Quad-WAN: 4 x Gigabit Ethernet WAN ports
2 x USB ports (1 x USB 2.0, 1 x USB 3.0)
Only USB port 2 (USB2) can be used for 3G/4G LTE mobile. USB port 1 (USB1) can be used for external storage, printer or thermometer
Multi-WAN Load Balance and Failover
200 x VPN tunnels including 50 x SSL-VPN with Load Balance and Redundancy
1 x Gigabit LAN port with 100,000 NAT sessions
1 x Dedicated Gigabit Ethernet DMZ port for connecting servers
1 x Console port (RS232)
IEEE 802.11n Wireless LAN for Vigor3220n
Object-based SPI Firewall with Content Security Management (CSM)
Multi-subnet WAN/LAN through 802.1Q
Central VPN Management
Central AP Management
- Central Switch Management
Supports Smart Monitor Traffic Analyzer (up to 200 nodes)
Supports VigorACS 2 Central Management System for remote management
2 years back to base warranty
The Vigor3220 series Quad-WAN security Firewall router is an enterprise level router suitable for any medium-sized business (SMB) that need to provide up to 200 VPN tunnels. The Vigor3220 series router supports 4 x Gigabit Ethernet WAN interfaces and the USB port 2 (USB2) for 3G/4G mobile dongles.
The Vigor3220 series can connect to the Internet through any of these interfaces, or with a combination of interfaces for Load Balance and/or Failover functions. It supports business features including an object-oriented SPI (Stateful Packet Inspection) firewall, IPv6, 200 x VPN tunnels including 50 x SSL-VPN, tag-based VLAN, multiple subnets, etc.
The dedicated DMZ port can be used to connect servers or computers that need to be exposed to the Internet without compromising internal LAN security.
The centralized network management features provide a convenient console for the network administrator. These features include Central VPN Management, Central Switch Management, and Central AP Management.
The Vigor3220 series router can be rack mounted, using the supplied mounting brackets, into a standard 19” rack or cabinet.
The Vigor3220 series router supports 2 types of WAN Interfaces: 4 x Gigabit Ethernet WAN interfaces, and the USB port 2 (USB2) for 3G/4G mobile dongles.
With between more than 1 WAN interfaces connected, you can configure for Load Balancing or Failover. For example, you can use WAN 1 as your primary Internet connection and have a failover connection over a 4G LTE connection.
The Vigor3220 series router has 1 x Gigabit LAN port supporting 100,000 NAT sessions.
The Vigor3220 series supports both port-based and 802.1q tagged VLANs. Port-based VLANs allow the assignment of a VLAN and IP subnet to each router LAN port. On the other hand, 802.1q tagged VLANs can extend up to 8 VLANs and 8 IP subnets to an attached switch.
The Vigor3220n has a built-in 2.4GHz IEEE802.11n wireless Access Point that provides good coverage and excellent Wi-Fi performance. The MIMO technology with diversified antenna arrangement minimises interference effects and ensures good wireless performance.
To match the business level features of Vigor3220 series, Vigor3220n supports all major Wi-Fi encryption protocols: WEP, WPA, WPA2 and 802.1X, plus MAC Address access control, and DHCP Fixing to prevent unauthorized accessing.
The Web-portal setup (log-in) provides four rules along with 4 SSIDs. Each of the 4 SSIDs can be created and assigned to a VLAN and IP subnet with separate security levels. The wireless VLAN function lets you isolate wireless clients from each other or from the “wired” LAN.
When users connect to the Wireless LAN, they can be directed with your customised log-in screen before any Internet access is permitted.
With WPS (Wi-Fi Protected Setup) feature, you can press the WPS button at the front of the router to pass on the security keys to a client PC in the LAN, allowing for easy and secured access to the Wireless LAN.
QoS functions allow the network administrator to set priorities for any traffic type to guarantee the required level of performance for data flow. For example, real-time traffic such as VoIP or Video over IP can be prioritised as these have less tolerance for delays caused by network congestion.
A traffic type can be assigned to each of the three QoS classes and reserved bandwidth allocated.
The Vigor3220 series has powerful firewall features including object-oriented SPI (Stateful Packet Inspection) firewall, DoS (Denial of Services), CSM (Content Security Management) and WCF (Web Content Filter).
Stateful Packet Inspection (SPI) Firewall monitors incoming and outgoing packets at layer 3 (OSI model) and passes or blocks the data packets based on the configuration.
The DoS feature protects the network for unwanted access requests from DoS attackers.
CSM enables network administrators to control and manage IM (Instant Messenger) and P2P (Peer-to-Peer) applications, for instance, to keep network users from accessing inappropriate contents and ensure that network traffic flow efficiently.
