DRAYTEK Vigor 2955 Dual WAN Broadband High Performance VPN Router

Çok yüksek performanslı yeni nesil iki adet (Dual) WAN portu bulunan
Load Balance ve Fail Over yapabilen kurumsal bir Security Gateway 'dir.
ADSL, Kablo Internet, Metro veya Leased Line arkasında paylaşım ve
Firewall özellikleri ile Ağ güvenliğiniz sağlar. Cihaz üzerinde 200
adet VPN Tünel ve aynı anda 50 adet SSL VPN Tunel destekler. 5 adet (4
adet LAN, 1 adet Miror) Giga LAN portu, 2 adet WAN portu mevcuttur.
SMARTMONITOR (100 PC) Destekler. Quedra Log Monitor destekler. USB
Portunda 3,5G Modem ile Backup.
Teknik Özellikler
Hardware Interface
• LAN: 5-port 10/100/1000 base-T switch
• WAN: 2-port 10/100 base-TX Ethernet
• USB: 1-port USB 1.1
WAN Protocol
• Ethernet: PPPoE, PPTP, DHCP client, static IP, L2TP, BPA
Dual WAN
• Outbound Policy Based Load Balance
- Allow your local network to access Internet using multiple Internet
connections with high-level of Internet connectivity availability
- Two dedicated Ethernet WAN ports (10/100Mb/s)
- WAN fail-over or load-balanced connectivity
• Bandwidth on Demand: service/IP based preference rules or auto-weight
VPN
• Protocols: PPTP, IPSec, L2TP, L2TP over IPSec
• Up to 200 sessions simultaneously : LAN to LAN, remote access
(teleworker-to-LAN), dial-in or dial-out
• VPN Trunking: VPN load-balancing and VPN backup
• SSL VPN: Allow users to use a web browser for secure remote user
login tunnel mode, application mode, proxy mode and SSTP
• LDAP: Lightweight directory access protocol. The enterprises use LDAP
authentication technology to allow administrator, IT personnel and
users to be authenticated when trying to access company's intranet
environment.
• VPN Throughput: 50Mbps
• NAT-Traversal (NAT-T): VPN over routes without VPN pass-through
• PKI certificate: Digital signature (X.509)
• IKE Authentication: Pre-shared key: IKE phase 1 aggressive/standard
modes & phase 2 selectable lifetimes
• Authentication: Hardware-based MD5, SHA-1
• Encryption: MPPE and hardware-based AES/DES/3DES
• RADIUS Client: Authentication for PPTP remote dial-in
• DHCP over IPSec: Because DrayTek add a virtual NIC on the PC, thus,
while connecting to the server via IPSec tunnel, PC will obtain an IP
address from the remote side through DHCP protocol, which is quite
similar with PPTP
• Dead Peer Detection (DPD): When there is traffic between the peers,
it is not necessary for one peer to send a keep-alive to check for
liveness of the peer because the IPSec traffic serves as implicit proof
of the availability of the peer
• Smart VPN software Utility: Provided free of charge for teleworker
convenience ( Windows environment)
• Easy of Adoption: No additional client or remote site licensing
required
• Industrial-standard Interoperability: Compatible with other leading
3rd party vendor VPN devices
Firewall
• Stateful Packet Inspection (SPI): Outgoing/Incoming traffic
inspection based on connection information
• Content Security Management (CSM): Appliance-based gateway security
and content filtering
• Multi-NAT: You have been allocated multiple public IP address by your
ISP. You hence can have a one-to-one relationship between a public IP
address and an internal/private IP address. This means that you have
the protection of NAT(see earlier) but the PC can be addressed directly
from the outside world by its aliased public IP address, but still by
only opening specific ports to it (for example TCP port 80 for an
http/web server)
• Port Redirection: The packet is forwarded to a specific local PC if
the port number matches with the defined port number. You can also
translate the external port to another port locally.
• Open Ports: As port redirection (above) but allows you to define a
range of ports
• DMZ Host: This opens up a single PC completely. All incoming packets
will be forwarded onto the PC with the local IP address you set. The
only exceptions are packets received in response to outgoing requests
from other local PC or incoming packets which match rules in the other
two methods. The precedence is as follows : Port Redirection > Open
Ports > DMZ
• Policy-based IP Packet Filter: The header information of an IP packet
(IP or MAC source/destination addresses; source/destination ports;
DiffServ attribute; direction dependent, bandwidth dependent,
remote-site dependent.
• DoS/DDoS Prevention: Act of preventing customers, users, clients or
other computers from accessing data on a computer
• IP Address Anti-spoofing: Source IP address check on all interface:
only IP address classified within the defined IP networks are allowed
• Object-based Firewall: Utilizes object-oriented approach to firewall
policy
• Notification: E-mail alert and logging via syslog
• Bind IP to MAC Address: Flexible DHCP with 'IP-MAC binding.
