• NBN (National Broadband Network – Australia) Ready to connect to NTD (Network Termination Device)
  • 5 x Gigabit WAN ports (4 x Ethernet & 1 x SFP) & 2 x USB ports for 3G / 4G Mobile with Load Balance and Fail-Over
  • 3 x Gigabit LAN ports (2 x Ethernet & 1 x SFP) with 120,000 NAT sessions and IPv6
  • Object-based SPI Firewall, Content Security Management (CSM) and QoS
  • High-Availability (with CARP) ensuring 24/7 system uptime
  • 500 x VPN tunnels with VPN load balance and redundancy, Central VPN Management & 100 x SSL VPNs
  • Up-to 800Mbps site-to-site IPsec VPN throughput
  • 2 x USB ports for 3G / 4G modems & temperature sensor
  • Support TR-069 for VigorACS SI Central Management
  • Temperature Monitoring (optional: USB Thermometer)
  • 2 years back to base warranty

Overview

The Vigor3900 Central site VPN gateway is an enterprise-level VPN concentrator providing security and cost savings benefits for business through flexible, reliable, and high-performance LAN-to-LAN and remote-access solutions. Vigor3900 not only offers hundreds of VPN tunnels compatible with multiple VPN protocols, such as PPTP/L2TP/IPsec/L2TP over IPSec to satisfy LAN-to-LAN and remote secure communication needs, but also provide SSL VPN* connectivity to better facilitate remote users to access corporate database. With Gigabit Ethernet LAN/WAN and active fiber interfaces, Vigor3900 offers unprecedented data transmission speed for mission-critical applications and do load-balancing for WAN and VPN failover to enhance performance, redundancy and reliability of business operation.

Enterprise-level central site VPN gateway

By using VPNs to establish secure, end-to-end private network connections over a public networking infrastructure, business can reduce considerable communications/travels expenses and still remain seamless connectivity between central and remote sites including mobile workers, telecommuters, and extranet users by accessing corporate database any time in anywhere.

Vigor3900 with a dedicated VPN co-processor, the hardware encryption of AES/DES/3DES and hardware key hash of SHA-1/MD5 are seamlessly handled, thus maintaining maximum router performance. For remote sites and inter-office links, the Vigor3900 supports up to 500 simultaneous VPN tunnels (such as IPsec/PPTP/L2TP protocols). The site-to-site VPN throughput can reach up-to 800Mbps (IPsec). The SSL VPN* by using X.509 certificate-based authentication is also available for tele-worker applications.

Without the necessity of installing VPN client on individual PC, the Secure Socket Layer (SSL) virtual private network (VPN) facility lets remote workers connect to the office network at any time. SSL is supported by standard web browsers such as FireFox and IE. For users of small offices and tele-workers who need to access enterprises’ internal applications, file server and file sharing.

There are up to 20 simultaneous tunnels on Vigor3900 for host-to-LAN (remote dial-in) application.

Centralized Management

With F/W 1.0.7, the embedded Central VPN Management (CVM) will let network administrator register up to 16 remote routers and also run concurrent remote management over 16 remote routers.

In short, Vigor3900 gives a highly secure but flexible network for the multi-site business operation and retain corporate HQ’s ultimate control of the system.

High performance gigabit and fiber interfaces

Vigor3900 with four Gigabit Ethernet-ports and one SFP active fiber port as WAN interfaces allows corporation to subscribe internet connection service from up-to five different ISPs. These five WAN interfaces can do load-balancing to facilitate bandwidth usage in the connection uptime and failover backup during downtime to prevent temporary service outage from subscribed ISP(s). In addition, Vigor3900 with two Gigabit Ethernet-ports and one SFP active fiber port as LAN interfaces facilitates large data and business applications exchange to reach corporate intranet client ends. The Vigor3900 also supports Open Shortest Path First (OSPF) to calculate the route metric (Up-to Version 2).

Vigor3900 is also the future proof procurement as considering tech refresh of your central site or major regional branches. From infrastructure viewpoint, Vigor3900 is not only working with current IPv4 network but also compliant with future IPv6 migration. From service viewpoint, corporation begins to turn to virtualization and cloud computing services when the speed of WAN connection is rising to reduce overhead of IT and enhance productivity.