WCF classifies all websites into 64 categories and allows network administrators to select categories to protect the users from undesirable website content. DrayTek uses the CYREN WCF database for its Vigor routers, and each router includes a free 30-day trial license.
The object-based firewall provides flexibility by using Objects in the firewall settings. Objects can be created and placed in groups for IP, service type, keyword, file extension, etc. This allows a filter rule to be applied to many IP addresses, reducing the number of firewall filters required. In addition, these objects and groups can be reused for other firewall settings resulting in reduced amount of work required to create multiple firewall rules.
Firewall rules can be applied according to a Time Schedule to control access to the Internet or network services according to predetermined time slots. Up to 4 time-schedules can be applied to each firewall filter rule. For example, social media can be restricted during work hours and be allowed during off-work hours in a company.
Vigor3220 series supports up to 200 simultaneous hardware based VPN tunnels, providing a throughput up to 40Mbps for each VPN tunnel. It utilises most supported protocols such as IPSec/PPTP/L2TP, including 50 tunnels of SSL VPN protocol. The dedicated VPN co-processor supports hardware encryption including AES/DES/3DES, hardware key hash of SHA-1/MD5, and LDAP authentication, and ensures that VPN traffic is secure and performance is maximised.
The SSL technology allows secure Web encryption such as those used for on-line banking. With Vigor3220 series, you can create SSL VPN in Full Tunnel mode or Proxy mode.
Furthermore, since the Vigor3220 series supports multiple WANS Ethernet and 3G/4G, you can create VPN Trunking for VPN Load Balance and VPN Backup. For instance, you can use a number of connections to a site to increase the bandwidth, or have a backup connection when the primary connection fails.
Instead of manual VPN connection through web browsers, Vigor3220 series supports Central VPN Management (CVM) which utilises TR-069 protocol. You can create VPN tunnels with just a few mouse clicks on the icons representing your local network (which may be public places such as a café) and remote locations (e.g. branch or home office), and the router will establish the connection automatically. This takes away the tedious process required for VPN tunnel creation.
Furthermore, CVM also provide a console to monitor multiple CPE devices and VPN tunnels. This includes displaying the CPE devices on a Google Map.
Other features include scheduling of CPE configuration backup/restore tasks as well as scheduled firmware upgrade of the CPE devices. Up to 8 DrayTek CPE devices are supported.
Vigor3220 series supports Central AP Management (APM) with a console to auto configure and manage up to 20 directly connected (via LAN cables) Draytek wireless Access Points including VigorAP 800, VigorAP 810, VigorAP 900, VigorAP 902 , VigorAP 910C and VigorAP 903.
The Dashboard feature displays the status such as traffic and number of attached stations, of all the attached Access Points.
With Auto Provisioning enabled on the attached Access Points, WLAN profiles can be created and applied to the selected Access Points from the central console.
The AP Maintenance feature allows a number of actions to be programmed, including Configuration Backup and Restore, Firmware Upgrade, Remote Reboot and Factory Reset, for selected Access Points.
The connected Access Points can also be displayed on a map or floor plan showing their locations and basic descriptions. Other features include Traffic Graph, Rogue AP detection, Event Log, Total Traffic, Station number and Access Point load balancing.
Central Switch Management provides a convenient and easy way to manage and configure supported VigorSwitches. Switched networks comprising VigorSwitches can be easily deployed from a single console. With a few mouse clicks in the graphical user interface, VLANs can be assigned to the switch ports and at the same time update the router configuration. This includes the creation of 802.1q trunk ports.
Another feature is the backup and restore of switch configurations. You can also reboot the switch or reset the switch to factory default settings
The Switch Status menu provides, at a glance, the status of all the attached switches. You can see the switch name, its IP address, the model number and system up time, how many ports are in use in each switch, port status, how many clients are connected, etc.
Central Switch Management simplifies VigorSwitch configuration tasks and reduces troubleshooting efforts.
The Vigor3220 series supports a number of management options to control access to the router both locally and remotely.
The TR-069 feature integrates with the VigorACS 2 centralised management system, and allow system integrators or network administrators to configure, monitor and manage the Vigor3220 series remotely from the comfort of their offices or homes. It can also be used to Auto-Provision the Vigor3220 series remotely by sending configuration data to the router.
There are 3 wizards: a Configuration Wizard, a VPN Wizard and a Firmware Upgrade Wizard. These allow network administrators to quickly and easily carry out complex tasks.
Alarm & Log Management features ensure real time notifications and alerts to specified phone numbers or email accounts in relation to faults or status of the connected CPEs.
