Draytek Vigor 2910 Dual WAN Security Router
Contents
1. A VPN Virtual Private Network is a method for using a public network Internet to carry private data between offices or from teleworkers to office The Vigor2910 can act as a VPN concentrator endpoint for up to 32 remote sites i e running 16 simultaneous tunnels to remote locations either single teleworkers or remote networks offices The VPNs use induststry standard protocols including IPSec PPTP and with high level encryption including 3DES AES and MPPE No additional licences are needed for users Cross compatibility with with common Microsoft Windows and MacOS VPN software clients is supported as well as compatibility with many other 3rd party VPN vendor s products including Cisco Pix Nokia Sonicwall Checkpoint Juniper and Watchguard For more details on VPN see DrayTek VPN Vigor2910 Enhanced Firewall The Vigor2910 includes full packet level firewall facilities and also employs stateful packet inspection recording for both NAT and non NAT IP routed modes A default deny Fillar Sat i Rula i policy means that any packet arriving which Corrernarts Block Metin Click to enable the Filter Rule appears unsolicited won t get through to your Pass or Block Branch to Other Fitter Set LAN The Vigor2910 series also features Uoc immedi __ None E automatic selectable protection from Duplicate to LAN M Log Dos DDos Denial of Service Distributed Denial of Service attacks and IP anti Directio2. True DMZ for WAN IP Address Passthrough New e QoS Quality of Service assurance with 8 selectable levels amp Diffserv support e Internet Content Filtering O OOO OO O O URL Keyword Filtering Whitelist or Blacklist specific sites or keywords in URLS Surfcontrol Support Block Web sites by category subject to subscription Prevent accessing of web sites by using their direct IP address thus URLs only Blocking automatic download of Java applets and ActiveX controls Blocking of web site cookies Block http downloads of file types 7 Binary Executable EXE COM BAT SCR PIF m Compressed ZIP SIT ARC CAB ARJ RAR 7 Multimedia MOV MP3 MPEG MPG WMV WAV RAM RA RM AVI AU Time Schedules for enabling disabling these restrictions Block P2P Peer to Peer file sharing programs e g Kazza WinMX etc Block Instant Messaging programs e g IRC MSN Yahoo Messenger o VPN facilities O oo0000000000 High performance VPN supports up to 32 simultaneous VPN tunnels Dial in or dial out LAN to LAN or Teleworker to LAN Protocol support for PPTP L2TP IPSec MD 5 amp SHA 1 Authentication Encryption MPPE DES 3DES amp AES Hardware Co processor for VPN Encryption PFS Perfect Forward Secrecy Adds additional key protection Pre shared IKE keying amp PKI X 509 certificate support IKE Phase 1 Agressive Standard Modes amp Phase 2 Selectable lifetimes Radius Suppo
3. details of VLAN see here For the wireless models wireless VLANs can also be specified with groups common exclusive to wired and wireless clients Printer Port The USB port on the back of the router allows you to connect most standard USB based printers and then print to them from any Windows98SE XP 2000 PC using built in O S support from any application thus not needing to have a particular PC provide the printer sharing to its peers Wireless I nterface The Wireless interface on the Vigor2900VG enables wireless connection of PCs and supports Atheros Super G for total wireless bandwidth of up to 108Mb s Support for regular 802 11g and 802 11b is also provided Twin extra gain aerials provide an additional gain ensuring maximum coverage range and signal diversity higher gain aerials are available as an optional extra The wireless clients can be segmented into wireless VLANs to create common or distinct groups and multiple levels of security lock down access even further see later WDS Wireless Distribution System WDS provides two modes of operation to expand the Wireless range of your LAN Where you install two or more compatible wireless routers the WDS enabled router becomes a satellite slave to the main base In Repeater Mode the slave unit is within range of the main base unit and then repeats the main wireless Signal into its own coverage area this can effectively double the total range of the network depe
4. the same facilities as the standard Vigor2900VG model but has an ISDN interface in addition This can connect to any ISDN2e or BT Highway Midband line The ISDN interface provides dial backup in the event of your main Internet feed being interrupted Alternatively the ISDN interface can be used on its own if you do not have a boradband feed to connect to the Vigor2900 both for shared internet access and direct dial ISDN LAN to LAN Wide Area Networking Vigor 2910 Series Product Highlights Combination Ethernet router VPN Device Firewall and Load Balancer Primary Ethernet WAN Interface Selectable secondary WAN Interface New Load Balancing across both WAN ports with automatic or user defined policies New WAN Backup using secondary WAN in case of fisr WAN failure New Four Port 10 100BaseT autosensing Ethernet interface with manual speed over ride one port switchable to WANZ2 port e Printer Port built in USB port compatible with most standard printers and any Windows 98SE 2000 or XP client PC e Internet Firewall facilities featuring Automatic Keep state facility for tracking packets and denying unsolicitied incoming data O Selectable DoS DDoS protection IP Address anti spoofing OO O 0 OO User configurable packet filtering with new Object Manager New NAT PAT for Automatic LAN WAN Mapping and Security NAT Port Redirection with automatic internal ranging New NAT Port Forwarding Up to 200 IP ports New