USB
• 3.5G USB Modem (USB 3.5G backup only for WAN1)
• Printer Sharing
Content Filter
• URL Keyword Blocking: Whitelist and Blacklist, Java applet, cookies,
active X, compressed, executable, multimedia file blocking
• Web Content Filter: Dynamic URL filtering database
• Time Schedule Control: Set rule according to your specific office
hours
System Management
• Web-based User Interface ( HTTP/HTTPS):
• Draytek's Quick Start Wizard: Let administrator adjust time zone and
promptly set up the Internet (PPPoE, PPTP, Static IP, DHCP)
• User Administration: RADIUS user administration for dial-in access
(PPP/PPTP)
• CLI (Command Line Interface, Telnet/SSH): Remotely administer
computers via the telnet
• DHCP Client/Relay/Server: Provides an easy-to configure function for
your local IP network
• Dynamic DNS: When you connect to your ISP, by broadband you are
normally allocated an dynamic IP address. i.e. the public IP address
your router is allocated changes each time you connect to the ISP. If
you want to run a local server, remoter users cannot predict your
current IP address to find you
• Administration Access Control: The password can be applied to
authentication of administrators.
• Configuration Backup/Restore: If the hardware breaks down, you can
recover the failed system within an acceptable time. Through TFTP, the
effective way is to backup and restore configuration between remote
hosts.
• Port-based VLAN: Create separate groups of users via segmenting each
of the Ethernet ports. Hence, they can or can't communicate with users
in other segments as required
• Built-in Diagnostic Function: Dial-out trigger, routing table, ARP
cache table, DHCP table, NAT sessions table, data flow monitor, traffic
graph, ping diagnosis, trace route
• NTP Client/Call Scheduling: The Vigor has a real time clock which can
update itself from your browser manually or more conveniently
automatically from an Internet time server (NTP). This enables you to
schedule the router to dial-out to the Internet at a preset time, or
restrict INternet access to certain hours. A schedule can also be
applied to LAN-to-LAN profiles (VPN or direct dial) or some of the
content filtering options
• Firmware Upgrade via TFTP/HTTP/FTP: Using the TFTP server and the
firmware upgrade utility software, you may easily upgrade to the latest
firmware whenever enhanced features are added
• Remote Maintenance: With Telnet/SSL, SSH (with password or public
key), browser (HTTP/HTTPS). TFTP or SNMP, firmware upgrade via
HTTP/HTTPS or TFTP.
• Wake On LAN: A PC on LAN can be woken up from an idle/stand by state
by the router it connects when it receives a special 'wake up' packet
on its Ethernet interface.
• Logging via Syslog: Syslog is a method of logging router activity
• SNMP Management: SNMP management via SNMP V2, MIB II
Bandwidth Management
• Traffic Shaping: Dynamic bandwidth management with IP traffic shaping
• Bandwidth Reservation: Reserve minimum and maximum bandwidths by
connection based or total data through send/receive directions
• Packet Size Control: Specify size of data packet
• DiffServ Codepoint Classifying: Priority queuing of packets based on
DiffServ
• 4 Priority Levels (Inbound/Outbound): Prioritization in terms of
Internet usage
• Individual IP Bandwidth/Session Limitation: Define session/bandwidth
limitation based on IP address
• Bandwidth Borrowing: Transmission rates control of data services
through packet scheduler
• User-defined Class-based Rules: More flexibility
Routing Functions
• Router: IP and NetBIOS/IP-multi-protocol router
• Advanced Routing and Forwarding: Complete independent management and
configuration of IP networks in the device, i.e. individual settings
for DHCP, DNS, firewall, VLAN, routing, QoS etc
• DNS: DNS cache/proxy
• DHCP: DHCP client/relay/server
• NTP: NTP client, automatic adjustment for daylight-saving time
• Policy-based Routing: Based on firewall rules, certain data types are
marked for specific routing, e.g. to particular remote sites or lines
• Dynamic Routing: It is with routing protocol of RIP v2. Learning and
propagating routes; separate settings for WAN and LAN
• Static Routing: An instruction to re-route particular traffic through
to another local gateway, instead of sending it onto the Internet with
the rest of the traffic. A static route is just like a 'diversion sign'
on a road
Content Security Management Featuring
• URL keyword filtering - whitelist or blacklist specific sites or
keyword in URLs
• Block web sites by category (subject to subscription)
• Prevent accessing of web sites by using their direct IP address (thus
URLs only)
• Blocking automatic download of Java applets and Active X controls
• Blocking of web site cookies
• Block http downloads of file types (binary, compressed, multimedia)
• Time schedules & exclusions for enabling/disabling these restrictions
• Block P2P (Peer-to-Peer) file sharing programs (e.g. Kazaa, WinMX
etc.)
• Block Instant messaging programs (e.g. IRC, MSN/Yahoo Messenger)