A number of diagnostic functions, including Data Flow Monitor, Traffic Graph and Syslog Explorer, allow the network administrator to monitor and troubleshoot network conditions remotely.
Like all Vigor routers, Vigor3220 series supports management options include HTTP, HTTPS, FTP, SSH, Telnet and SNMP.
The DMZ port of Vigor3220 series router provides an additional layer of protection to servers, such as Web servers, which need to be exposed to outside networks e.g. the Internet, but need to be kept from compromising the security of internal networks.
You can activate the DMZ by NAT or Physical mode to the chosen server through the user-friendly interface of Vigor3220 series router.
|WAN Port||4x Gigabit Ethernet RJ-45|
|LAN Port||1x Gigabit Ethernet RJ-45|
|DMZ Port||1x Gigabit Ethernet RJ-45|
|USB Port||1x USB 3.0 + 1x USB 2.0|
|Console Port||1x RJ-45|
|2.4G WLAN||300Mbps 802.11n (n model)|
|NAT Throughput||500 Mbps|
|NAT Throughput w/ Hardware Acceleration||900 Mbps|
|IPsec VPN Performance||200 Mbps (AES 256 bits)|
|SSL VPN Performance||60 Mbps|
|Max. Number of NAT Sessions||100,000|
|Max. Concurrent VPN Tunnels||200|
|Max. Concurrent OpenVPN + SSL VPN||50|
|IPv4||PPPoE, DHCP, Static IP, PPTP/L2TP|
|IPv6||PPP, DHCPv6, Static IP, TSPC, AICCU, 6rd, 6in4 Static Tunnel|
|3G/4G/LTE WAN with USB modem||2|
|Load Balancing||IP-based, Session-based|
|WAN Active on Demand||Link Failure, Traffic Threshold|
|Connection Detection||ARP, Ping|
|WAN Data Budget|
|VLAN||802.1q Tag-based, Port-based|
|Max. Number of VLAN||8|
|DHCP Server||Multiple IP Subnet, Custom DHCP Options, Bind-IP-to-MAC|
|LAN IP Alias|
|Local DNS Server|
|Conditional DNS Forwarding|
|Hotspot Web Portal|
|Hotspot Authentication||Click-Through, Social Login, SMS PIN|
|Routing||IPv4 Static Routing, IPv6 Static Routing, Inter-VLAN Routing, RIP, BGP|
|Policy-based Routing||Protocol, IP Address, Port, Domain, Country|
|DNS Security (DNSSEC)|
|Multicast||IGMP Proxy, IGMP Snooping & Fast Leave, Bonjour|
|Local RADIUS server|
|SMB File Sharing (Requires external storage)|
|Protocols||PPTP, L2TP, IPsec, L2TP over IPsec, SSL, GRE, IKEv2, IKEv2-EAP, OpenVPN|
|User Authentication||Local, RADIUS, LDAP, TACACS+, mOTP|
|IKE Authentication||Pre-Shared Key, X.509|
|IPsec Authentication||SHA1, SHA256, MD5|
|VPN Redundancy||Load Balancing, Failover|
|Firewall & Content Filtering|
|NAT||Port Redirection, Open Ports, Port Triggering, DMZ Host, UPnP|
|ALG (Application Layer Gateway)||SIP, RTSP, FTP, H.323|
|VPN Pass-Through||PPTP, L2TP, IPsec|
|IP-based Firewall Policy|
|Content Filtering||Application, URL, DNS Keyword, Web Features, Web Category (subscription required)|
|DoS Attack Defense|
|IP-based Bandwidth Limit|
|IP-based Session Limit|
|QoS (Quality of Service)||TOS, DSCP, 802.1p, IP Address, Port, Application|
|Wireless LAN (n model)|
|Number of SSID||4 per radio band|
|Security||WEP, WPA, WPA2, WPS|
|Authentication||Pre-Shared Key, 802.1x|
|Access Control||Access List, Client Isolation, Hide SSID, Wi-Fi Scheduling|
|Local Service||HTTP, HTTPS, Telnet, SSH, TR-069|
|Config File Export & Import|
|Config File Compatibility||Vigor3200 Series|
|Firmware Upgrade||TFTP, HTTP, TR-069|
|2-Level Administration Privilege|
|Access Control||Access List, Brute Force Protection|
|Notification Alert||SMS, E-mail|
|SNMP||v2, v2c, v3|
|Managed by VigorACS|
|Central AP Management||30 VigorAP|
|Central Switch Management||10 VigorSwitch|
Quad-WAN: 4 x Gigabit Ethernet WAN ports