Call us: +61 2 9838 8899
FAX: +61 2 9838 8818

vigor3220n-new-icons

  • Quad-WAN: 4 x Gigabit Ethernet WAN ports
  • 2 x USB ports (1 x USB 2.0, 1 x USB 3.0)
  • Only USB port 2 (USB2) can be used for 3G/4G LTE mobile. USB port 1 (USB1) can be used for external storage, printer or thermometer.
  • Multi-WAN Load Balance and Failover
  • 100 x VPN and 50 x SSL-VPN tunnels with Load Balance and Redundancy
  • 1 x Gigabit LAN port with 100,000 NAT sessions
  • 1 x Dedicated Gigabit Ethernet DMZ port for connecting servers
  • 1 x Console port (RS232)
  • IEEE 802.11n Wireless LAN for Vigor3220n
  • Object-based SPI Firewall with Content Security Management (CSM)
  • IPv6 compliant
  • QoS functions
  • Central VPN Management
  • Central AP Management
  • Central Switch Management
  • Supports Smart Monitor Traffic Analyzer (up to 200 nodes)
  • Supports VigorACS SI Central Management (TR-069)
  • 2 years back to base warranty
* Central AP Management supports VigorAP 800, VigorAP 810, VigorAP 900, VigorAP 910C & VigorAP 902
** Central Switch Management supports VigorSwitch G1241, VigorSwitch G2260, VigorSwitch P2261
  • Overview
  • The Vigor3220n Quad-WAN security Firewall router is an enterprise level router suitable for any medium-sized business (SMB) that need to provide up to 100 VPN tunnels.

    The Vigor3220n router supports 4 x Gigabit Ethernet WAN interfaces and the USB port 2 (USB2) for 3G/4G mobile dongles.

    The Vigor3220n can connect to the Internet through any of these interfaces, or with a combination of interfaces for Load Balance and/or Failover functions. It supports business features including an object-oriented SPI (Stateful Packet Inspection) firewall, IPv6, 100 VPN tunnels, 50 SSL VPN tunnels, tag-based VLAN, multiple subnets, etc.

    The dedicated DMZ port can be used to connect servers or computers that need to be exposed to the Internet without compromising internal LAN security.

    The Centralised network management features provide a convenient console for the network administrator. These features include Central VPN Management, Central Switch Management, and Central AP Management.

    The Vigor3220n series router can be rack mounted, using the supplied mounting brackets, into a standard 19” rack or cabinet.

  • Key Features
  • 1. WAN Connectivity

    The Vigor3220n router supports 2 types of WAN Interfaces: 4 x Gigabit Ethernet WAN interfaces, and the USB port 2 (USB2) for 3G/4G mobile dongles.

    With between more than 1 WAN interfaces connected, you can configure for Load Balancing or Failover. For example, you can use WAN 1 as your primary Internet connection and have a failover connection over a 4G LTE connection.

    2. LAN and VLAN

    The Vigor3220n has 1 x Gigabit LAN port supporting 100,000 NAT sessions.

    The Vigor3220n supports both port-based and 802.1q tagged VLANs. Port-based VLANs allow the assignment of a VLAN and IP subnet to each router LAN port. On the other hand, 802.1q tagged VLANs can extend up to 8 VLANs and 8 IP subnets to an attached switch.

    3. Wireless LAN

    The Vigor3220n has a built-in 2.4GHz IEEE802.11n wireless Access Point that provides good coverage and excellent Wi-Fi performance. The MIMO technology with diversified antenna arrangement minimises interference effects and ensures good wireless performance.

    To match the business level features of Vigor3220 series, Vigor3220n supports all major Wi-Fi encryption protocols: WEP, WPA, WPA2 and 802.1X, plus MAC Address access control, and DHCP Fixing to prevent unauthorized accessing.

    The Web-portal setup (log-in) provides four rules along with 4 SSIDs. Each of the 4 SSIDs can be created and assigned to a VLAN and IP subnet with separate security levels. The wireless VLAN function lets you isolate wireless clients from each other or from the “wired” LAN.

    When users connect to the Wireless LAN, they can be directed with your customised log-in screen before any Internet access is permitted.

    With WPS (Wi-Fi Protected Setup) feature, you can press the WPS button at the front of the router to pass on the security keys to a client PC in the LAN, allowing for easy and secured access to the Wireless LAN.

    4. Quality of Service (QoS)

    QoS functions allow the network administrator to set priorities for any traffic type to guarantee the required level of performance for data flow. For example, real-time traffic such as VoIP or Video over IP can be prioritised as these have less tolerance for delays caused by network congestion.

    A traffic type can be assigned to each of the three QoS classes and reserved bandwidth allocated.

    5. Firewall

    The Vigor3220n has powerful firewall features including object-oriented SPI (Stateful Packet Inspection) firewall, DoS (Denial of Services), CSM (Content Security Management) and WCF (Web Content Filter).

