IM/P2P software and more 100 x VPN LAN-to-LAN tunnels with 3DES hardware accelerator Support VPN Load Balance and Fail-Over 30 x SSL VPN concurrent tunnels and SSL application QoS for prioritizing video, voice, online game and data traffic Support TR-069 for VigorACS SI 2 year warranty Vigor5300 Vigor5300n Vigor5300Vn Ethernet WAN (main WAN) Ethernet WAN (2nd WAN) 802.11n WLAN VoIP (2xFXS, 1xPSTN)

Overview

The VigorPro 5300Vn is a Dual WAN broadband router with Load Balance and Fail-Over. There are advanced features supporting secure network management (Firewall, CSM, Anti-Virus, Anti-Intrusion & Anti-Spam), bandwidth management (QoS, Session Limitation & Bandwidth Control), remote data access (VPN & SSL VPN), wireless data communication (IEEE 802.11n standard WLAN), low cost telephone traffic (VoIP), etc., making this router ideal broadband access devices for SOHO and business users.

The VigorPro 5300Vn is designed with object-based SPI (Stateful Packet Inspection) firewall to detect malicious packets, such as Denial of Service (DoS) attacks, and prevent these from jeopardizing the internal home or office network thus ensuring upmost network security and reliability.

Unlike DrayTek normal firewalls, the VigorPro 5300Vn deploys the unique MSSI™ (Multi-stack Stateful Inspection) mechanism. With MSSI™, VigorPro 5300Vn inspects packet streams, compares any suspected content or behavior with build-in database in real-time, and provide inline Anti-Virus, Anti-Spam, Anti-Trojan and Anti-Intrusion protection.

The Content Security Management (CSM) feature allows control of access to websites based on their content; for instance, websites with obscene or objectionable content can be blocked by the parents to ensure safe browsing by young children in the family. Furthermore, peer-to-peer applications that tend to consume big bandwidth and sessions can be managed easily by ticking the CSM options.

The VigorPro 5300Vn supports 100 x LAN-to-LAN VPN tunnels secure remote data access, such as inter office, or home-office communication with strong VPN functionality with all major VPN protocols: PPTP, IPSEC, L2TP and L2TP over IPSEC, including advanced DES, 3DES encryption engine and IKE automated key management, etc.

The dual WAN feature allows to create dual VPN tunnel for VPN load balance and fail-over.

Without the necessity of installing VPN client, Remote Desktop application, or File Explore on individual PC, the Secure Socket Layer (SSL) virtual private network (VPN) facility lets remote workers connect to the office network at any one time. SSL is supported by standard web browsers such as Firefox and Internet Explore. For users of small offices and teleworkers who need to access head office internal applications, file server and file sharing, VigorPro 5300Vn allows up to 30 concurrent SSL sessions.

The Wireless LAN feature supports the extended benefits of the 802.11n including reliable data transmission, secure access methods including WEP/WPA/WPA2/MAC Access Control/SSID, and easy setup for home/office. Furthermore, features such as WLAN Isolation, Wireless Rate Control, WDS, etc. allow easy but powerful control over the WLAN management.

The VoIP functions enabling the users to save telephone costs. Additional PBX functions allow the users to handle calls in the same ways as with traditional PABX, including call transfer, call forward, call holding/retrieving, etc. Digit Map function further allows flexible add/subtract/replace of numbers to simplify numbering in homes or offices.

