Vigor 2952 Dual-WAN High Performance
Vigor 2952 Dual-WAN Router Firewall & Load Balancer
The Vigor 2952 is a router/firewall with two Gigabit Ethernet WAN ports, providing load balancing or failover for up to two WAN connections. WAN1 can be selected as either RJ-45 or SFP format (SFP is for fibre modules). There are four LAN RJ-45 ports (Gigabit).
The Vigor 2952 is a router/firewall with two Gigabit Ethernet WAN ports, providing load balancing or failover for up to two WAN connections. WAN1 can be selected as either RJ-45 or SFP format (SFP is for fibre modules). There are four LAN RJ-45 ports (Gigabit). The Vigor 2952 runs DrayTek's own DrayOS operating system, providing familiarity for users of other existing DrayTek products.
Robust & Comprehensive Firewall
Security is always taken seriously with DrayTek routers. The firewall protects against attacks including DoS (Denial of Service) attacks, IP-based attacks and access by unauthorised remote systems. Wireless, Ethernet and VPN are also protected by various protection systems. The DrayTek object-based firewall allows even more setup flexibility than ever, enabling you to create combinations of users, rules and restrictions to suit multi-departmental organisations. The Vigor 2952 now also allows selective direction firewall rules of LAN to WAN, WAN to LAN or LAN to VPN. In addition, QoS (Quality of Service Assurance) can now be selectively applied to specific users.
For mission critical applications, a pair of Vigor 2952's can be set up in high-availability mode - also known as 'hardware failover'. This removes the Vigor 2952 as a single point of failure if it ceases operation or is damaged - the standby router takes over operations.
Web Content Filtering
The content control features of the Vigor 2952 allows you to set restrictions on web site access, blocking download of certain file or data types, blocking specific web sites with whitelists or blacklists, blocking IM/P2P applications or other potentially harmful or wasteful content. Restrictions can be per user, per PC or universal. Using DrayTek's GlobalView service, you can block whole categories of web sites (e.g. gambling, adult sites etc.), subject to an annual subscription to the Cyren Globalview service, which is continuously updated with new or changed site categorisations or sites which have become compromised (such as infected with Malware). A free 30-day trial is included with your new router.
The Vigor 2952 has built-in user management which allows you to provide conditional internet access to different users based on their own unique login (stored in the router, or on an external Radius server) and including the restrictions of web content filtering too.
3G/4G Cellular Data Features
The Vigor 2952's USB port can host a compatible 3G/4G/LTE USB modem for access to the cellular network for full Internet Access as your primary or failover WAN connectivity.
Network Attached Storage (NAS)
Either of the Vigor 2952's USB ports can also be used to add storage memory to the unit in the form of a USB memory stick. That memory can be used for recording syslogs or accessed as a simple FTP/file storage for users, local or remote (password protected). Requires a USB memory stick (up to 64Gb, FAT32 formatted).
WAN Load Balancing & Backup
The Vigor 2952's two WAN interfaces can be used either for WAN-Backup or load balancing. Each of the 2 WAN Ethernet ports can be connected to any Ethernet-based Internet connection, such as a DSL modem, cable modem, leased line etc. One port can use an SFP module instead of Ethernet.
In Load-balancing mode, the router will spread your Internet sessions across all Internet connections to make best use of your available total bandwidth. This can be automatic, according to rules or reserving specific WAN connections for specific clients or services.
WAN-Backup (failover) provides contingency (redundancy) in case of your primary connection or ISP sufferers temporary outage. Internet Traffic will be temporarily routed via the second, third or fourth Internet connection. When normal services is restored to your primary line(s), all traffic is switched back to that.
802.1q Tagged, Wireless & Port Based VLAN
The Vigor 2925 features a hugely flexible VLAN system. Each of the six Gigabit LAN ports can be isolated from each other, for example to feed different companies or departments but keeping their local traffic completely separated.
