Vigor 2920 Series Router Firewall
The Vigor 2920 series is a dual-WAN port Firewall Router with excellent performance to run both WAN interfacess simultaneously. It also now supports IPv6 - the next generation Internet system (click IPv6 tab below for moe information).
Robust & Comprehensive Firewall
Security is a major feature Vigor 2920 Series. The firewall features measures for protection against attacks including DoS (Denial of Service) attacks, IP-based attacks and access by unauthorised remote systems. Wireless, Ethernet and VPN are also protected by various protection systems (see later). The DrayTek object-based firewall allows vast flexibility, enabling you to create combinations of users, rules and restrictions to suit multi-departmental organisations.
Content control features of the firewall allow you to set restrictions on web site access, blocking download of certain file types, blocking specific web sites, blocking IM/P2P applications or other potentially harmful or wasteful content. Filtering using web site categorisations enable you to block whole categories of web sites (e.g. gambling, adult sites etc.), subject to subscription.
Dual-WAN Load Balancing & Backup
Either (or both) Ethernet WAN ports on the Vigor 2920 can be connected to an ADSL modem, cable modem or any other Ethernet-based Internet feed. When you are using both ports, the secondary interface can be used either for WAN-Backup or load balancing.
WAN-Backup provides contingenry (redundancy) in cases of your primary feed or ISP suffering temporary outage. Internet Traffic will be temporarily routed via the secondary Internet access. When normal services is restored to your primary ADSL line, all traffic is switch back to that.
In load-balancing mode, the Vigor 2920 will make use of both of your WAN feeds together, spreading your Internet traffic across both either as equally as possible or according to user-configurable rules. For example, you might want all of your VoIP traffic to be routed only through one ISP connection.
The Vigor 2920's USB port provides an alternative connection method for Internet backup by connecting to a compatible USB modem (or cellphone) for access to the high speed 3G cellular networks from UK providers such as Vodafone, O2, Orange, 3 and T-Mobile. The 3G access method can be used as your primary/only Internet connection, ideal for temporary locations, mobile applications or where broadband access is not available.
Note : For WAN failover you can use only one method at a time, e.g. Ethernet, 3G.
Technical Specification
-
Physical Interfaces:
-
LAN Ports (Switch):
-
WAN Ports:
-
Primary WAN Port : 10/100 Base-TX Ethernet
-
Secondary WAN Port : 10/100/1000 Base-TX Gigabit Ethernet
-
USB Port for 3G Cellular Modem, NAS* or Printer
-
Load Balance/Failover Features:
-
Wireless LAN Features ('n' Models Only):
-
802.11n Compliant
-
Latest 'MIMO' Technology with three aerials (2T3R)
-
Multiple SSID : Create up to 4 virtual wireless LANs (independent or joined)
-
Packet Aggregation and Channel Bonding
-
Optional Higher Gain or directional aerials available
-
Compatible with 802.11b and 802.11g Standards
-
Active Client list in Web Interface
-
Wireless LAN Isolation (from VLAN groups and wired Ethernet interfaces)
-
64/128-bit WEP Encryption
-
WPA/WPA2 Encryption
-
Switchable Hidden SSID
-
Restricted access list for clients (by MAC address)
-
Time Scheduling (WLAN can be disabled at certain times of day)
-
Access Point Discovery
-
WDS (Wireless Distribution system) for WLAN Bridging and Repeating (Firmware Upgradable)
-
802.1x Radius Authentication
-
Wireless Rate-Control
-
Automatic Power Management
-
802.11e WMM (Wi-Fi Multimedia)
-
WAN Protocols (Ethernet):
-
DHCP Client
-
Static IP
-
PPPoE
-
PPTP
-
L2TP *
-
Firewall & Security Features:
-
CSM (Content Security Management):
-
URL Keyword Filtering - Whitelist or Blacklist specific sites or keywords in URLs
-
Block Web sites by category (e.g. Adult, Gambling etc. Subject to Globalview subscription)
-
Prevent accessing of web sites by using their direct IP address (thus URLs only)
-
Blocking automatic download of Java applets and ActiveX controls
-
Blocking of web site cookies
-
Block http downloads of file types :
-
Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
-
Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
-
Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
-
Time Schedules for enabling/disabling the restrictions
-
Block P2P (Peer-to-Peer) file sharing programs (e.g. Kazza, WinMX etc. )
-
Block Instant Messaging programs (e.g. IRC, MSN/Yahoo Messenger etc.)
-
Multi-NAT, DMZ Host
-
Port Redirection and Open Port Configuration
-
Policy-Based Firewall
-
MAC Address Filter
-
SPI ( Stateful Packet Inspection ) with new FlowTrack Mechanism
-
DoS / DDoS Protection
-
IP Address Anti-spoofing
-
E-Mail Alert and Logging via Syslog
-
Bind IP to MAC Address
-
Bandwidth Management:
-
QoS
-
QoS Retag
-
Guaranteed Bandwidth for VoIP
-
Smart Bandwidth Limit
-
Class-based Bandwidth Guarantee by User-Defined Traffic Categories
-
Layer 2&3 (802.1p & TOS/DCSP)
-
DiffServ Code Point Classifying
-
4-level Priority for each Direction (Inbound / Outbound)
-
Bandwidth Borrowed
-
Temporary (5 minute) Quick Blocking of any LAN Client
-
Bandwidth / Session Limitation
-
Network/Router Management:
-
Web-Based User Interface (HTTP / HTTPS)
-
CLI ( Command Line Interface ) / Telnet / SSH*
-
Administration Access Control
-
Configuration Backup / Restore
-
Built-in Diagnostic Function
-
Firmware Upgrade via TFTP / FTP
-
Logging via Syslog
-
SNMP v2 & v3 management with MIB-II
-
TR-069
-
TR-104
-
VPN Facilities:
-
Up to 32 Concurrent VPN Tunnels (incoming or outgoing)
-
Tunnelling Protocols: PPTP, IPSec, L2TP, L2TP over IPSec
-
IPSec Main and Agressive modes
-
Encryption : MPPE and Hardware-Based AES / DES / 3DES
-
Authentication : Hardware-Based MD5 and SHA-1
-
IKE Authentication : Pre-shared Key and X.509 Digital Signature
-
LAN-to-LAN & Teleworker-to-LAN connectivity
-
DHCP over IPSec
-
NAT-Traversal ( NAT-T )
-
Dead Peer Detection (DPD)
-
VPN Pass-Through
-
Network Features:
-
DHCP Client / Relay / Server
-
DHCP Option 66 support
-
Dynamic DNS
-
NTP Client (Syncrhonise Router Time)
-
Call Scheduling (Enable/Trigger Internet Access by Time)
-
RADIUS Client
-
DNS Cache / Proxy
-
Microsoft™ UPnP Support
Routing Protocols:
-
Operating Requirements:
-
Rack Mountable (Optional mounting bracket 'RM1' required)
-
Wall Mountable
-
Temperature Operating : 0°C ~ 45°C
-
Storage : -25°C ~ 70°C
-
Humidity 10% ~ 90% (non-condensing)
-
Power Consumption: 18 Watt Max.
-
Dimensions: L240.96 * W165.07 * H43.96 ( mm )
-
Operating Power: DC 15V (via external PSU, supplied)
-
Warranty : Two (2) Years RTB
-
Power Requirements : 220-240VAC
* Intended to be added in future firmware version