Stable inline reliability

Vigor3900 offers High Availability by Common Address Redundancy Protocol (CARP) to prevent single point of failure. The network administrator can configure another Vigor3900 as the passive standby backup device in case of failure of main Vigor3900. Moreover, administrator can enable reciprocal backup functionality for multiple active Vigor3900 that includes load balancing configuration and user definable backup priorities.

The advance Load Balance and Failover features of Vigor3900 can balance traffic from your LAN to multiple internet connections (WANs). The easy-to-use web user interface allows administrator to configure comprehensive network settings in minutes to optimize bandwidth usage and establish a reliable network based on actual operation needs. Traffics from the LAN are shared out on a round robin basis across the available WANs. Vigor3900 can monitor each WAN connection, using an IP address you provide, and if Vigor3900 monitors fails, a failover configuration will take place and typically just feeds all traffic down the other connection(s). Especially, the pooling configuration concept allows administrator to select desire WAN ports as load-balancing pools with weight setting capability / failover pools and modify policy if necessary and then configure each WAN port with detail network information that helps administrator build a substantial network to facilitate daily operation with versatility, scalability and reliability.

Highly secure and efficient corporate application management

Vigor3900 with Certificate Management function including Root CA, Trusted CA and Local CA is a comprehensive Certificate Authority (CA) server. To prevent eavesdropping, Vigor3900 enforces advance encrypted mechanism implemented a pair of public and private keys as exchanging certificate between server and client instead of using pre-shared key which might be stolen by hackers during interchange. Vigor3900 offers flexible methods to grant certificate for any trusted applicant who may use it for the VPN connection. Administrator of Vigor3900 can choose to accept/sign client’s CA certificate or generate a signed CA certificate through building root CA function for client’s VPN connection needs in case some clients do not have CA certificate in hand. As a result, Certificate Management by Vigor3900 offers secure and flexible ways for business certification process.

The DoS/DDoS prevention and URL/Web content filter strengthen the security outside and inside the network. They can block the HTTPS web access well with the integration of the object-based firewall setting. The enterprise-level CSM (Content Security Management) enables users to control and manage IM (Instant Messenger) and P2P (Peer-to-Peer) applications more efficiently. The CSM hence prevents inappropriate content from distracting employees and impeding productivity. Furthermore, the CSM can keep office networks threat-free and available. The Vigor3900 supports authentication by the PPPoE server with wire-speed Internet Access capability to LAN users (e.g. employees). This feature saves a lot of time compared with IP-bind-MAC method to benefits the network administrators.

Quality of Service (QoS) function of Vigor3900 implemented Ingress and Egress Filter Rules monitoring LAN/WAN incoming and outgoing data packets. These rules can prevent unwanted data packets from outside to access corporate network as well as distribute corporate data to non-recognizable destinations. The subscribed bandwidth wouldn’t be wasted on useless data packet exchange activities and may reduce the risk of damage corporate network or confidential information leakage. Moreover, Vigor3900 has eight classes of priority level settings which allow administrator to better prioritize the importance of bandwidth usage in detail. Administrator can use bandwidth limitation to grant different bandwidth to different workgroups based on their main job function which can be viewed as macro view of bandwidth allocation. In the micro view, administrator can define different sessions through session limitation to individual client device based on IP address in each workgroup. For instance, Sales Dept. in total might need the larger bandwidth than others for better serving customers. However, sales assistants could be granted minimum sessions because they don’t need to interact with customers directly to facilitate their jobs.

Easy-to-use centralized management

Vigor3900 embedded with an easy-to-use user interface shorten administrator’s learning curve to adopt its management mechanism to control CO side network and hundreds VPN connections of remote sites. By the easy-to-use user interface, business doesn’t need to allocate the highly experienced technician as the administrator and can save training cost/time for recruiting new hire. Besides, Vigor3900 compliant with TR-069 protocol can be managed by VigorACS SI centralized management system that makes you have the choice to outsource IT management to System Integrator who can provide both Internet access service (last mile license from ISP/Telco) and device remote management/diagnostic services to stay focused on business essentials.