Features

1. Anti-Virus
   • Scan SMTP, POP3, HTTP, IMAP, FTP
   • Scan ZIP / GZIP / BZIP2
   • Scan Encrypted VPN Tunnels
   • Automatic Virus Signature Update
   • Automatic Alert when Signature Update Service Expired
   • Real-time E-mail / Syslog Alert when Virus is Detected
   • Block Fragmented Mail
   • Block Multiples Sessions Download
2. Anti-Intrusion
   • Rule-based Detection List
   • Pass / Disallow / Reset when Intrusion is Detected
   • Automatic Intrusion Signature Update
   • Automatic Alert When Signature Update Service Expired
   • Real-time E-mail / Syslog Alert when Under Attack
3. Anti-Spam
   • Real-time Scan SMTP, POP3
   • Multi Language Detection
   • Multi Type (Graphic, Document, HTML) Detection
   • Single / Double Byte Coding Detection
   • Black / White List
   • Automatic Alert When License Expired
   • Real-time Syslog Alert when Spam is Detected
4. Dual-WAN
   • Outbound Policy-based Load-balance
   • BoD (Bandwidth On Demand)
   • WAN Connection Fail-over
5. Ethernet WAN Protocol
   • DHCP Client
   • Static IP
   • PPPoE
   • PPTP
   • L2TP
6. Internet Features
   • WAN IP Alias for each WAN : 32
7. VoIP (Voice over IP)
   • Protocol :
     • SIPv2 (RFC-3261)
     • RTP
     • RTCP
   • SIP Registrars : 12
   • FXS Port : 2
   • G.168 Line Echo-cancellation
   • Automatic Gain Control
   • Jitter Buffer (180ms)
   • Voice Codec :
     • G.711MU (64kbps)
     • G.711A (64kbps)
     • G.729A / B (8kbps)
     • G.723 (6.4kkbps)
     • G.726_32 (32kbps)
   • Voice Activation Detection (VAD)
   • Comfort Noise Generation (CNG)
   • Tone Generation :
     • DTMF
     • Dial
     • Busy
     • Ring Back
     • Call Progress
   • DTMF Tone :
     • In Band
     • Out Band (RFC-2833)
     • SIP Info (Cisco Format)
     • SIP Info (Nortel Format)
   • FAX/Modem Support :
     • Tone Detection
     • G.711 Pass-through
     • T.38 for FAX
   • PBX Services :
     • Internal Call
     • Call Hold / Retrieve / Waiting
     • Caller ID
     • Call Transfer
     • Call Forwarding (Always / Busy / No Answer)
     • Call Barring (Incoming / Outgoing)
     • DND (Do Not Disturb)
     • MWI (Message Waiting Indicator) (RFC-3842)
     • Hotline
     • Phone Book
     • Digit Map
8. Wireless Access Point
   • IEEE802.11n Compliant
   • SSID (Service Set identifier) : 4
   • Hidden SSID
   • Wireless LAN Isolation
   • Wireless SSID Isolation
   • Wireless Rate Control
   • Security :
     • 64 / 128 bit WEP (Wired Equivalent Privacy)
     • WPA (Wi-Fi Protected Access)
     • WPA2
   • MAC Address Access Control :
     • Black List
     • White List
   • WPS (Wi-Fi Protected Setup)
   • WDS (Wireless Distribution System)
   • WMM (Wi-Fi Multimedia)
   • Access Point Discovery
   • Wireless Station List
9. Firewall
   • Object-based & Policy-based Firewall
   • SPI ( Stateful Packet Inspection ) with new FlowTrack Mechanism
   • Multi-NAT
   • Port Redirection
   • Open Port
   • Address Mapping
   • DMZ Host
   • True IP DMZ Host
   • DoS / DDoS Protection
   • IP Address Anti-Spoofing
   • E-mail Alert
   • VLAN (Virtual LAN)
   • Bind IP to MAC Address
10. CSM (Content Security Management)
    • IM (Instant Messenger) Filter (e.g. MSN / Yahoo Messenger etc.)
    • Web IM Application Filter (e.g. eMessenger / WebMSN / WebYahooIM etc.)
    • VoIP Application Filter (e.g. Skype / Gizmo etc.)
    • P2P (Peer-to-Peer) Filter (e.g. BitTorrent / eMule / KazzaA etc.)
    • Protocol Filter (e.g. FTP / HTTP / POP3 etc.)
    • Web Application Filter :
      • Tunneling Filter (e.g. Socks4 / Socks5 / RealTunnel / UltraVPN etc.)
      • Streaming Filter (e.g. FlashVideo / SilverLight / PPStream / PPLive etc.)
      • Remote Control Filter (e.g. VNC / TeamViewer / WindowLiveSync etc.)
      • Web HD Filter (HTTP Upload / MS SkyDrive / OfficeLive / GDoc Uploader etc.)
    • Streaming Filter (e.g. FlashVideo / SilverLight / PPStream / PPLive etc.)
    • URL Content Filter (Whitelist or Blacklist specific sites or keywords in URLs)
    • Web Content Filter (Whitelist or Blacklist specific sites or keywords in web page)
    • File Extension Filter (e.g. Image / Video / Audio / Compression files etc.)
    • GlobalView Web Content Filter ( Powered by  ) 
      (e.g. Child Protection / Gambling / Porn & Sexually / Travel / Game / Sports etc.)
11. VPN and Remote Access
    • Up to 100 Concurrent VPN Tunnels (incoming or outgoing)
    • Protocol :
      • PPTP
      • IPSec
      • L2TP
      • L2TP over IPSec
    • Encryption :
      • MPPE
      • Hardware-based AES
      • Hardware-based DES
      • Hardware-based 3DES
    • Authentication
      • Hardware-based MD5
      • Hardware-based SHA-1
    • IKE Authentication :
      • Pre-shared Key
      • Digital Signature (X.509)
    • LAN-to-LAN
    • Teleworker-to-LAN
    • DHCP over IPSec
    • Dead Peer Detection (DPD)
    • NAT-Traversal (NAT-T)
    • VPN Load Balance
    • VPN Fail Over
    • VPN Pass-through
12. SSL VPN
    • Up to 30 SSL VPN Tunnels
    • SSL Web Proxy
    • Encryption :
      • AES (128 bits) and 3DES
      • RC4 (128 bits)
      • DES
13. Bandwidth Management
    • QoS (Quality of Service) :
      • Guarantee Bandwidth for VoIP
      • Class-based Bandwidth Guarantee by User-Defined Traffic Categories
      • DiffServ Code Point Classifying
      • 4-level Priority for Each Direction (Inbound / Outbound)
      • Bandwidth Borrowed
    • Session Limitation
    • Bandwidth Limitation
14. Network Feature
    • Supported Software :
      • VigorACS SI
    • IP Version: IPv4
    • IGMP Proxy / Snooping
    • DHCP Client / Relay / Server
    • Dynamic DNS
    • NTP (Network Time Protocol) Client
    • Time Scheduling
    • RADIUS Client
    • DNS Cache / Proxy
    • UPnP
    • Wake on LAN
    • Routing Protocol :
      • Static Routing
      • RIP V2
15. Network Management
    • Web-based User Interface (HTTP / HTTPS)
    • Management Session Timeout
    • Quick Start Wizard
    • CLI (Command Line Interface)
      • Telnet
    • Administration Access Control
    • Configuration Backup / Restore
    • Built-in Diagnostic Function :
      • System Status
      • Online Status
      • Dial-out Trigger
      • Routing Table
      • ARP Cache Table
      • DHCP Table
      • NAT Sessions Table
      • Traffic Graph
      • Ping Diagnosis
      • Trace Route
      • AI/AV Top 10
      • Web Firewall Syslog
    • Firmware Upgrade :
      • TFTP
      • FTP
      • Web-based User Interface
      • TR-069
    • Logging via Syslog
    • SNMP Management MIB-II
    • TR-069

