- Manage ultra fast high-speed Internet
- Support IPv6 network for the next generation Internet
- Business Continuity by Dual WAN Load-balancing/failover
- PPPoE quota setting and MAC address filter
- Support inbound load balance
- 200 VPN tunnels for the secure remote access
- Central VPN Management (CVM)
- Support VPN Trunk failover mode
- Up-to 400Mbps site-to-site VPN throughput (IPsec)
- Advanced firewall for the network security
- SMS, Email Alert and Notification object profiles for WAN/VPN connection
- USB port supports USB temperature sensor
- Working with TR-069 based VigorACS SI for the central management
- Smart Monitor Traffic Analyzer (Up to 200 nodes)
The Vigor2960 Series serves as a VPN gateway and a central firewall for multi-site offices and tele-workers. With its high data throughput of two-Gigabit Ethernet, Dual WAN, VPN trunking and 4 Gigabit Ethernet LAN ports, the device facilitates productivity of versatile business operations. To secure communications between sites is the establishment of VPN tunnels up to 200 simultaneous tunnels.
DrayTek Vigor2960 Series - Dual-WAN Security Firewall offers:
-
Gigabit Dual WAN interface providing load-balancing and failover for high performance and business continuity
-
4-port Gigabit LAN interface for facilitating managed services applications
-
Enhanced security including:
- Object-base firewall with advance users (e.g. IP), applications (e.g. IM & P2P,) and content management (web category, keyword and URL)
- VPN connection for LAN-to-LAN (site-to-site) and Remote dial-in (client-to-site) with dynamic VPN services: IP Security (IPsec)
VPNs (Triple Data Encryption Standard [3DES] or Advanced Encryption Standard [AES]),and SSL VPN Web Proxy)
-
An 4-port 10/100/1000 Gigabit Ethernet managed switch with VLAN support (Up to 20 VLAN groups)
-
Two USB 2.0 ports for printer, file sharing* and 3.5G/4G USB mobile broadband*
-
Bandwidth Management with 8-level priority Inbound/Outbound QoS
-
IPv4/IPv6 support to protect investment
-
TR-069 Management / Working with VigorACS SI
Architecture Features and Benefits
Security without compromise
The Vigor2960 series also provides high-security firewall options with both IP-layer and content based protection. The DoS/DDoS prevention and URL/Web content filter strengthen the security outside and inside the network. The enterprise-level CSM (Content Security Management) enables users to control and manage IM (Instant Messenger) and P2P (Peer to Peer) applications more efficiently. The CSM hence prevents inappropriate content from distracting employees and impeding productivity. Furthermore, the CSM can keep office networks threat-free and available. With CSM, you can protect confidential and essential data from modification or theft.
By incorporating Commtouch's GlobalView Web Content Filter services, DrayTek ensures its customers’ networks are protected by the best available security technology.
Security
Enable real-time protection from emerging Web threats including malware, phishing and Zombies/bots
HR compliance/regulation
Prevent browsing to questionable content like pornography and hate sites
Productivity
Block or monitors sites to maximize employee productivity
Bandwidth regulation
Identify sites that consume an organization’s bandwidth (e.g. movies, music)
Enterprise-level VPN Network
With a dedicated VPN co-processor, the hardware encryption of AES/DES/3DES and hardware key hash of SHA-1/MD5 are seamlessly handled, thus maintaining maximum router performance. For remote tele-workers and inter-office links, the Vigor2960 supports up to 200 simultaneous VPN tunnels (such as IPsec/PPTP/L2TP protocols) and the VPN throughput can reach up-to 400Mbps (IPsec).
More benefits
DrayTek has implemented IPv6 on Vigor2960 to ensure a smooth migration path for the affordable but faster broadband. The WAN-IPv6-connection can be established via Static IPv6, DHCPv6 and TSPC. It also supports Open Shortest Path First (OSPF) to calculate the route metric (Up-to Version 2). There are two USB ports on Vigor2960. In addition to the function of USB printer server, you can connect a compatible 3.5G USB mobile for access to the cellular network. You can also add storage memory to the USB port of Vigor2960 in the form of a USB memory key or a USB hard drive. Then, the FTP access file uploading/downloading can be from the local LAN of Vigor2960 or from anywhere on the Internet*. It is very simple for you to deploy file depository. With user name and passwords, each of file depository can have their own directories and/or file access rights.