    Stateful Packet Inspection (SPI) Firewall monitors incoming and outgoing packets at layer 3 (OSI model) and passes or blocks the data packets based on the configuration.

    The DoS feature protects the network for unwanted access requests from DoS attackers.

    CSM enables network administrators to control and manage IM (Instant Messenger) and P2P (Peer-to-Peer) applications, for instance, to keep network users from accessing inappropriate contents and ensure that network traffic flow efficiently.

    WCF classifies all websites into 64 categories and allows network administrators to select categories to protect the users from undesirable website content. DrayTek uses the CYREN WCF database for its Vigor routers, and each router includes a free 30-day trial license.

    The object-based firewall provides flexibility by using Objects in the firewall settings. Objects can be created and placed in groups for IP, service type, keyword, file extension, etc.  This allows a filter rule to be applied to many IP addresses, reducing the number of firewall filters required. In addition, these objects and groups can be reused for other firewall settings resulting in reduced amount of work required to create multiple firewall rules.

    Firewall rules can be applied according to a Time Schedule to control access to the Internet or network services according to predetermined time slots. Up to 4 time-schedules can be applied to each firewall filter rule. For example, social media can be restricted during work hours and be allowed during off-work hours in a company.

    6. VPN & SSL-VPN

    Vigor3220n supports up to 100 simultaneous hardware based VPN tunnels, providing a throughput up to 40Mbps for each VPN tunnel. It utilises most supported protocols such as IPSec/PPTP/L2TP, and 50 tunnels of SSL VPN protocol. The dedicated VPN co-processor supports hardware encryption including AES/DES/3DES, hardware key hash of SHA-1/MD5, and LDAP authentication, and ensures that VPN traffic is secure and performance is maximised.

    The SSL technology allows secure Web encryption such as those used for on-line banking. With Vigor3220n, you can create SSL VPN in Full Tunnel mode or Proxy mode.

    Furthermore, since the Vigor3220n supports multiple WANS Ethernet and 3G/4G, you can create VPN Trunking for VPN Load Balance and VPN Backup. For instance, you can use a number of connections to a site to increase the bandwidth, or have a backup connection when the primary connection fails.

    7. Central VPN Management

    Instead of manual VPN connection through web browsers, Vigor3220n supports Central VPN Management (CVM) which utilises TR-069 protocol. You can create VPN tunnels with just a few mouse clicks on the icons representing your local network (which may be public places such as a café) and remote locations (e.g. branch or home office), and the router will establish the connection automatically. This takes away the tedious process required for VPN tunnel creation.

    Furthermore, CVM also provide a console to monitor multiple CPE devices and VPN tunnels. This includes displaying the CPE devices on a Google Map.

    Other features include scheduling of CPE configuration backup/restore tasks as well as scheduled firmware upgrade of the CPE devices. Up to 8 DrayTek CPE devices are supported.

    8. Central AP Management

    Vigor3220n supports Central AP Management (APM) with a console to auto configure and manage up to 20 directly connected (via LAN cables) Draytek wireless Access Points including VigorAP 800, VigorAP 810, VigorAP 900, VigorAP 902 & VigorAP 910C.

    The Dashboard feature displays the status such as traffic and number of attached stations, of all the attached Access Points.

    With Auto Provisioning enabled on the attached Access Points, WLAN profiles can be created and applied to the selected Access Points from the central console.

    The AP Maintenance feature allows a number of actions to be programmed, including Configuration Backup and Restore, Firmware Upgrade, Remote Reboot and Factory Reset, for selected Access Points.

    The connected Access Points can also be displayed on a map or floor plan showing their locations and basic descriptions. Other features include Traffic Graph, Rogue AP detection, Event Log, Total Traffic, Station number and Access Point load balancing.

    9. Central Switch Management (New Firmware will be released soon)

    Central Switch Management provides a convenient and easy way to manage and configure supported VigorSwitches.  Switched networks comprising VigorSwitches can be easily deployed from a single console.  With a few mouse clicks in the graphical user interface, VLANs can be assigned to the switch ports and at the same time update the router configuration. This includes the creation of 802.1q trunk ports.

    Another feature is the backup and restore of switch configurations. You can also reboot the switch or reset the switch to factory default settings

    The Switch Status menu provides, at a glance, the status of all the attached switches. You can see the switch name, its IP address, the model number and system up time, how many ports are in use in each switch, port status, how many clients are connected, etc.

    Central Switch Management simplifies VigorSwitch configuration tasks and reduces troubleshooting efforts.

    10. Remote Access Management

    The Vigor3220n supports a number of management options to control access to the router both locally and remotely.

    The TR-069 feature integrates with the VigorACS-SI centralised management system, and allow system integrators or network administrators to configure, monitor and manage the Vigor3220n remotely from the comfort of their offices or homes. It can also be used to Auto-Provision the Vigor3220n remotely by sending configuration data to the router.

    There are 3 wizards: a Configuration Wizard, a VPN Wizard and a Firmware Upgrade Wizard. These allow network administrators to quickly and easily carry out complex tasks.