Specifications

Application

DrayTek provides customer free access to the latest virus / hacker signature for and information update for a period of time. Considering customer's needs to minimize supporting effort, DrayTek support team also provides service for VigorPro 5300 series to get the latest signature updated from DrayTek's server automatically. The all-in-one design makes network management simple and easy.

Figure 1. Front Panel

SSL VPN Application

Without the necessity of installing VPN client on individual PC, the Secure Socket Layer (SSL) virtual private network (VPN) facility lets remote workers connect to the office network at any one time. SSL is supported by standard web browsers such as FireFox and IE. For users of small offices and teleworkers who need to access enterprises's internal applications, file server and file sharing, VigorPro5300 UTM series allow up to 30 concurrent SSL sessions.

All-in-one Unified Security Firewall

VigorPro 5300 Series is an all-in-one Anti-Viurs, Anti-Intrusion and Anti-Spam security application for SOHO and branch office. VigorPro 5300 series provides real-time network protection against viruses, worms and malicious programs via e-mail, FTP and web browser. The rule-based website contact filtering blocks improper connection to internet in flexible way, With DrayTek's DrayOS™ as kernel, VigorPro 5300 series provides robust and stable VPN, firewall and routing functionality as well.

Hardware-accelerated, Real-time Response

The VigorPro 5300 employs a unique, hardware-accelerated architecture the provides the ability to perform real-time security without slowing critical network applications, such as Web traffic. Software-based anti-virus systems, which are designed for scanning non-real-time email messages, are too slow to be used to scan Web traffic or other real-time network applications.

Network-level Protection

Conventional way to protection against virus or malicious program, it required each host to install software on the host. To install software on a large number of hosts is a time consuming process. To evaluate for vulnerabilities, both scan engine and virus database needs constant upgrade. It is very costly and annoying for IT personnel with high maintenance. While VigorPro 5300 works as firewall as well as internet gateway, so by nature VigorPro 5300 blocks any attacks at the point of network entry. Through the user interface, the security administrator can monitor and instruct the VigorPro 5300 to look for any vulnerability in network-level. Provide protection of all hosts inside network edge before threats intrude.

Content-based Inline Inspection

Conventional firewalls only inspect packets connection behavior to against any connection-based attack. While the content-based threats today. such as virus, worms, Trojans or banned content, which spread faster and do more damage. Conventional firewalls bypass the widely spread content-based threat and expose internal network to outside world. VigorPro 5300 deploys DrayTek's unique MSSI™ (Multi-stack Stateful Inspection) mechanism. With MSSI™ , VigorPro 5300 inspects packet streams, compares any suspected content or behavior with build-in database in real-time, and provide inline anti-virus and anti-intrusion protection.

Accessories