Working with TR-069 Central Management System
The Vigor2960 Series can be centrally managed by VigorACS SI to lower the workload of the IT Dept. The VigorACS SI centrally manages essential router features, such as LAN, WAN, WLAN or VoIP without the technician visits that improves user experience and contribute significant cost-saving. For instance, admin can schedule firmware or configuration updates for selected devices at one time. It also offers the real-time alert to notify admin when things go wrong, such as disconnected or VPN dropped via e-mail and SMS to guarantee the faster response.
Summary
Vigor2960 Series - Dual-WAN Security Firewall delivers state-of-the-art security and performance which allows enterprise small branch-office customers to optimize the usage of the high-speed broadband access. Managed service provider and system integrator can install Vigor2960 Series to give business customers a complete network solution in their remote sites.
|
WAN Protocol |
|
|
Ethernet |
PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6 |
|
Multi WAN |
|
|
Outbound Policy based Load Balancing |
Allow your local network to access Internet using multiple Internet connections with high-level of Internet connectivity availability. |
|
Two dedicated Ethernet WAN ports (10/100/1000Mbps) and 1 active fiber (SFP) slot. |
|
|
WAN fail-over or load-balanced connectivity. |
|
|
VPN |
|
|
Protocols |
PPTP, IPsec, L2TP, L2TP over IPsec. |
|
Up to 200 connections simultaneously |
LAN to LAN, remote access (teleworker-to-LAN), dial-in or dial-out. |
|
VPN trunking |
VPN load-balancing and VPN backup. |
|
LDAP/Active Directory |
Lightweight directory access protocol. The enterprises use LDAP/Active Directory authentication technology to allow administrator, IT personnel and users to be authenticated when trying to access company's intranet environment. |
|
NAT-traversal (NAT-T) |
VPN over routes without VPN pass-through. |
|
PKI certificate |
Digital signature (X.509). |
|
IKE authentication |
Pre-shared key; IKE. |
|
Authentication |
Hardware-based MD5, SHA-1. |
|
Encryption |
MPPE and hardware-based AES/DES/3DES. |
|
RADIUS client |
Authentication for PPTP remote dial-in. |
|
DHCP over IPsec |
Because DrayTek add a virtual NIC on the PC, thus, while connecting to the server via IPSec tunnel, PC will obtain an IP address from the remote side through DHCP protocol, which is quite similar with PPTP. |
|
GRE over IPsec |
Creating a virtual point-to-point link to various brands of routers at remote sites over an IP internetwork. |
|
Dead Peer Detection (DPD) |
When there is traffic between the peers, it is not necessary for one peer to send a keep-alive to check for liveness of the peer because the IPSec traffic serves as implicit proof of the availability of the peer. |
|
Smart VPN software utility |
Provided free of charge for teleworker convenience (Windows environment). |
|
Easy of adoption |
No additional client or remote site licensing required. |
|
Industrial-standard interoperability |
Compatible with other leading 3rd party vendor VPN devices. |
|
CVM |
CVM, central VPN management, manages VPN tunnels easily. |
|
Content Filter |
|
|
IM/P2P blocking |
Java applet, cookies, active X, compressed, executable, multimedia file blocking. |
|
Web content filter |
Dynamic URL filtering database. |
|
Time schedule control |
Set rule according to your specific office hours. |
|
Firewall |
|
|
Stateful Packet Inspection (SPI) |
Outgoing/Incoming traffic inspection based on connection information. |
|
Content Security Management(CSM) |
Appliance-based gateway security and content filtering |
|
Multi-NAT |
You have been allocated multiple public IP address by your ISP. You hence can have a one-to-one relationship between a public IP address and an internal/private IP address. This means that you have the protection of NAT (see earlier) but the PC can be addressed directly from the outside world by its aliased public IP address, but still by only opening specific ports to it (for example TCP port 80 for an http/web server). |