Specifications

Interface
WAN Port4x GbE RJ-45 + 1x SFP
LAN Port2x GbE RJ-45
USB Port2x USB 2.0 for 3G/4G/LTE USB modem, storage, printer or thermometer
Console Port1x RJ-45
Performance
NAT Throughput950 Mbps
IPsec VPN Performance900 Mbps (ASE 256 bits)
SSL VPN Performance100 Mbps
NAT Sessions120,000
Max. Concurrent VPN Tunnels500
Max. Concurrent OpenVPN + SSL VPN100
Internet Connection
IPv4PPPoE, DHCP, Static IP, PPTP/L2TP
IPv6Link Local, Static PPP, DHCP IA NA, DHCP IA PD
Multi-VLAN
3G/4G/LTE WAN with USB modem
Outbound Load BalancingIP-based, Session-based
Inbound Load Balancing
WAN Active on Link Failure
Connection DetectionARP, Ping, HTTP
Dynamic DNS
DrayDDNS
LAN Management
802.1q VLAN
Max. Number of VLAN50
DHCP ServerMultiple IP Subnet, Custom DHCP Options, Bind-IP-to-MAC
PPPoE Server
Port Mirroring
Local DNS Server
Conditional DNS Forwarding
Hotspot Web Portal
Hotspot AuthenticationLocal User Profile, Guest Profile, RADIUS, LDAP, SMS PIN
Networking
Static RoutingIPv4 Static Routing, IPv6 Static Routing, Inter-VLAN Routing
Dynamic RoutingRIPv2, OSPFv2, BGP
Policy-based RoutingProtocol, IP Address, Port, Domain, Country
High AvailabilityActive-Standby, Hot-Standby
DNS Security (DNSSEC)
GVRP
ProxyIGMP, LAN ARP, WAN ARP
SMB File Sharing
VPN
LAN-to-LAN
Remote Dial-In (Teleworker-to-LAN)
ProtocolsPPTP, L2TP, IPsec, L2TP over IPsec, SSL, GRE, IKEv2, IKEv2-EAP, OpenVPN
User AuthenticationLocal, RADIUS, LDAP, mOTP
IKE AuthenticationPre-Shared Key, X.509
IPsec AuthenticationSHA1, SHA2/256, MD5
VPN RedundancyLoad Balancing, Failover
NAT-Traversal (NAT-T)
Firewall & Content Filtering
NATPort Redirection, Open Ports, Port Triggering, DMZ Host, UPnP
ALG (Application Layer Gateway)SIP, RTSP, FTP, H.323
VPN Pass-ThroughPPTP, L2TP, IPsec
IP-based Firewall Policy
Content FilteringApplication, URL, DNS Keyword, Web Features, Web Category (subscription required), QQ Filter
DoS Attack Defense
Bandwidth Management
IP-based Bandwidth Limit
IP-based Session Limit
QoS (Quality of Service)TOS, DSCP, 802.1p, IP Address, Port, Application
Hardware QoS
VoIP Prioritization
Management
Local ServiceHTTP, HTTPS, Telnet, SSH, TR-069
Config File Export & Import
Firmware UpgradeTFTP, HTTP, TR-069
2-Level Administration Privilege
Access ControlAccess List, Brute Force Protection, Access Barrier
Syslog
Notification AlertSMS, E-mail
SNMPv2, v2c, v3
Managed by VigorACS
Central AP Management50 VigorAP
Central Switch Management20 VigorSwitch
Physical
Rack Mountable Mouting Kit Included
Power SupplyDC 15V @ 1.35A
Dimension443 mm x 285 mm x 45 mm
Max. Power Consumption20 watts
Operating Temperature0 to 45°C
Storage Temperature-10 to 70°C
Operating Humidity (non-condensing)10 to 90%
Certificate

