Call us: +61 2 9838 8899
FAX: +61 2 9838 8818

  • Dual-WAN with 2 x Gigabit Ethernet WAN ports (WAN 1 selectable for SFP port)
  • Single WAN or Multi-WAN Load Balance and Failover
  • 2 x USB ports (1 x USB 2.0, 1 x USB 3.0)
  • Only USB port 2 (USB2) can be used for 3G/4G LTE mobile. USB port 1 (USB1) can be used for external storage, printer or thermometer
  • 4 x Gigabit LAN ports with 60,000 NAT sessions
  • 8 Private LANs + DMZ LAN + IP routed LAN
  • IPv6 compliant
  • Object-based SPI Firewall with Content Security Management (CSM)
  • QoS functions
  • 100 x VPN tunnels including 50 x SSL-VPN tunnels with Central VPN  Management, VPN Load Balance and Redundancy
  • Central VPN Management
  • Central AP Management*
  • Central Switch Management**
  • High Availability Mode
  • Smart Monitor Traffic Analyzer (up to 100-nodes)
  • Supports VigorACS 2 Central Management System for remote management
  • 2 years back to base warranty
* Central AP Management supports VigorAP 800, VigorAP 810, VigorAP 900, VigorAP 910C & VigorAP 902
** Central Switch Management supports VigorSwitch G1241, VigorSwitch G2260, VigorSwitch P2261
  • Overview
  • Vigor2952 Dual-WAN security firewall router is an enterprise level router designed for medium sized businesses that need strong business network features, including support of up to 100 VPN tunnels.

    The Vigor2952 router is fitted with 2 x Gigabit Ethernet WAN interfaces, with WAN 1 selectable as a SFP port for optic fibre module installation. The USB port 2 (USB2) for 3G/4G mobile dongles. You can connect to the Internet through any of these interfaces, or with a combination of interfaces for Load Balance and/or Failover functions.

    For mission critical applications the Vigor2952 router can be used in High Availability mode, and be used in parallel with another router to provide uninterrupted network connectivity should one of the routers fails.

    Vigor2952 supports business grade network features including an object-oriented SPI (Stateful Packet Inspection) firewall, IPv6, 100 VPN tunnels, 50 SSL VPN tunnels, tag-based VLAN, multiple subnets, etc.

    The centralised network management features, including Central VPN Management, Central Switch Management and Central AP Management, help the network administrators to simplify network configuration tasks through a convenient console.

    The Vigor2952 series router can be rack mounted, using the supplied mounting brackets, into a standard 19” rack or cabinet.

  • Features
  • 1. WAN Connectivity

    The Vigor2952 router supports 2 types of WAN Interfaces: 2 x Gigabit Ethernet WAN interfaces and the USB port 2 (USB2) for 3G/4G mobile dongles. You can set WAN 1 to be a Gigabit Ethernet port, or a SFP port to accommodate an optic fibre module for fibre installations.

    With between 2 to 4 WAN interfaces connected, you can configure for Load Balancing or Failover. For example, you can use WAN 1 as your primary Internet connection and have a failover connection over a 4G LTE connection.

    2. LAN and VLAN

    The Vigor2952 has 4 x Gigabit LAN ports and supports up to 60,000 NAT sessions.

    The Vigor2952 supports both port-based and 802.1q tagged VLANs. Port based VLANs allow the assignment of a VLAN and IP subnet to each router LAN port. On the other hand, 802.1q tagged VLANs can extend up to 8 VLANs and 8 IP subnets to an attached switch port.

    3. Quality of Service (QoS)

    QoS functions allow the network administrators to set priorities for certain types of traffic to guarantee the required level of performance for data flow. For example real-time traffic such as VoIP or Video Conferencing can be prioritised as these have less tolerance over delays caused by network congestion.

    A traffic type can be assigned to each of the three QoS classes and have bandwidth pre-allocated and reserved.

    4. Firewall

    The Vigor2952 has powerful firewall features including: object-oriented SPI (Stateful Packet Inspection) firewall, DoS (Denial of Services), CSM (Content Security Management), and WCF (Web Content Filter).

    SPI Firewall monitors incoming and outgoing packets at Layer 3 (OSI model) and passes or blocks the data packets based on the configuration.

    The DoS feature protects the network for malicious access requests from DoS attacks.

    CSM enables network administrators to control and manage IM (Instant Messenger) and P2P (Peer-to-Peer) applications. For instance, you can stop network users from accessing inappropriate contents, or ensure that network traffic is not affected by undesirable or unauthorized P2P downloads.

    WCF classifies all websites on the Internet into 64 categories, and allows network administrators to select categories to protect the users from undesirable website content. DrayTek uses the CYREN WCF database for its Vigor routers, and each router includes a free 30 day trial license.

    The object-based firewall provides flexibility by using Objects in the firewall settings. Objects can be created and placed in groups by IP, service type, keyword, file extension, etc. This allows a filter rule to be applied to many IP addresses, reducing number of firewall filters required. In addition, these objects and groups can be reused for other firewall settings resulting in reduced amount of work required to create multiple firewall rules.