|
Port redirection |
The packet is forwarded to a specific local PC if the port number matches with the defined port number. You can also translate the external port to another port locally. |
|
Open Ports |
As port redirection (above) but allows you to define a range of ports. |
|
DMZ Port* |
-This opens up a single PC completely. All incoming packets will be forwarded onto the PC with the local IP address you set. The only exceptions are packets received in response to outgoing requests from other local PCs or incoming packets which match rules in the other two methods. -The precedence is as follows : Port Redirection > Open Ports > DMZ |
|
Policy-based IP packet filter |
The header information of an IP packet (IP or Mac source/destination addresses; source /destination ports; DiffServ attribute; direction dependent, bandwidth dependent, remote-site dependent. |
|
DoS/DDoS prevention |
Act of preventing customers, users, clients or other computers from accessing data on a computer. |
|
IP address anti-spoofing |
Source IP address check on all interfaces only IP addresses classified within the defined IP networks are allowed. |
|
Object-based Firewall |
Utilizes object-oriented approach to firewall policy |
|
Notification |
E-mail alert and logging via syslog. |
|
Bind IP to MAC address |
Flexible DHCP with 'IP-MAC binding'. |
|
User/Rule base |
User base integrates LDAP/Active Directory authentication to enforce policies.* |
|
System Management |
|
|
Web-based user interface (HTTP or HTTPS) |
Integrated web server for the configuration of routers via Internet browsers with HTTP or HTTPS |
|
Quick start wizard |
Let administrator adjust time zone and promptly set up the Internet (PPPoE, PPTP, Static IP, DHCP). |
|
User management |
Dial-in access management (PPTP/L2TP and mOTP) . |
|
CLI(Command Line Interface, Telnet/SSH) |
Remotely administer computers via the telnet. |
|
DHCP client/relay/server |
Provides an easy-to configure function for your local IP network. |
|
Dynamic DNS |
When you connect to your ISP, by broadband or ISDN you are normally allocated an dynamic IP address. i.e. the public IP address your router is allocated changes each time you connect to the ISP. If you want to run a local server, remote users cannot predict your current IP address to find you. |
|
Administration access control |
The password can be applied to authentication of administrators. |
|
Configuration backup/restore |
If the hardware breaks down, you can recover the failed system within an acceptable time. Through TFTP, the effective way is to backup and restore configuration between remote hosts. |
|
Port-based VLAN |
Create separate groups of users via segmenting each of the Ethernet ports. Hence, they can or can't communicate with users in other segments, as required. |
|
Built-in diagnostic function |
Dial-out trigger, routing table, ARP cache table, DHCP table, NAT sessions table, data flow monitor, traffic graph, ping diagnosis, trace route. |
|
NTP client/call scheduling |
The Vigor has a real time clock which can update itself from your browser manually or more conveniently automatically from an Internet time server (NTP). This enables you to schedule the router to dial-out to the Internet at a preset time, or restrict Internet access to certain hours. A schedule can also be applied to LAN-to-LAN profiles (VPN or direct dial) or some of the content filtering options. |
|
Tag-based VLAN (802.1Q) |
By means of using a VLAN ID, a tag-based VLAN can identify VLAN group membership. The VLAN ID provides the information required to process the traffic across a network.Furthermore, the VLAN ID associates traffic with a specific VLAN group. |
|
Firmware upgrade via TFTP/HTTP/TR-069 |
Using the TFTP server and the firmware upgrade utility software, you may easily upgrade to the latest firmware whenever enhanced features are added. |
|
User Management |