Multi-WAN Redundancy/ Load-balancing

High Availability

Mobile-OTP

User Management

VPN Trunking

The CVM (Central VPN Management) of Vigor3900

Resources

  • NBN (National Broadband Network – Australia) Ready to connect to NTD (Network Termination Device)
  • 5 x Gigabit WAN ports (4 x Ethernet & 1 x SFP) & 2 x USB ports for 3G / 4G Mobile with Load Balance and Fail-Over
  • 3 x Gigabit LAN ports (2 x Ethernet & 1 x SFP) with 120,000 NAT sessions and IPv6
  • Object-based SPI Firewall, Content Security Management (CSM) and QoS
  • High-Availability (with CARP) ensuring 24/7 system uptime
  • 500 x VPN tunnels with VPN load balance and redundancy, Central VPN Management & 100 x SSL VPNs
  • Up-to 800Mbps site-to-site IPsec VPN throughput
  • 2 x USB ports for 3G / 4G modems & temperature sensor
  • Support TR-069 for VigorACS SI Central Management
  • Temperature Monitoring (optional: USB Thermometer)
  • 2 years back to base warranty

Overview

The Vigor3900 Central site VPN gateway is an enterprise-level VPN concentrator providing security and cost savings benefits for business through flexible, reliable, and high-performance LAN-to-LAN and remote-access solutions. Vigor3900 not only offers hundreds of VPN tunnels compatible with multiple VPN protocols, such as PPTP/L2TP/IPsec/L2TP over IPSec to satisfy LAN-to-LAN and remote secure communication needs, but also provide SSL VPN* connectivity to better facilitate remote users to access corporate database. With Gigabit Ethernet LAN/WAN and active fiber interfaces, Vigor3900 offers unprecedented data transmission speed for mission-critical applications and do load-balancing for WAN and VPN failover to enhance performance, redundancy and reliability of business operation.

Enterprise-level central site VPN gateway

By using VPNs to establish secure, end-to-end private network connections over a public networking infrastructure, business can reduce considerable communications/travels expenses and still remain seamless connectivity between central and remote sites including mobile workers, telecommuters, and extranet users by accessing corporate database any time in anywhere.

Vigor3900 with a dedicated VPN co-processor, the hardware encryption of AES/DES/3DES and hardware key hash of SHA-1/MD5 are seamlessly handled, thus maintaining maximum router performance. For remote sites and inter-office links, the Vigor3900 supports up to 500 simultaneous VPN tunnels (such as IPsec/PPTP/L2TP protocols). The site-to-site VPN throughput can reach up-to 800Mbps (IPsec). The SSL VPN* by using X.509 certificate-based authentication is also available for tele-worker applications.

Without the necessity of installing VPN client on individual PC, the Secure Socket Layer (SSL) virtual private network (VPN) facility lets remote workers connect to the office network at any time. SSL is supported by standard web browsers such as FireFox and IE. For users of small offices and tele-workers who need to access enterprises’ internal applications, file server and file sharing.

There are up to 20 simultaneous tunnels on Vigor3900 for host-to-LAN (remote dial-in) application.

Centralized Management

With F/W 1.0.7, the embedded Central VPN Management (CVM) will let network administrator register up to 16 remote routers and also run concurrent remote management over 16 remote routers.

In short, Vigor3900 gives a highly secure but flexible network for the multi-site business operation and retain corporate HQ’s ultimate control of the system.

High performance gigabit and fiber interfaces

Vigor3900 with four Gigabit Ethernet-ports and one SFP active fiber port as WAN interfaces allows corporation to subscribe internet connection service from up-to five different ISPs. These five WAN interfaces can do load-balancing to facilitate bandwidth usage in the connection uptime and failover backup during downtime to prevent temporary service outage from subscribed ISP(s). In addition, Vigor3900 with two Gigabit Ethernet-ports and one SFP active fiber port as LAN interfaces facilitates large data and business applications exchange to reach corporate intranet client ends. The Vigor3900 also supports Open Shortest Path First (OSPF) to calculate the route metric (Up-to Version 2).

Vigor3900 is also the future proof procurement as considering tech refresh of your central site or major regional branches. From infrastructure viewpoint, Vigor3900 is not only working with current IPv4 network but also compliant with future IPv6 migration. From service viewpoint, corporation begins to turn to virtualization and cloud computing services when the speed of WAN connection is rising to reduce overhead of IT and enhance productivity.

Stable inline reliability

Vigor3900 offers High Availability by Common Address Redundancy Protocol (CARP) to prevent single point of failure. The network administrator can configure another Vigor3900 as the passive standby backup device in case of failure of main Vigor3900. Moreover, administrator can enable reciprocal backup functionality for multiple active Vigor3900 that includes load balancing configuration and user definable backup priorities.

