Draytek
Vigor 2920 Router Firewall
DrayTek Vigor2920 Series Router Firewall
The DrayTek Vigor 2920 series is a dual-WAN port Firewall Router with very high throughput of up to 150Mb/s. The Vigor2920 is firewall broadband routers for connecting to xDSL/cable/VDSL2/Ethernet FTTx. The Gigabit WAN and 4-port Gigabit LAN switch facilitates unified communication applications in business CO/remote site to handle large data from subscribed higher speed broadband.
The Vigor2920 has a well-structured Web User Interface (WUI) which offers user-friendly configuration and allows specific setting to satisfy users' various needs. The WUI also provides IP layer QoS (Quality of Service), NAT session/bandwidth management to help users control and allocate the bandwidth on networks. The WUI of Vigor2920 series give you a nice and smooth way to operate all enrich features you need.
Gigabit 2nd WAN complied with FTTx trend (up to 150 Mbps)
escalating business essential data exchange 4-port Gigabit LAN switch facilitating the execution of unified communication applications in business CO/remote site 32 VPN tunnels with up to 40Mbps IPSec VPN throughput Object-based firewall preventing external attacks/easing policy settings Dual-WAN with load balance and redundancy Support 3.5G USB modem for initiating business anytime and failover backup CSM (Content Security Management) for web content access control Bandwidth management for optimizing corporate bandwidth allocation TR-069 and 2-level management are for Telcos/ISPs |
Security is a major feature DrayTek Vigor 2920 Series. The firewall features measures for protection against attacks including DoS (Denial of Service) attacks, IP-based attacks and access by unauthorised remote systems. Wireless, Ethernet and VPN are also protected by various protection systems (see later). The DrayTek object-based firewall allows vast flexibility, enabling you to create combinations of users, rules and restrictions to suit multi-departmental organisations.
Content control features of the firewall allow you to set restrictions on web site access, blocking download of certain file types, blocking specific web sites, blocking IM/P2P applications or other potentially harmful or wasteful content. Filtering using web site categorisations enable you to block whole categories of web sites (e.g. gambling, adult sites etc.), subject to subscription.
Either (or both) Ethernet WAN ports on the DrayTek Vigor 2920 can be connected to an ADSL modem, cable modem or any other Ethernet-based Internet feed. When you are using both ports, the secondary interface can be used either for WAN-Backup or load balancing.
WAN-Backup provides contingenry (redunancy) in cases of your primary feed or ISP suffering temporary outage. Internet Traffic will be temporarily routed via the secondary Internet access. When normal services is restored to your primary ADSL line, all traffic is switch back to that.
In load-balancing mode, the DrayTek Vigor 2920 will make use of both of your WAN feeds together, spreading your Internet traffic across both either as equally as possible or according to user-configurable rules. For example, you might want all of your VoIP traffic to be routed only through one ISP connection.
The DrayTek Vigor 2920's USB port provides an alternative connection method for Internet backup by connecting to a compatible USB modem (or cellphone) for access to the high speed 3G cellular networks from UK providers such as Vodafone, O2, Orange, 3 and T-Mobile. The 3G access method can be used as your primary/only Internet connection, ideal for temporary locations, mobile applications or where broadband access is not available.
Note : For WAN failover you can use only one method at a time, e.g. Ethernet, 3G.
The DrayTek Vigor 2920 Series features 802.11n wireless LAN specification and has been certified by the WiFi alliance for cross compatibility and WiFi compliance (including WPA/WPA2 and WMM).
802.11n provides a total wireless bandwidth of up to 300Mb/s using new methods such as packet aggregation and channel bonding. Throughput depends on your own environment (factors such as obstructions, number of hosts and distance all make a significant difference), but actual transfer speeds of 100Mb/s are achievable (based on our real world tests). In addition, 802.11n Draft 2.0 provides greater coverage and resilience to interference compared to previous wireless standards thanks to the MIMO technology and the DrayTek Vigor's triple-antennae diversity arrangement. This offset arrangement of aerials provides offset paths between hosts so that interference can be overcome.
Wireless Security is comprehensive too; the DrayTek Vigor 2920 Series provides several independent levels of security including encryption (up to WPA2), authentication (802.11x) and methods such as MAC address locking and DHCP fixing to restrict access to authorised users only. The Web interface lets you see how many and which clients are currently connected as well as their current bandwidth usage. An 'instant' block lets you disconnect a wireless user temporarily in case of query. The Wireless VLAN facility allows you to isolate wireless clients from each other or from the 'wired' LAN.
The Multiple SSID features enables you to have up to four distinct or common virtual wireless access points. For example, you could have one for company usage, with access to your company LAN and another for public access which allows internet surfing only. Setting up wireless security is made easier thanks to the WPS feature (WiFi protected setup) whereby your client PC can get it's security keys by pressing a button on the front of the router.
If your laptop PC's built-in wireless doesn't support 802.11n wireless, you can use the optional DrayTek Vigor N61 USB adaptor. Click on 'accessories' for details.
