Call us: +61 2 9838 8899
FAX: +61 2 9838 8818

Vigor2960

Dual WAN Security Firewall Router with 4 x Gigabit LANs & 200 VPN tunnels

Vigor2960

  • NBN (National Broadband Network – Australia) Ready to connect to NTD (Network Termination Device)
  • 2 x Gigabit WAN ports & 2 x USB ports for 3.5G / 4G Mobile with Load Balance and Fail-Over
  • 4 x Gigabit LAN ports with 80,000 NAT sessions and IPv6
  • Object-based SPI Firewall, Content Security Management (CSM) and QoS
  • 200 x VPN tunnels with VPN load balance and redundancy, Central VPN Management & 20 x SSL VPNs
  • Up-to 400Mbps site-to-site IPsec VPN throughput
  • 2 x USB ports for 3.5G / 4G modems, USB disk storage, network printers & USB temperature sensor
  • Support Smart Monitor Traffic Analyzer (up to 200-nodes)
  • Support TR-069 for VigorACS SI Central Management
  • Temperature Monitoring (optional: USB Thermometer)
  • 2 years back to base warranty

icon_nbnicon_gigawanicon_4gicon_3.5gicon_firewallicon_csmicon_vpnicon_gigilanicon_usbicon_acs_si

  • Overview
  • The Vigor2960 Series serves as a VPN gateway and a central firewall for multi-site offices and tele-workers. With its high data throughput of two-Gigabit Ethernet, Dual WAN, VPN trunking and 4 Gigabit Ethernet LAN ports, the device facilitates productivity of versatile business operations. To secure communications between sites is the establishment of VPN tunnels up to 200 simultaneous tunnels.

    DrayTek Vigor2960 Series – Dual-WAN Security Firewall offers:

    • Gigabit Dual WAN interface providing load-balancing and failover for high performance and business continuity
    • 4-port Gigabit LAN interface for facilitating managed services applications
    • Enhanced security including:
      • Object-base firewall with advance users (e.g. IP), applications (e.g. IM & P2P,) and content management (web category, keyword and URL)
      • VPN connection for LAN-to-LAN (site-to-site) and Remote dial-in (client-to-site) with dynamic VPN services: IP Security (IPsec)
      • VPNs (Triple Data Encryption Standard [3DES] or Advanced Encryption Standard [AES]),and SSL VPN Web Proxy)
    • Two USB 2.0 ports for printer, file sharing* and 3.5G/4G USB mobile broadband*
    • Bandwidth Management with 8-level priority Inbound/Outbound QoS
    • IPv4/IPv6 support to protect investment
    • TR-069 Management / Working with VigorACS SI

    Security without compromise

    The Vigor2960 series also provides high-security firewall options with both IP-layer and content based protection. The DoS/DDoS prevention and URL/Web content filter strengthen the security outside and inside the network. The enterprise-level CSM (Content Security Management) enables users to control and manage IM (Instant Messenger) and P2P (Peer to Peer) applications more efficiently. The CSM hence prevents inappropriate content from distracting employees and impeding productivity. Furthermore, the CSM can keep office networks threat-free and available. With CSM, you can protect confidential and essential data from modification or theft.

    By incorporating CYREN’s GlobalView Web Content Filter services, DrayTek ensures its customers’ networks are protected by the best available security technology.

    Security

    Enable real-time protection from emerging Web threats including malware, phishing and Zombies/bots

    HR compliance/regulation

    Prevent browsing to questionable content like pornography and hate sites

    Productivity

    Block or monitors sites to maximize employee productivity

    Bandwidth regulation

    Identify sites that consume an organization’s bandwidth (e.g. movies, music)

    Enterprise-level VPN Network

    With a dedicated VPN co-processor, the hardware encryption of AES/DES/3DES and hardware key hash of SHA-1/MD5 are seamlessly handled, thus maintaining maximum router performance. For remote tele-workers and inter-office links, the Vigor2960 supports up to 200 simultaneous VPN tunnels (such as IPsec/PPTP/L2TP protocols) and the VPN throughput can reach up-to 400Mbps (IPsec).

    Centralized Management

    The embedded Central VPN Management (CVM) will let network administrator register up to 16 remote routers but run concurrent remote management over 12 remote routers.