Dial-in access management (PPTP/L2TP and mOTP) and LDAP/Active Directory integration. |
|
Remote maintenance |
With Telnet/SSL, SSH (with password or public key), browser (HTTP/HTTPS), TFTP or SNMP, firmware upgrade via HTTP or TFTP. |
|
Wake On LAN |
A PC on LAN can be woken up from an idle/stand by state by the router it connects when it receives a special 'wake up' packet on its Ethernet interface. |
|
Logging via syslog |
Syslog is a method of logging router activity. |
|
SNMP management |
SNMP management via SNMP v1/v2, MIB II. |
|
VigorACS SI Centralized Management |
TR-069 based |
|
External Device |
Auto-detection mechanism to manage Vigor devices such routers/ switches/APs |
|
Smart Monitor Traffice Analyzer |
Support 200 PC Users |
|
Bandwidth Management |
|
|
Traffic Shaping |
Dynamic bandwidth management with IP traffic shaping |
|
Bandwidth reservation |
Reserve minimum and maximum bandwidths by connection based or total data through send/ receive directions. |
|
DiffServ codepoint classifying |
Priority queuing of packets based on DiffServ. |
|
4 Priority Levels(Inbound/Outbound) |
Prioritization in terms of Internet usage |
|
Individual IP bandwidth/session limitation |
Define session /bandwidth limitation based on IP address. |
|
Bandwidth Borrowing |
Transmission rates control of data services through packet scheduler |
|
User-defined class-based rules |
More flexibility. |
|
Routing functions |
|
|
Router |
IP and NetBIOS/IP-multi-protocol router. |
|
Advanced routing and forwarding |
Complete independent management and configuration of IP networks in the device, i.e. individual settings for DHCP, DNS, firewall, VLAN, routing, QoS etc. |
|
DNS |
DNS cache/proxy. |
|
DHCP |
DHCP client/relay/server. |
|
NTP |
NTP client, automatic adjustment for daylight-saving time. |
|
Policy-based Routing |
Based on firewall rules, certain data types are marked for specific routing, e.g. to particular remote sites or lines. |
|
Dynamic routing |
It is with routing protocol of RIP v2/OSPFv2/V3*. Learning and propagating routes. |
|
Static routing |
An instruction to re-route particular traffic through to another local gateway, instead of sending it onto the Internet with the rest of the traffic. A static route is just like a 'diversion sign' on a road. |
|
Content Filter |
|
|
URL Keyword Blocking |
Whitelist and Blacklist |
| Web Content Filter | Dynamic URL filtering database |
| Time Schedule Control | Set rule according to your specific office hours |
|
Internet CSM (Content Security Management) Featuring |
|
|
|
|
Hardware |
|
|
LAN |
2 x 10/100/1000M Base-TX LAN switch, RJ-45 |
|
WAN |
4 x 10/100/1000M Base-TX WAN switch, RJ-45 |
|
Reset |
1 x factory reset button |
|
USB |
2 x USB host 2.0 |
|
Support |
|
|
Warranty |
2-year limited warranty, technical support through e-mail and Internet FAQ/application notes. |
|
Firmware upgrade |
Free firmware upgrade from Internet. |
*Firmware Upgradeable
- All specifications are subject to change without notice. Please check with your supplier for exact offers. Products may not be available in all markets.
- PCB color and bundled software versions are subject to change without notice.
- Brand and product names mentioned are trademarks of their respective companies.
|
Hardware Interface of Vigor2960
|
||||
| Hardware Interface | 4 x 10/100/1000Based-Tx LAN Switch, RJ-45 | |||
| 2 x 10/100/1000Based-Tx WAN1 Port, RJ-45 | ||||
| 1 x Factory Reset Button | ||||
| 2 x USB Host 2.0 (for Printer / 3.5G USB Modem) | ||||
|
Declaration of Conformity
|
 |
|||
 |
||||
|
Temperature
|
Operating : 0°C ~ 45°C | |||
| Storage : -25°C ~ 70°C | ||||
| Humidity | 10% ~ 90% ( non-condensing ) | |||
| Max. Power | 19 Watt | |||
| Dimension | L273 * W176 * H46 ( mm ) | |||
| Power | AC100-240V/ 1.0A | |||
Vigor2960 Series for Enterprise Small Branch-Office Deployment
Features and Benefits of Vigor2960 Seires
Business Continuity
The CVM (Central VPN Management) of Vigor2960
Security & Firewall
Extendability
Data Sheet: Download