For specialist or more demanding coverage applications, optional aerials can be used with the Vigor 2920 to potentially increase the range of wireless coverage (depending on enviroment) or provide directional coverage in order that your wireless transmission is focussed and concentrated into one direction only, for example into a room or across open space. With the increasing popularity of wireless LANs, you will want to choose the least congested wireless channel (Nos. 1-13) for yours. The Vigor can scan and provide a list of all devices in the vicinity so that you can choose the best channel (see screenshot below).
Physical Interfaces:
LAN Ports (Switch):
4 X Gigabit Ethernet (1000Mb/s) Ports
Port-Based VLAN (Inclusive/Exclusive Groups)
WAN Ports:
Primary WAN Port : 10/100 Base-TX Ethernet
Secondary WAN Port : 10/100/1000 Base-TX Gigabit Ethernet
USB Port for 3G Cellular Modem, NAS* or Printer
Load Balance/Failover Features:
Outbound Policy-Based Load-Balance
WAN Connection Fail-over
BoD (Bandwidth on Demand)
Wireless LAN Features ('n' Models Only):
802.11n Compliant
Latest 'MIMO' Technology with three aerials (2T3R)
Multiple SSID : Create up to 4 virtual wireless LANs (independent or joined)
Packet Aggregation and Channel Bonding
Optional Higher Gain or directional aerials available
Compatible with 802.11b and 802.11g Standards
Active Client list in Web Interface
Wireless LAN Isolation (from VLAN groups and wired Ethernet interfaces)
64/128-bit WEP Encryption
WPA/WPA2 Encryption
Switchable Hidden SSID
Restricted access list for clients (by MAC address)
Time Scheduling (WLAN can be disabled at certain times of day)
Access Point Discovery
WDS (Wireless Distribution system) for WLAN Bridging and Repeating (Firmware Upgradable)
802.1x Radius Authentication
Wireless Rate-Control
Automatic Power Management
802.11e WMM (Wi-Fi Multimedia)
WAN Protocols (Ethernet):
DHCP Client
Static IP
PPPoE
PPTP
L2TP *
Firewall & Security Features:
CSM (Content Security Management):
URL Keyword Filtering - Whitelist or Blacklist specific sites or keywords in URLs
Block Web sites by category (e.g. Adult, Gambling etc. Subject to Globalview subscription)
Prevent accessing of web sites by using their direct IP address (thus URLs only)
Blocking automatic download of Java applets and ActiveX controls
Blocking of web site cookies
Block http downloads of file types :
Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
Time Schedules for enabling/disabling the restrictions
Block P2P (Peer-to-Peer) file sharing programs (e.g. Kazza, WinMX etc. )
Block Instant Messaging programs (e.g. IRC, MSN/Yahoo Messenger etc.)
Multi-NAT, DMZ Host
Port Redirection and Open Port Configuration
Policy-Based Firewall
MAC Address Filter
SPI ( Stateful Packet Inspection ) with new FlowTrack Mechanism
DoS / DDoS Protection
IP Address Anti-spoofing
E-Mail Alert and Logging via Syslog
Bind IP to MAC Address
Bandwidth Management:
QoS
Guaranteed Bandwidth for VoIP
Class-based Bandwidth Guarantee by User-Defined Traffic Categories
DiffServ Code Point Classifying
4-level Priority for each Direction (Inbound / Outbound)
Bandwidth Borrowed
Temporary (5 minute) Quick Blocking of any LAN Client
Bandwidth / Session Limitation
Network/Router Management:
Web-Based User Interface (HTTP / HTTPS)
CLI ( Command Line Interface ) / Telnet / SSH*
Administration Access Control
Configuration Backup / Restore
Built-in Diagnostic Function
Firmware Upgrade via TFTP / FTP
Logging via Syslog
SNMP Management with MIB-II
TR-069
TR-104
VPN Facilities:
Up to 32 Concurrent VPN Tunnels (incoming or outgoing)
Tunnelling Protocols: PPTP, IPSec, L2TP, L2TP over IPSec
IPSec Main and Agressive modes
Encryption : MPPE and Hardware-Based AES / DES / 3DES
Authentication : Hardware-Based MD5 and SHA-1
IKE Authentication : Pre-shared Key and X.509 Digital Signature
LAN-to-LAN & Teleworker-to-LAN connectivity
DHCP over IPSec
NAT-Traversal ( NAT-T )
Dead Peer Detection (DPD)
VPN Pass-Through
Network Features:
DHCP Client / Relay / Server
Dynamic DNS
NTP Client (Syncrhonise Router Time)
Call Scheduling (Enable/Trigger Internet Access by Time)
RADIUS Client
DNS Cache / Proxy
Microsoft? UPnP Support
Routing Protocols:
Static Routing
RIP V2
Operating Requirements:
Rack Mountable (Optional mounting bracket 'RM1' required)
Wall Mountable
Temperature Operating : 0?C ~ 45?C
Storage : -25?C ~ 70?C
Humidity 10% ~ 90% (non-condensing)
Power Consumption: 18 Watt Max.
Dimensions: L240.96 * W165.07 * H43.96 ( mm )
Operating Power: DC 15V (via external PSU, supplied)
Warranty : Two (2) Years RTB
Power Requirements : 220-240VAC
* Intended to be added in future firmware version
DrayTek Vigor 2920 Series Router Firewall