Vigor 2960 Series Router Firewall

£ 476.04 476.04 GBP

£ 396.70

Add to Cart

High-Performance SSL VPN Router/Firewall

The Vigor 2960 Series serves as a VPN gateway and a central firewall for multi-site offices and tele-workers. With its high data throughput of two-Gigabit Ethernet Dual WAN VPN trunking and 4 Gigabit Ethernet LAN ports the device facilitates productivity of versatile business operations. To secure communications between sites is the establishment of VPN tunnels up to 200 simultaneous tunnels.

Physical Interfaces

  • LAN: 4-port Gigabit (10/100/1000 Base-T)

  • WAN: 2-port Gigabit (10/100/1000 Base-T) Ethernet

  • USB: 2 USB 2.0 Ports (for flash storage and 3G)

  • WAN Protocols: PPPoE, PPTP, DHCP Client, Static IP

  • Load Balancing: Policy based or automatic

  • WAN Failover: Switch to other connection when primary WAN lost

VPN Services

  • Remote Dial In Teleworker Protocols

    • PPTP

    • IPSec

    • L2TP

    • L2TP over IPSec

    • SSL VPN

  • LAN to LAN VPN Tunnel Protocols:

    • PPTP

    • IPSec

    • SSL VPN

    • GRE (LAN to LAN Tunnel)

  • Up to 200 simultaneous tunnels (LAN-to-LAN or Teleworker-to-LAN)

  • PPTP Acceleration (90Mbps with encryption, 400Mbps without encryption)

  • Dial-in and Dial-out supported

  • VPN Trunking: allows alternative failover route or multiple tunnels to the same destination to increase capacity/throughput

  • Multiple SA (Security Association) IPsec VPN support: send multiple Local and Remote subnets through one VPN tunnel

  • Teleworker - Remote Dial-In VPN Features:

    • LDAP/Active Directory: Teleworker VPNs can be authenticated by a LDAP/AD server

    • XAuth authentication support for IPsec Remote Dial-In Teleworker VPN tunnels

    • Radius Client: Authentication for Remote Dial-In Teleworkers

    • Scheduled Remote Dial-In VPN - configure times that specified Teleworkers are allowed to Dial In

    • DrayTek Smart-VPN Software utility

  • IPsec IKE Protocols:

    • IKEv1

    • IKEv2

  • IPsec IKE Authentication:

    • Pre-shared key (PSK)

    • PKI Certificate (RSA): Use X.509 Digital Signatures

    • Phase 1 Main Mode or Aggressive Mode

    • Phase 2 selectable lifetimes

  • Encryption:

    • Hardware-based AES (128, 192, 256 bits)

    • Hardware-based DES/3DES (56 & 168 bits)

    • Hardware-based MD5, SHA-1 & SHA-256

    • MPPE (40 or 128 bits)

  • IKE Phase 1 DiffieHelman Groups 1,2,5 & 14

  • IKE Phase 2 DiffieHelman Groups 1,2,5 & 14 (will match phase 1 selection)

  • DHCP over IPSec

  • GRE over IPSec

  • Dead-Peer-Detection (DPD)

  • NAT-Traversal (NAT-T): VPN over routes without VPN Passthrough

  • No extra licencing or additional VPN client costs.

  • Interoperability : Compatible with other 3rd party VPN devices


  • Stateful Packet Inspection (SPI)

  • Content Security Management (CSM)

  • Multi-NAT: Set one-to-one mappings between your private and public IP addresses

  • NAT Port Forward Features:

    • Port Redirection - 256 entries with 16 port ranges per entry

    • DMZ Host

    • Server Load Balance & Inbound Load Balance

  • SIP Application Layer Gateway (ALG)

  • H.323 Application Layer Gateway (ALG)

  • Policy-based IP Packet Filter. Fully configurable policies based on IP address, MAC address (source or destination), DiffServ attribute, direction, bandwidth, remote site

  • DoS/DDoS Protection

  • IP Address Anti-spoofing

  • Object-Based Firewall

  • Notification: Email alerts and logs to syslog

  • Bind IP to MAC address

  • User-Controlled Rules: Interrogates LDAP server to permit access or enforce policies

  • DNSSEC support

  • LAN DNS Features:

    • Control DNS resolution for A and CNAME records for configured hostnames

    • Wildcard support

    • Conditional Forwarding to specified DNS Server(s)

Web Content Filtering & CSM

  • URL Keyword Blocking: Blacklist or Whitelist

  • Content Type Blocking: Java applet, cookies, Active-X

  • Application Enforcement (APPE): IM, P2P, Protocol, Tunnelling, Streaming, Remote Cotnrol, Wed HD

  • Auto APPE Signature Upgrade

  • Block P2P Applications (inc. Kazza, WinMX, Bittorrent)

  • Block Instant messagingBlock access of web sites by direct IP address (thus URLs only)

  • Block HTTP download of compressed, executable or multimedia files

  • Web Content Filter: GlobalView filtering of 64 web site categories (e.g. adult, gambling sites etc.). subscription required (free trial included)

  • Time Scheduling: Blocking rules can be activated based on time schedules

User Management

  • Manage account features through User Profiles - VPN, PPPoE, Web Portal, FTP, Samba

  • Internal RADIUS Server

  • External LDAP / Active Directory server authentication with SSL support

  • External RADIUS server authentication

  • PPPoE Server

  • Guest Profiles with Guest Account Generator

  • Web Portal Features:

    • User Authentication for Internet access with Time Quotas

    • SMS Authentication (requires SMS provider)

    • Web Portal Login Page Customisation

    • Login History