5. DrayTek Vigor2910 Vigor2910VG Router Dual WAN Security Firewall amp VPN Device with Printer Port and optional Vol P amp Wireless LAN The Vigor2910 is a high performance firewall and VPN device providing up to 32 simultaneous VPN tunnels for branch office linking or teleworkers In addition sophisticated firewalling is provided making the Vigor2910 a comprehensive and feature packed firewall device to increase both security flexibility and performance of your network Internet connectivity Security features are packed into every area of the Vigor2910 s functions Dual Ethernet WAN Interfaces The primary WAN interface the connection to the outside world is 10 100BaseT Ethernet This can connect to any Ethernet based router IP or Internet feed which might typically be fed via Leased Line cable modem ADSL Satellite system anything which is then terminated in Ethernet In addition one of the LAN Ethernet ports can be selected as a secondary WAN Internet Interface The second interface can be used as backup failover for the primary WAN port load balancing or for bandwidth aggregation This allows you to use two Internet feeds simulataneously to provide higher total capacity aggregation or rule based routing over two feeds load balancing If you do not have a second WAN feed you can use the 2nd WAN port as a regular LAN port instead WAN WAN B ackup Balance Primary LAN to LAN VPN Services
6. ance The Vigor2910 supports selectable QoS Quality of Service This enables you to select specific protocols services to have guaranteed levels of your Internet bandwidth For example if you need POP3 email to have priority you could specify that 50 of your available bandwidth is guaranteed for POP3 email When the bandwidth is not being used by POP3 it is still available for all other traffic The Vigor2910 s QoS facility provides flexibility you can set several groups of services to have different priorities data directions and bandwidth reservations Content Filtering The Vigor2910 also helps protect against internal Internet abuse with its content filter i Content Filter Setup which can block specified sites according to matched keywords which you specify i e F Enable URL Access Control Prohibit browsing by IP keywords within URLs You can alternatively set the router to only allow access to specific Blocking Keyword List pre set site all other sites are blocked No ACT Keyword Additionally you can block J ava Activex applet downloads cookies as well as HTML 1 yahoo hotmail download of specific file types e g ZIP EXE multimedia etc This all provides a deterrent gt i google altavista mp3 to internal abuse of your Internet resources een and re inforce your local Internet user TH ermal annia b policies for staff or family members For specific categories filtering the Vigor2910 also provid
7. es integration with the Surfcontrol service allowing you to block werb surfing by categories e g adult material gambing etc based on Surfonctrol s online database of millions of sites Surfcontrol is provided as a free trial to test and a subscription service thereafter provided by Surfcontrol directly current cost est from 25 per year Peer to Peer file sharing Applications Blocking To protect your Internet connection from Protocol Applications abuse or your users from unsuitable content you can block popular Peer to Peer applications as well as Instant Messaging software You can set a time schedule so that eDonkey eDonkey eMule Shareaza the activities are allowed at only certain times of day MLDonkey solos Instant Messenger Applications Blo FastIrack Kaza iMesh MLDonkey Block MSN Messenger C Block Yahoo Messenger Block ICO AM AOL Ih BearShare nucleus Limewire Phe r Swapper olos Shareaza MLOonke BitTorrent BitTorrent Time Schedulejs ao E Time Schedules not OT Virtual LAN VLAN The Vigor 2910 s VLAN facility enables you to segment each of the router s four RJ 45 Ethernet ports so that each is a separate virtual LAN You can create VLAN groups which include or exclude any of the ports so that groups departments and companies can communicate with each other or not For example two companies could share the same broadband feed without having access to each other s networks For more
8. n MM E Protocol any spoofing User definable filters also allow you to add additional protection to your DP Address Subret Mask Start Port End Port connection see right a new object oriented sie I TERETE E hx ha Z system makes specifying flexible filter sets Destination asems e easier and more flexible For added i confidence potential or foiled attacks are l keap State Source Rowe fragmente Dont Cane logged and can be reported via the router s syslog facility or emailed to you by the router Voice Over I P Vol P Features The Vigor2910VG model adds twin phone ports for VolP Voice over IP VolP enables you to use your existing broadband capacity to carry regular voice calls to suitably equipped remote sites for example another Vigor VolP enabled router or to other compatible hardware software products The DrayTek supports the open SIP standard for compatibility with other vendors produdcts Broadband Broadband The calls between the two sites in the example above are of course free of charge because they are making use of your existing always on ADSL connection but cost isn t the only advantage using VOIP means that you have additional call capacity in your home or office without tying up your regular phone line Using a Vol P PSTN gateway service such as DrayTEL you can also fully integrate with the PSTN making and receiving calls to and from any regular phone number worldwide Selectable QoS Assur
