UFB Ready: | ? | 30/10 | ? | 100/50 | ? | 200/200 |
The Vigor 2960 is a high-performance dual-Gigabit WAN firewall. The two dedicated Gigabit WAN ports can provide load balancing or WAN failover. Based on a new DrayTek OS platform, the Vigor 2960 provides high performance with DrayTek’s traditional ease of use and comprehensive features set. Extensive QoS, VLAN Web Content filtering features help keep your network efficiency and online productivity high.
- High-Performance Router/Firewall
- Load Balancing & WAN Failover
- Native IPv4 & IPv6 dual-stack
- Two Gigabit WAN ports
- Four Gigabit LAN Ports
- Twin Independent USB Ports
- IPSec VPN – LAN-to-LAN or Teleworker (100 tunnels)
- SSL VPN (ETA Q1/2014)
- 802.1q Tagged and port-based VLANs
- QoS Assurance on different traffic types
- VPN Trunking (Backup/aggregation)
- Mobile One-Time Passwords for Teleworker VPNs
- Multiple LAN-side private IP subnets
- Internet Content Filtering
Vigor 2960 Series Specification
Physical Interfaces:
LAN: 4-port Gigabit (10/100/1000 Base-T)
WAN: 2-port Gigabit (10/100/1000 Base-T) Ethernet
USB: 2 USB 2.0 Ports (for flash storage and 3G)
Note : USB Function due in later firmware
WAN Protocols : PPPoE, PPTP, DHCP Ciet, Static IP
Load Balancing : Policy based or automatic
WAN Failover : Switch to other connection when primary WAN lost
VPN support:
Protocols : PPTP, IPSec, L2P, L2TP over IPSec
Up to 100 simultaneous tunnels (LAN-to-LAN or Teleworker-to-LAN)
Dial-in and Dial-out supported
VPN Trunking – allows alternative failover route or multiple
tunnels to the same destination to increase capacity/throughput
LDAP/Active Directory : Teleworker VPNs can be auththenticated by a LDAP/AD server
NAT-Traversal (NAT-T): VPN over routes without VPN Passthrough
PKI Certificates: Use X.509 Digital Signatures
IKE Authentication: Pre-shared key (PSK), Phase 1 agressive/standard, Phase 2 selectable lifetimes
Encryption:
Hardware-based AES (128, 192, 256 bits)
Hardware-based DES/3DES (56 & 168 bits)
Hardware-based MD5 & SHA-1
MPPE (40 or 128 bits)
Radius Client: Authentication for PPTP remote dial-in teleworkers
DHCP over IPSec
GRE over IPSec
Dead-Peer-Detection (DPD))
Smart-VPN Softare utility: For teleworkers
No extra licencing or additional VPN client costs.
Ineroperability : Compatible with other 3rd party VPN devices
Firewall:
Stateful Packet Inspection (SPI)
Content Security Management (CSM)
Multi-NAT: Set one-to-one mappings between your private and public IP addresses
Port Redirection & Open Ports
Policy-based IP Packet Filter. Fully configurable policies based on IP address, MAC address (source or destination), DiffServ attribute, direction, bandwidth, remote site
DoS/DDoS Protection
IP Address Anti-spoofing
Object-Based Firewall
Notification: Email alerts and logs to syslog
Bind IP to MAC address
User-Controlled Rules: Interrogates LDAP server to permit access or enforce policies
System Management:
Web-Based User Interface: Integrated server for router management (via HTTP or HTTPS)
Telnet/SSH : Command line control and configuration
Configuration Backup/Restore
Built-in diagnostics, dial-out triger, routing table, ARP table, DHCP Table, NAT Sessions Table, data flow monitor, traffic graph, ping diagnostics, traceroute
Firmware Upgrade by HTTP, TFTP & FTP
Syslog Logging
SNMP Management: v1/v2, MIB II
Vigor ACS-SI Centralised Management: TR-069 compatible for ACS platform
Compatible with Smart Monitor Traffic Analyser : Windows software for up to 100 users
Bandwidth Management:
Traffic Shaping: Dynamic bandwidth management with IP traffic shaping
Bandwidth Reservation: Connection or client based
Packet Size Control
DiffServ Codepoint Classifying
4 Priority Levels (Inbound/Outbound)
Individual IP Bandwidth Session Limits per user/group
Bandwidth Borrowing
User-defined class-based rules
Web Content Filtering & CSM:
URL Keyword Blocking: Blacklist or Whitelist
Content Type Blocking: Java applet, cookies, Active-X
Block P2P Applications (inc. Kazza, WinMX, Bittorrent)
Block Instant messaging
Block access of web sites by direct IP address (thus URLs only)
Block HTTP download of compressed, executable or multimedia files
Web Content Filter: GlobalView filtering of 64 web site categories (e.g. adult, gambling sites etc.). subscription required (free trial included)
Time Scheduling: Blocking rules can be activated based on time schedules
Routing Functions:
IPv4 & IPv6 Dual-Stack
DNS Cache/Proxy
DHCP Client, Server & Relay
DHCP Options: 1,3,6,51,53,54,58,59,60,61,66,125
IGMP v1/v2 & Proxy/Snooping
uPnP: 500 Sessions
NAT: 80,000 Sessions
NTP Client with DST Adjustments
Static routing
Policy-based routing
Dynamic DNS : Updates DDNS servers with public IP address
Port-Based VLAN
Tag-Based VLAN: 802.1q
Client/Call Scheduling : Real-time clock, with NTP updating schedules access or connectivity
Wake-on-LAN : Passed from WAN to preset LAN device
Operating Requirements:
Rack Mountable (Mount brackets included)
Temperature Operating : 0°C ~ 45°C
Storage : -10°C ~ 70°C
Humidity 10% ~ 90% (non-condensing)
Power Consumption: 19W Max
Dimensions: L273 * W166 * H44 (mm) (1U Height))
Operating Power: 220-240VAC (internal PSU)
Warranty : 2 Years Manufacturer’s RTB included