The advance Load Balance and Failover features of Vigor3900 can balance traffic from your LAN to multiple internet connections (WANs). The easy-to-use web user interface allows administrator to configure comprehensive network settings in minutes to optimize bandwidth usage and establish a reliable network based on actual operation needs. Traffics from the LAN are shared out on a round robin basis across the available WANs. Vigor3900 can monitor each WAN connection, using an IP address you provide, and if Vigor3900 monitors fails, a failover configuration will take place and typically just feeds all traffic down the other connection(s). Especially, the pooling configuration concept allows administrator to select desire WAN ports as load-balancing pools with weight setting capability / failover pools and modify policy if necessary and then configure each WAN port with detail network information that helps administrator build a substantial network to facilitate daily operation with versatility, scalability and reliability.

Highly secure and efficient corporate application management

Vigor3900 with Certificate Management function including Root CA, Trusted CA and Local CA is a comprehensive Certificate Authority (CA) server. To prevent eavesdropping, Vigor3900 enforces advance encrypted mechanism implemented a pair of public and private keys as exchanging certificate between server and client instead of using pre-shared key which might be stolen by hackers during interchange. Vigor3900 offers flexible methods to grant certificate for any trusted applicant who may use it for the VPN connection. Administrator of Vigor3900 can choose to accept/sign client’s CA certificate or generate a signed CA certificate through building root CA function for client’s VPN connection needs in case some clients do not have CA certificate in hand. As a result, Certificate Management by Vigor3900 offers secure and flexible ways for business certification process.

The DoS/DDoS prevention and URL/Web content filter strengthen the security outside and inside the network. They can block the HTTPS web access well with the integration of the object-based firewall setting. The enterprise-level CSM (Content Security Management) enables users to control and manage IM (Instant Messenger) and P2P (Peer-to-Peer) applications more efficiently. The CSM hence prevents inappropriate content from distracting employees and impeding productivity. Furthermore, the CSM can keep office networks threat-free and available. The Vigor3900 supports authentication by the PPPoE server with wire-speed Internet Access capability to LAN users (e.g. employees). This feature saves a lot of time compared with IP-bind-MAC method to benefits the network administrators.

Quality of Service (QoS) function of Vigor3900 implemented Ingress and Egress Filter Rules monitoring LAN/WAN incoming and outgoing data packets. These rules can prevent unwanted data packets from outside to access corporate network as well as distribute corporate data to non-recognizable destinations. The subscribed bandwidth wouldn’t be wasted on useless data packet exchange activities and may reduce the risk of damage corporate network or confidential information leakage. Moreover, Vigor3900 has eight classes of priority level settings which allow administrator to better prioritize the importance of bandwidth usage in detail. Administrator can use bandwidth limitation to grant different bandwidth to different workgroups based on their main job function which can be viewed as macro view of bandwidth allocation. In the micro view, administrator can define different sessions through session limitation to individual client device based on IP address in each workgroup. For instance, Sales Dept. in total might need the larger bandwidth than others for better serving customers. However, sales assistants could be granted minimum sessions because they don’t need to interact with customers directly to facilitate their jobs.

Easy-to-use centralized management

Vigor3900 embedded with an easy-to-use user interface shorten administrator’s learning curve to adopt its management mechanism to control CO side network and hundreds VPN connections of remote sites. By the easy-to-use user interface, business doesn’t need to allocate the highly experienced technician as the administrator and can save training cost/time for recruiting new hire. Besides, Vigor3900 compliant with TR-069 protocol can be managed by VigorACS SI centralized management system that makes you have the choice to outsource IT management to System Integrator who can provide both Internet access service (last mile license from ISP/Telco) and device remote management/diagnostic services to stay focused on business essentials.