9. nding on the environment In WDS Bridge mode two physically separated LAN can be joined wirelessly in order than they can communicate with each other This is ideal where two offices need to be linked but a cable cannot be run e g across a road For more information about WDS see here Wireless VLAN amp Rate Control As with the VLAN facility on the wired RJ 45 ethernet ports the Wireless VLAN facility enables you to create groups of LAN clients which are common can communicate with each other or distinct cannot communicate with each other whilst still allowing Internet access to all clients Wireless VLAN Groups can be combined with VLAN groups on the wired ports too Wireless Rate Control allows you to limit the wireless rate that a particular wireless client can use Extensive Wireless Security The Vigor2910VG models support industry standard WEP encryption WPA and WPA2 encyption methods For enterprise level control 802 1x authentication is also supported operating with your own Radius server In addition you can add VPN over WLAN to increase the level of wireless encryption using DES 3DES encryption Finally you can lock the router down further so if the unique hardware MAC address of the wireless client is not in the allow list the client is also denied access as well as pre set DHCP allocations and block any other devices which attempt to connect Optional ISDN Interface The Vigor2900VGi model offers all of
10. ndom Early Detection G 168 Line Electrical Echo cancellation amp Jitter Buffer 125 ms Support for VolP through VPN tunnels Built in Call Handling PBX Facilities 7 Intercom call between local voice phone ports New m SIP Compliant Call Diversion Forwarding Always Busy or No Answer 7 DND Do Not Disturb with automatic time schedule New z Call Waiting New 7 Call Transfer New T 38 Fax Facilities New Outbound NAT Proxy STUN Server Support e Wireless Features Vigor2910VG only O 802 11g Super G Wireless LAN Total bandwidth up to 108Mb s New O Twin gain aerials provide diversity and optimum coverage O Optional Higher Gain Aerials see here Backward compatible with 802 11b 11Mb s and regular 802 11g 54Mb s standards Wireless Security Features WEP WPA and WPA2 Wireless Security amp Encryption New VPN over WLAN Encrypted Tunnelling 7 WLAN Isolation Isolate WLAN from wired LAN New 5 SSID Stealthing 7 Restricted access list for clients by MAC address Time Scheduling WLAN can be disabled at certain times of day m 802 1x User Authentication via Radius Server EAP TLS Mode New O WDS Wireless Distribution system for WLAN Bridging and Repeating see here New O Wireless Client Rate control New O Wireless VLAN Set inclusive Exclusive wireless groups New O Active Client list in Web Interface e ISDN Features Vigor2910VGi only Compatible with ISDN2e BT s Home Bu
11. rt for dial in teleworker profiles Compatible with other leading 3rd party vendor VPN devices For further details about Vigor VPN click here e VolP Facilities Vigor2910V Vigor2910VG only o0000000000O OOO OOO O 0 0 0 0 O O Voice calls carried over existing ADSL connection Two VOIP ports RJ 11 to BT type sockets Automatic QoS Assurance for Voice over IP Calls VolP given highest priority SIP Standard Compliant VoIP Codecs 8Kb s 64Kb s Registration with multiple different SIP Registrars at the same time New Distinctive Ring for incoming calls on different accounts New Automatically select different SIP providers depending on destination called New Manually select SIP provider for outgoing calls by user defined prefix New Hotline Facility connects to a fixed destination when you lift the handset New Do Not Disturb Phones can be set to not ring according to a time schedule e g at night New Speed Dial Phone Book for quick dialling Caller ID on phone ports UK Standard Compliant New Integration with the PSTN via ITSP e g DrayTel enabling you to make recieve calls from regular phone lines Connect any standard analogue phone into the phone ports UK Standard Call progress Tones Ring Busy cadence etc Adjustable Gain volume for voice tx rx Log of incoming outgoing calls amp realtime Status reporting DTMF Transmission In Band Out of Band RFC2833 SIP Info Low latency queuing LLQ Ra
12. siness Highway amp BT Midband lines Uses ISDN for shared Internet access dial on demand Support for 64Kb s and 128Kb s Multilink PPP Automatic ISDN backup for Internet access during WAN port broadband failure Bandwidth on demand automatically switches between 64Kb s and 128Kb s Direct ISDN Dial up LAN to LAN connectivity to another ISDN site Remote teleworker direct dial in access to your LAN from a remote ISDN line Remote activation of ISP dial up dials ISP on receipt of recognised Caller ID Dynamic DNS Posting compatible with popular services DHCP Server facility with pre settable allocations and alien lock out Support for non NAT public subnets multiple public IP addresses LAN Side IP address range and built in DHCP server relay is fully configurable RIP amp Static Routing configurable Diagnostic Facilities O SNMP Reporting Monitoring compatible with industry standard tools O Comprehansive Syslog logging monitoring DrayTek Syslog tool supplied O Ping amp TraceRoute from WUI New Real Time Data Flow Monitor with instant block cut of any user immediately New VPN Passthrough for VPN client server running behind the router Oo O OO OO GO On the Vigor2910VG the Wireless interface can be turned off and you do not have to use VoIP A version of the Vigor2910VG without VoIP Vigor2900G or without Wireless LAN Vigor2910G is also available to special order if they are particularly required
Download Pdf Manuals
Related Search