    Firewall rules can be applied according to a Time Schedule to control access to the Internet or network services according to predetermined time slots. Up to 4 time schedules can be applied to each firewall filter rule. For example social media can be restricted during work hours and be allowed during off work hours in a company.

    5. VPN & SSL-VPN

    Vigor2952 supports up to 100 simultaneous VPN tunnels of common protocols such as IPSec/PPTP/L2TP, and 50 tunnels of SSL VPN protocol. The dedicated VPN co-processor supports the hardware encryption of AES/DES/3DES, hardware key hash of SHA-1/MD5, and LDAP authentication, and ensures that VPN traffic is secure and performance is maximised.

    The SSL technology allows secure Web encryption such as those used for on-line banking. With Vigor2952, you can create SSL VPN in Full Tunnel mode or Proxy mode.

    Furthermore, since the Vigor2952 supports multiple Ethernet and 3G/4G WANs, you can create VPN Trunking for VPN Load Balance and VPN Backup. For instance, you can use a number of connections to a site to increase the bandwidth, or have a backup connection when the primary connection fails.

    6. Central VPN Management

    Instead of normal method for VPN connection through web browsers, Vigor2952 supports Central VPN Management (CVM) through TR-069 protocol. From a CVM page, you can create VPN tunnels with just a few mouse clicks on the icons representing your local network (e.g. a public place such as a café) and remote locations (e.g. branch or home office), and the router will establish the connection automatically. This takes away the tedious process required for VPN tunnel creation.

    As well as simplifying creation of VPN tunnels, CVM provides a console to monitor multiple CPE devices and VPN tunnels. This includes displaying the CPE devices on a Google Map.

    Other features include scheduling of CPE configuration backup/restore tasks as well as scheduled firmware upgrade of the CPE devices. Up to 8 DrayTek CPE devices are supported.

    7. Central AP Management

    Vigor2952 supports Central AP Management (APM) with a console to auto-configure and manage up to 20 directly connected (via LAN cables) Draytek wireless Access Points, including VigorAP 800, VigorAP 810, VigorAP 900, VigorAP 910C & VigorAP 902.

    The APM Dashboard displays the status, such as traffic and number of attached stations, of all the attached Access Points.

    With Auto Provisioning enabled on the attached Access Points, WLAN profiles can be created and applied to the selected Access Points from the central console.

    The AP Maintenance feature allows a number of actions, including Configuration Backup and Restore, Firmware Upgrade, Remote Reboot and Factory Reset, to be programmed for selected Access Points.

    The connected Access Points can also be displayed on a map or floor plan showing their locations and basic descriptions. Other features include Traffic Graph, Rogue AP detection, Event Log, Total Traffic, Station number and Access Point Load Balancing.

    8. Central Switch Management (New Firmware will be released soon)

    Central Switch Management provides a convenient and easy way to manage and configure supported VigorSwitches, and save time and reduces troubleshooting efforts.

    From a console page on Vigor2952, you can assign VLANs to the switch ports and at the same time update the router configuration, with a few mouse clicks within the graphical user interface. Similarly you can create 802.1q trunk ports in the same way.

    The switch status page shows the status of all the attached switches, including switch name, IP address, the model number and system up time. You can see how many ports and are in use in each switch as well as port status and how many clients are connected.

    You can backup or restore switch configurations, or reboot, or reset to factory default settings, any of the switches.

    9. Remote Access Management

    The Vigor2952 supports a number of management options to control access to the router both locally and remotely.

    The TR-069 feature integrates with the VigorACS-SI centralised management system, and allow system integrators or network administrators to configure, monitor and manage the Vigor2952 remotely from the comfort of their offices or homes. It can also be used to Auto-Provision the Vigor2952 remotely by sending configuration data to the router.

    There are 3 wizards: a Configuration Wizard, a VPN Wizard and a Firmware Upgrade Wizard. These allow network administrators to quickly and easily carry out complex tasks.

    Alarm & Log Management features ensure real time notifications and alerts to specified phone numbers or email accounts in relation to faults or status of the connected CPEs.

    A number of diagnostic functions, including Data Flow Monitor, Traffic Graph and Syslog Explorer, allow the network administrator to monitor and troubleshoot network conditions remotely.

    Like all Vigor routers, Vigor2952 supports management options include HTTP, HTTPS, FTP, SSH, Telnet and SNMP.

    10. High Availability Mode

    High Availability is essential in mission critical applications where the network as well as Internet connectivity needs to be available 100% of the time. Should a hardware failure occur in a primary router, a standby router will immediately come on line to provide uninterrupted network connectivity.

    High Availability mode in the Vigor2952 router provides hardware redundancy by the use of one or more Vigor2952 routers to be configured for Hot-Standby or Active-Standby.