    Alarm & Log Management features ensure real time notifications and alerts to specified phone numbers or email accounts in relation to faults or status of the connected CPEs.

    A number of diagnostic functions, including Data Flow Monitor, Traffic Graph and Syslog Explorer, allow the network administrator to monitor and troubleshoot network conditions remotely.

    Like all Vigor routers, Vigor3220n supports management options include HTTP, HTTPS, FTP, SSH, Telnet and SNMP.

    11. Dedicated DMZ Port

    The DMZ port of Vigor3220n router provides an additional layer of protection to servers, such as Web servers, which need to be exposed to outside networks e.g. the Internet, but need to be kept from compromising the security of internal networks.

    You can activate the DMZ by NAT or Physical mode to the chosen server through the user-friendly interface of Vigor3220n router.

  • Specifications
  • Connectivity

    1. Ethernet WAN
      • IPv4
        • DHCP Client, Static IP, PPPoE, PPTP, L2TP, 802.1q Multi-VLAN Tagging
      • IPv6
        • Tunnel Mode: TSPC, AICCU, 6rd, Static 6in4
        • Dual Stack: PPP, DHCPv6 Client, Static IPv6
      • WAN Connection Failover
      • WAN Budget
      • Load Balance/Route Policy
    2. Ethernet LAN
      • IPv4/IPv6 DHCP Server
      • Static Routing/RIP
      • Multiple Subnets
      • Port/Tag-based VLAN
    3. USB
      • 3.5G/4G LTE(PPP, DHCP) as WAN5/ WAN6
      • Printer Server/File Sharing

    Management

    1. System Maintenance
      • HTTP/HTTPS with 2-level Management (Admin/User)
      • Logging via Syslog
      • SNMP Management MIB-II (v2/v3)
      • CLI (Command Line Interface, Telnet/SSH)
      • Administration Access Control
      • Web-based Diagnostic Functionality
      • Firmware Upgrade via TFTP/FTP/HTTP/TR-069
      • CWMP Support (TR-069/TR-104)
      • LAN Port Monitoring
    2. Network Management
      • Bandwidth Management by Session/Bandwidth
      • User Management by Time/Data Quota
      • LAN DNS and DNS Proxy/Cache
      • Dynamic DNS
      • IGMP Snooping/Proxy v2 and v3
      • QoS (DSCP/Class-based/4-level Priority)
      • Guarantee Bandwidth for VoIP
      • Support Smart Monitor (Up to 200 nodes)
      • Central AP Management
      • Central VPN Management
      • Switch Management

    Security

    • Multi-NAT, DMZ Host, Port-redirection and Open Port
    • Object-based Firewall, Object IPv6, Group IPv6
    • MAC Address Filter
    • SPI (Stateful Packet Inspection) (Flow Track)
    • DoS/DDoS Prevention
    • IP Address Anti-spoofing
    • E-mail Alert and Logging via Syslog
    • Bind IP to MAC Address
    • Time Schedule Control
    • Content Security (IM/P2P, URL, Keywords, Cookies, etc.)

    VPN

    • Up to 100 VPN Tunnels
    • Protocol: PPTP, IPsec, L2TP, L2TP over IPsec
    • Encryption: MPPE and Hardware-based AES/DES/3DES
    • Authentication: MD5, SHA-1
    • IKE Authentication: Pre-shared Key and Digital Signature (X.509)
    • LAN-to-LAN, Teleworker-to-LAN
    • DHCP over IPsec
    • IPsec NAT-traversal (NAT-T)
    • Dead Peer Detection (DPD)
    • VPN Pass-through
    • VPN Wizard
    • mOTP
    • Supports 50 SSL VPN Tunnels
    • VPN Trunk: VPN Backup and Load Balance

    WLAN

    • 802.11n with 2.4GHz
    • Multiple SSID
    • Encryption (64/128-bit WEP,WPA/WPA2,802.1x)
    • Hidden SSID
    • Wireless Rate Control by SSID
    • Wireless VLAN
    • Wireless LAN Isolation
    • MAC Address Access Control
    • Access Point Discovery
    • Wireless Client List
    • WDS (Wireless Distribution System)
    • WMM (Wi-Fi Multimedia)

    Hardware Interface

    • 4 x 10/100/1000Base-Tx WAN Port, RJ-45
    • 1 x 10/100/1000Base-Tx LAN Switch, RJ-45
    • 1 x 10/100/1000Base-Tx DMZ Port, RJ-45
    • 2 x USB Host (USB1 is 2.0 and USB2 is 3.0)
    • 2 x Detachable Antennas
    • 1 x Console Port, RJ-45
    • 1 x Factory Reset Button
  • Deployment Examples
  • Multi subnet with VLAN tag – Multi-tenant applications along with FTTx


    VPN failover / backup by VPN trunk management


    Active Directory/LDAP Group Management for VPN remote dial-in authentication