VPN - Linking remote offices, HQ, teleworkers and mobile staff
A feature central to DrayTek routers is the VPN (Virtual Private Networking) features. A VPN enables you to link two remote offices, branch offices back to HQ or home-based/mobile teleworkers back to your office. Once connected, they have access to your office/remote resources through a secure encrypted tunnel allowing remote desktop, file sharing and seamless access to other resources and devices. The Vigor 2952 allows you to set up up to 100 simultaneous VPN tunnels to remote offices or from remote teleworkers. The Vigor 2952 industry standard protocols, including encryption and authentication methods. Teleworkers can authenticate directly with your LDAP server if preferred.
The Vigor2952 supports VPN trunking; this allows you to create tunnels down muliple WAN connections to a remote site in order to increase bandwidth. VPN trunking also provides failover (backup) of your VPN route down a secondary WAN connection. You can learn more about DrayTek VPN here.
The Vigor 2952 also supports SSL VPN. These are encrypted tunnels linking your teleworker back to your main office but they are 'clientless in that your O/S does not need to generate the tunnel and you do not need to install any VPN software manually. You instigate an SSL tunnel from your regular web browser, so it could be in a web cafe or guest network, and the tunnel is creating using SSL technology - the same encryption that you use for secure web sites such as your bank. The Vigor2952 can operate SSL VPNs in either Proxy or full tunnel mode and allows up to 50 simultaneous incoming users. For SSL VPN tunnel mode Windows OS, Mac OS X, Apple iOS and Android are supported.
Vigor 2952 - Technical Specification
WAN1 : Selectable:
RJ-45 Gigabit Ethernet (1000Mb/s) or
SFP Gigabit Slot for Fibre or other module (1000Mb/s)
WAN2 : RJ-45 Gigabit Ethernet (1000Mb/s)
WAN3 : USB 2.0 Port for 3G/4G Cellular Modem or NAS feature
WAN4 : USB 3.0 Port for 3G/4G Cellular Modem or NAS feature
4 X RJ-45 Gigabit Ethernet (1000Mb/s) - LAN
Firewall: Up to 500Mb/s
IPSec VPN: Up to 200Mb/s
NAT Sessions : 100,000
Load Balance/Failover Features:
Outbound Policy-Based Load-Balance to direct traffic via:
NAT or Routing
WAN InterfaceLAN Interface
Specific LAN Gateway
IP-Based or Session-Based Load Balance modes
WAN Connection Fail-over
BoD (Bandwidth on Demand)Configurable Load-Balance pool, specify WAN interfaces to load balance
WAN Protocols (Ethernet):
IPv4 / IPv6
Operation on all of the WAN ports
Static IP, DHCPv6 or PPP
Connectivity to ISPs provided direct/native IPv6
Built-in tunnelling to IPv6 brokers:
Default stateful firewall for all IPv6 LAN Clients/Devices
DHCPv6 & RADVD for client configuration
IP Filtering Rules
QoS for IPv6 with DiffServ
Router Management over IPv6 (Telnet/HTTP) with IPv6 Access List
Dual-Stack (Concurrent) operation with IPv4)
Firewall & Security Features:
CSM (Content Security Management):
URL Keyword Filtering - Whitelist or Blacklist specific sites or keywords in URLs
Block Web sites by category (e.g. Adult, Gambling etc. Subject to subscription)
Prevent accessing of web sites by using their direct IP address (thus URLs only)
Blocking automatic download of Java applets and ActiveX controls
Blocking of web site cookies
Block http downloads of file types :
Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
Time Schedules for enabling/disabling the restrictions
Block popular P2P (Peer-to-Peer) file sharing programs
Block Instant Messaging programs (e.g. IRC, MSN/Yahoo Messenger etc.)
DNS Filter: Use DNS to enforce categorisation
Multi-NAT (32 WAN IPs per WAN1 & WAN2)
DMZ Port (via LAN port P1, switchable)
40 Port Redirection rules
40 Open Port rules (10 port ranges per rule)
MAC Address Filter
SPI ( Stateful Packet Inspection ) with new FlowTrack Mechanism
DoS / DDoS Protection
IP Address Anti-spoofing
E-Mail Alert and Logging via Syslog
Bind IP to MAC Address
User Management: Up to 200 Profiles
Supports external authentication via LDAP or RADIUS
Per User Bandwidth and Time Quota
Schedule Control to delete or disable account automatically