    Key features of High Availability mode are:

    • WCF License share (Hot-Standby only)
      Network administrators can create a High Availability group on MyVigor website and include at most 8 routers to join the group and share the same WCF license. Only 1 router (the primary) can use the license at a time, and when the primary router goes down, the secondary router will come up and register to MyVigor server and continuous to provide firewall protection to LAN clients. It means only one WCF license is required per High Availability group.
    • Configuration Sync (Hot-Standby only)
      Every configuration/modification made on the primary router will be synchronized to the other group member(s) ensuring that network functionality is identical should the primary router fails.
    • DDNS Update
      For dynamic WAN IP users, High Availability group members can share the same DDNS account, that when the secondary router become primary, it will update the DDNS profile so the network can continue to be accessible via the same DDNS domain.
  • Reviews
  • DrayTek Vigor2952 Dual-WAN Broadband Fibre router Review – published in PC World magazine (Feb 27, 2017)





    DrayTek Vigor2952 SMB router overview

    An SMB router to manage your network and other routers and switches

    Routers may appear to be a dime a dozen in the consumer space. Many small businesses might be tempted with something like the excellent Linksys EA9500 with its fast WiFi and eight Ethernet ports, but it won’t be suited to many, advanced business needs. This is where you start needing to look at Draytek and, in particular, the Vigor 2952.

    Read the full review here.

  • Specifications
  • Connectivity

    1. Ethernet WAN
      • IPv4
        • DHCP Client, Static IP, PPPoE, PPTP, L2TP, 802.1q Multi-VLAN Tagging
      • IPv6
        • Tunnel Mode: TSPC, AICCU, 6rd, Static 6in4
        • Dual Stack: PPP, DHCPv6 Client, Static IPv6
      • WAN Connection Failover
      • WAN Budget
      • Load Balance/Route Policy
    2. Ethernet LAN
      • IPv4/IPv6 DHCP Server
      • Static Routing/RIP
      • Multiple Subnets
      • Port/Tag-based VLAN
    3. USB
      • 3.5G/4G LTE(PPP, DHCP) as WAN3/ WAN4
      • Printer Server/File Sharing


    1. System Maintenance
      • HTTP/HTTPS with 2-level Management (Admin/User)
      • Logging via Syslog
      • SNMP Management MIB-II (v2/v3)
      • CLI (Command Line Interface, Telnet/SSH)
      • Administration Access Control
      • Web-based Diagnostic Functionality
      • Firmware Upgrade via TFTP/FTP/HTTP/TR-069
      • CWMP Support (TR-069/TR-104)
      • LAN Port Monitoring
    2. Network Management
      • Bandwidth Management by Session/Bandwidth
      • User Management by Time/Data Quota
      • LAN DNS and DNS Proxy/Cache
      • Dynamic DNS
      • IGMP Snooping/Proxy v2 and v3
      • QoS (DSCP/Class-based/4-level Priority)
      • Guarantee Bandwidth for VoIP
      • Support Smart Monitor (Up to 100 nodes)
      • Central AP Management
      • Central VPN Management
      • Switch Management (New Firmware will be released soon)


    • Multi-NAT, DMZ Host, Port-redirection and Open Port
    • Object-based Firewall, Object IPv6, Group IPv6
    • MAC Address Filter
    • SPI (Stateful Packet Inspection) (Flow Track)
    • DoS/DDoS Prevention
    • IP Address Anti-spoofing
    • E-mail Alert and Logging via Syslog
    • Bind IP to MAC Address
    • Time Schedule Control
    • Content Security (IM/P2P, URL, Keywords, Cookies, etc.)


    • Up to 100 VPN Tunnels
    • Protocol: PPTP, IPsec, L2TP, L2TP over IPsec
    • Encryption: MPPE and Hardware-based AES/DES/3DES
    • Authentication: MD5, SHA-1
    • IKE Authentication: Pre-shared Key and Digital Signature (X.509)
    • LAN-to-LAN, Teleworker-to-LAN
    • DHCP over IPsec
    • IPsec NAT-traversal (NAT-T)
    • Dead Peer Detection (DPD)
    • VPN Pass-through
    • VPN Wizard
    • mOTP
    • Supports 50 SSL VPN Tunnels
    • VPN Trunk: VPN Backup and Load Balance

    Hardware Interface

    • 1 x Combo WAN, 10/100/1000Base-Tx, RJ-45 or SFP (WAN1)(Fiber Port is High Priority)
    • 1 x 10/100/1000Base-Tx, RJ-45 (WAN2)
    • 4 x 10/100/1000Base-Tx LAN, RJ-45 (P1 is Configurable as DMZ Port)
    • 2 x USB Host (USB1 is 2.0 and USB2 is 3.0)
    • 1 x Factory Reset Button
  • Deployment Examples
  • Vigor2952 Series for Branch Offices Deployment


    Dual-WAN with 2 x Gigabit Ethernet WAN ports (WAN 1 selectable for SFP port), 2 x USB ports


    Business Continuity – High Availability

    CVM (Central VPN Management)

    Security & Firewall

    VPN Trunk (Load Balance/Backup)

  • Web Demo
  • Open Link in New Tab