  • Features
  • Technical Specifications of Vigor2960
    WAN Protocol
    EthernetPPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6
    Multi WAN
    Outbound policy based load balanceAllow your local network to access Internet using multiple Internet connections with high-level of Internet connectivity availability.
    Two dedicated Ethernet WAN ports (Gigabit WAN)
    WAN fail-over or load-balanced connectivity.
    VPN
    ProtocolsPPTP, IPsec, L2TP, L2TP over IPsec.
    Up to 200 connections simultaneouslyLAN to LAN, remote access (teleworker-to-LAN), dial-in or dial-out
    VPN trunkingVPN load-balancing and VPN backup
    LDAP/Active DirectoryLightweight directory access protocol. The enterprises use LDAP/Active Directory authentication technology to allow administrator, IT personnel and users to be authenticated when trying to access company’s intranet environment.
    NAT-traversal (NAT-T)VPN over routes without VPN pass-through
    PKI certificateDigital signature (X.509)
    IKE AuthenticationPre-shared key; IKE phase1 aggressive/standard modes & phase 2 selectable lifetimes.
    AuthenticationHardware-based MD5, SHA-1
    EncryptionMPPE and hardware-based AES/DES/3DES
    RADIUS ClientAuthentication for PPTP remote dial-in
    DHCP over IPsecBecause DrayTek add a virtual NIC on the PC, thus, while connecting to the server via IPSec tunnel, PC will obtain an IP address from the remote side through DHCP protocol, which is quite similar with PPTP.
    GRE over IPsecGRE is used when IP packets need to be sent from one network to another without being parsed by any intervening routers
    Dead Peer Detection (DPD)When there is traffic between the peers, it is not necessary for one peer to send a keep-alive to check for liveness of the peer because the IPSec traffic serves as implicit proof of the availability of the peer
    Smart VPN software utilityProvided free of charge for teleworker convenience (Windows 7/XP including 32/64 bit).
    Easy of adoptionNo additional client or remote site licensing required
    Industrial-standard interoperabilityCompatible with other leading 3rd party vendor VPN devices
    CVMCVM, central VPN management, manages VPN tunnels easily
    Content Filter
    IM/P2P blockingJava applet, cookies, active X, compressed, executable, multimedia file blocking. Web content filter
    Web Content FilterDynamic URL filtering database
    Time Schedule ControlSet rule according to your specific office hours
    Firewall
    Stateful Packet Inspection (SPI)Outgoing/Incoming traffic inspection based on connection information
    Content Security Management(CSM)Appliance-based gateway security and content filtering
    Multi-NATYou have been allocated multiple public IP address by your ISP. You hence can have a one-to-one relationship between a public IP address and an internal/private IP address. This means that you have the protection of NAT (see earlier) but the PC can be addressed directly from the outside world by its aliased public IP address, but still by only opening specific ports to it (for example TCP port 80 for an http/web server)
    Port redirectionThe packet is forwarded to a specific local PC if the port number matches with the defined port number. You can also translate the external port to another port locally
    DMZ Port*This opens up a single PC completely. All incoming packets will be forwarded onto the PC with the local IP address you set. The only exceptions are packets received in response to outgoing requests from other local PCs or incoming packets which match rules in the other two methods. The precedence is as follows : Port Redirection > Open Ports > DMZ
    Policy-based IP packet filterThe header information of an IP packet (IP or Mac source/destination addresses; source /destination ports; DiffServ attribute; direction dependent, bandwidth dependent, remote-site dependent
    DoS/DDoS preventionAct of preventing customers, users, clients or other computers from accessing data on a computer
    IP address anti-spoofingSource IP address check on all interfaces only IP addresses classified within the defined IP networks are allowed
    Object-based FirewallUtilizes object-oriented approach to firewall policy
    NotificationE-mail alert* and logging via syslog
    Bind IP to MAC addressFlexible DHCP with ‘IP-MAC binding
    User / Rule baseUser base integrates LDAP/Active Directory authentication to enforce policies.*
    System Management
    Web-based user interface (HTTP)Integrated web server for the configuration of routers via Internet browsers with HTTP. Quick start wizard
    Quick start wizardLet administrator adjust time zone and promptly set up the Internet (PPPoE, PPTP, Static IP, DHCP)
    User managementDial-in access management (PPTP/L2TP and mOTP)
    CLI(Command Line Interface, Telnet/SSH)Remotely administer computers via the telnet.
    DHCP client/relay/serverProvides an easy-to configure function for your local IP network