Interface

  • WAN Port: 4x GbE RJ-45 + 1x SFP

  • LAN Port: 2x GbE RJ-45

  • USB Port: 2x USB 2.0 for 3G/4G/LTE USB modem, storage, printer or thermometer

  • Console Port: 1x RJ-45

Performance

  • NAT Throughput: 950 Mbps

  • IPsec VPN Performance: 900 Mbps (ASE 256 bits)

  • SSL VPN Performance: 100 Mbps

  • NAT Sessions: 120,000

  • Max. Concurrent VPN Tunnels: 500

  • Max. Concurrent OpenVPN + SSL VPN: 100

Internet Connection

  • IPv4: PPPoE, DHCP, Static IP, PPTP/L2TP
  • IPv6: Link Local, Static PPP, DHCP IA NA, DHCP IA PD

  • Multi-VLAN
  • 3G/4G/LTE WAN with USB modem
  • Outbound Load Balancing: IP-based, Session-based
  • Inbound Load Balancing
  • WAN Active on Link Failure
  • Connection Detection: ARP, Ping, HTTP
  • Dynamic DNS
  • DrayDDNS

LAN Management

  • 802.1q VLAN
  • Max. Number of VLAN: 50
  • DHCP Server: Multiple IP Subnet, Custom DHCP Options, Bind-IP-to-MAC
  • PPPoE Server
  • Port Mirroring
  • Local DNS Server
  • Conditional DNS Forwarding
  • Hotspot Web Portal
  • Hotspot Authentication: Local User Profile, Guest Profile, RADIUS, LDAP, SMS PIN

Networking

  • Static Routing: IPv4 Static Routing, IPv6 Static Routing, Inter-VLAN Routing
  • Dynamic Routing: RIPv2, OSPFv2, BGP
  • Policy-based Routing: Protocol, IP Address, Port, Domain, Country
  • High Availability: Active-Standby, Hot-Standby
  • DNS Security (DNSSEC)
  • GVRP
  • Proxy: IGMP, LAN ARP, WAN ARP
  • SMB File Sharing (Requires external storage)

VPN

  • LAN-to-LAN
  • Remote Dial-In (Teleworker-to-LAN)

  • Protocols: PPTP, L2TP, IPsec, L2TP over IPsec, SSL, GRE, IKEv2, IKEv2-EAP, OpenVPN
  • User Authentication: Local, RADIUS, LDAP, mOTP
  • IKE Authentication: Pre-Shared Key, X.509
  • IPsec Authentication: SHA1, SHA2/256, MD5
  • VPN Redundancy: Load Balancing, Failover
  • NAT-Traversal (NAT-T)

Firewall & Content Filtering

  • NAT: Port Redirection, Open Ports, Port Triggering, DMZ Host, UPnP
  • ALG (Application Layer Gateway): SIP, RTSP, FTP, H.323
  • VPN Pass-Through: PPTP, L2TP, IPsec
  • IP-based Firewall Policy
  • Content Filtering: Application, URL, DNS Keyword, Web Features, Web Category (subscription required), QQ Filter
  • DoS Attack Defense

Bandwidth Management

  • IP-based Bandwidth Limit
  • IP-based Session Limit
  • QoS (Quality of Service): TOS, DSCP, 802.1p, IP Address, Port, Application
  • Hardware QoS
  • VoIP Prioritization

Management

  • Local Service: HTTP, HTTPS, Telnet, SSH, TR-069
  • Config File Export & Import
  • Firmware Upgrade: TFTP, HTTP, TR-069
  • 2-Level Administration Privilege
  • Access Control: Access List, Brute Force Protection, Access Barrier
  • Syslog
  • Notification Alert: SMS, E-mail
  • SNMP: v2, v2c, v3

  • Managed by VigorACS
  • Central AP Management: 50 VigorAP
  • Central Switch Management: 20 VigorSwitch

Physical

  • Rack Mountable (Mouting Kit Included)
  • Power Supply: DC 15V @ 1.35A

  • Dimension: 443 mm x 285 mm x 45 mm
  • Max. Power Consumption: 20 watts
  • Operating Temperature: 0 to 45°C
  • Storage Temperature: -10 to 70°C
  • Operating Humidity (non-condensing): 10 to 90%
  • Certificate:

Multi-WAN Redundancy/ Load-balancing

High Availability

Mobile-OTP

User Management

VPN Trunking

The CVM (Central VPN Management) of Vigor3900

Accessories

Resources