    Dynamic DNSWhen you connect to your ISP, by broadband or ISDN you are normally allocated an dynamic IP address. i.e. the public IP address your router is allocated changes each time you connect to the ISP. If you want to run a local server, remote users cannot predict your current IP address to find you.
    Administration access controlThe password can be applied to authentication of administrators.
    Configuration backup/restoreIf the hardware breaks down, you can recover the failed system within an acceptable time. Through TFTP, the effective way is to backup and restore configuration between remote hosts.
    Built-in diagnostic functionDial-out trigger, routing table, ARP cache table, DHCP table, NAT sessions table, data flow monitor, traffic graph, ping diagnosis, trace route.
    NTP client/call schedulingThe Vigor has a real time clock which can update itself from your browser manually or more conveniently automatically from an Internet time server (NTP). This enables you to schedule the router to dial-out to the Internet at a preset time, or restrict Internet access to certain hours. A schedule can also be applied to LAN-to-LAN profiles (VPN or direct dial) or some of the content filtering options.
    Tag-based VLAN (802.1Q)By means of using a VLAN ID, a tag-based VLAN can identify VLAN group membership. The VLAN ID provides the information required to process the traffic across a network.Furthermore, the VLAN ID associates traffic with a specific VLAN group.
    Firmware upgrade via TFTP/HTTPUsing the TFTP server and the firmware upgrade utility software, you may easily upgrade to the latest firmware whenever enhanced features are added.
    Remote maintenanceWith Telnet/SSL, SSH (with password or public key), browser (HTTP/HTTPS), TFTP or SNMP, firmware upgrade via HTTP or TFTP.
    Logging via SyslogSyslog is a method of logging router activity.
    SNMP managementSNMP management via SNMP v1/v2, MIB II.
    VigorACS SI Centralized ManagementTR-069 based
    Bandwidth management
    Traffic ShapingDynamic bandwidth management with IP traffic shaping
    Bandwidth reservationReserve minimum and maximum bandwidths by connection based or total data through send/ receive directions
    DiffServ codepoint classifyingPriority queuing of packets based on DiffServ
    4 Priority Levels(Inbound/Outbound)Prioritization in terms of Internet usage
    Individual IP bandwidth/session limitationDefine session /bandwidth limitation based on IP address
    Bandwidth BorrowingTransmission rates control of data services through packet scheduler
    User-defined class-based rulesMore flexibility
    Routing Functions
    RouterIP and NetBIOS/IP-multi-protocol router
    Advanced routing and forwardingComplete independent management and configuration of IP networks in the device, i.e. individual settings for DHCP, DNS, firewall, VLAN, routing, QoS etc.
    DNSDNS cache/proxy
    DHCPDHCP client/relay/server
    NTPNTP client, automatic adjustment for daylight-saving time
    Policy-based RoutingBased on firewall rules, certain data types are marked for specific routing, e.g. to particular remote sites or lines.
    Dynamic RoutingIt is with routing protocol of RIP v2/OSPFv2/V3*. Learning and propagating routes.
    Support BGP routing protocol.
    Static RoutingAn instruction to re-route particular traffic through to another local gateway, instead of sending it onto the Internet with the rest of the traffic. A static route is just like a ‘diversion sign’ on a road.
    Internet CSM (Content Security Management) Featuring
    • URL keyword filtering – whitelist or blacklist specific sites or keywords in URLs
    • Block web sites by category (subject to subscription)
    • Prevent accessing of web sites by using their direct IP address (thus URLs only)
    • Blocking automatic download of Java applets and ActiveX controls
    • Blocking of web site cookies
    • Block http downloads of file types (binary, compressed, multimedia)
    • Time schedules & exclusions for enabling/disabling these restrictions
    • Block P2P (Peer-to-Peer) file sharing programs (e.g. Kazaa, WinMX etc.)
    • Block Instant messaging programs (e.g. IRC, MSN/Yahoo Messenger)
    Support
    Warranty2-year limited warranty, technical support through e-mail and Internet FAQ/application notes
    Firmware UpgradeFree firmware upgrade from Internet
  • Hardware Interface
  • Interface of Vigor2960
    Hardware Interface
    4 x 10/100/1000Based-Tx LAN Switch, RJ-45
    2 x 10/100/1000Based-Tx WAN1 Port, RJ-45
    1 x Factory Reset Button
    2 x USB Host 2.0 (for Printer / 3.5G USB Modem)
    Declaration of Conformity
    TemperatureOperating : 0°C ~ 45°C
    Storage : -25°C ~ 70°C
    Humidity10% ~ 90% (Non-condensing)
    Max. Power19 Watt
    DimensionL273 * W176 * H46 ( mm )
    PowerAC100-240V/ 1.0A
  • Applications
  • Vigor2960 Series for Enterprise Small Branch-Office Deployment

    The CVM (Central VPN Management) of Vigor2960

    Security & Firewall


    Vigor2960 Series wth CYREN GlobalView Web Content Filter

    Extendability

  • Web Demo
  • Open Link in New Tab http://60.250.189.150:2960/