DrayTek Vigor 2960

The Vigor 2960 is a high-performance dual-Gigabit WAN firewall. The two dedicated Gigabit WAN ports can provide load balancing or WAN failover. Based on a new DrayTek OS platform, the Vigor 2960 provides high performance with DrayTek’s traditional ease of use and comprehensive features set. Extensive QoS, VLAN Web Content filtering features help keep your network efficiency and online productivity high.

• High-Performance Router/Firewall
• Load Balancing & WAN Failover
• Native IPv4 & IPv6 dual-stack
• Two Gigabit WAN ports
• Four Gigabit LAN Ports
• Twin Independent USB Ports
• IPSec VPN – LAN-to-LAN or Teleworker (100 tunnels)
• SSL VPN (ETA Q1/2014)
• 802.1q Tagged and port-based VLANs
• QoS Assurance on different traffic types
• VPN Trunking (Backup/aggregation)
• Mobile One-Time Passwords for Teleworker VPNs
• Multiple LAN-side private IP subnets
• Internet Content Filtering

Vigor 2960 Series Specification

Physical Interfaces:

LAN: 4-port Gigabit (10/100/1000 Base-T)

WAN: 2-port Gigabit (10/100/1000 Base-T) Ethernet

USB: 2 USB 2.0 Ports (for flash storage and 3G)

Note : USB Function due in later firmware

WAN Protocols : PPPoE, PPTP, DHCP Ciet, Static IP

Load Balancing : Policy based or automatic

WAN Failover : Switch to other connection when primary WAN lost

VPN support:

Protocols : PPTP, IPSec, L2P, L2TP over IPSec

Up to 100 simultaneous tunnels (LAN-to-LAN or Teleworker-to-LAN)

Dial-in and Dial-out supported

VPN Trunking – allows alternative failover route or multiple

tunnels to the same destination to increase capacity/throughput

LDAP/Active Directory : Teleworker VPNs can be auththenticated by a LDAP/AD server

NAT-Traversal (NAT-T): VPN over routes without VPN Passthrough

PKI Certificates: Use X.509 Digital Signatures

IKE Authentication: Pre-shared key (PSK), Phase 1 agressive/standard, Phase 2 selectable lifetimes

Encryption:

Hardware-based AES (128, 192, 256 bits)

Hardware-based DES/3DES (56 & 168 bits)

Hardware-based MD5 & SHA-1

MPPE (40 or 128 bits)

Radius Client: Authentication for PPTP remote dial-in teleworkers

DHCP over IPSec

GRE over IPSec

Dead-Peer-Detection (DPD))

Smart-VPN Softare utility: For teleworkers

No extra licencing or additional VPN client costs.

Ineroperability : Compatible with other 3rd party VPN devices

Firewall:

Stateful Packet Inspection (SPI)

Content Security Management (CSM)

Multi-NAT: Set one-to-one mappings between your private and public IP addresses

Port Redirection & Open Ports

Policy-based IP Packet Filter. Fully configurable policies based on IP address, MAC address (source or destination), DiffServ attribute, direction, bandwidth, remote site

DoS/DDoS Protection

IP Address Anti-spoofing

Object-Based Firewall

Notification: Email alerts and logs to syslog

Bind IP to MAC address

User-Controlled Rules: Interrogates LDAP server to permit access or enforce policies

System Management:

Web-Based User Interface: Integrated server for router management (via HTTP or HTTPS)

Telnet/SSH : Command line control and configuration

Configuration Backup/Restore

Built-in diagnostics, dial-out triger, routing table, ARP table, DHCP Table, NAT Sessions Table, data flow monitor, traffic graph, ping diagnostics, traceroute

Firmware Upgrade by HTTP, TFTP & FTP

Syslog Logging

SNMP Management: v1/v2, MIB II

Vigor ACS-SI Centralised Management: TR-069 compatible for ACS platform

Compatible with Smart Monitor Traffic Analyser : Windows software for up to 100 users

Bandwidth Management:

Traffic Shaping: Dynamic bandwidth management with IP traffic shaping

Bandwidth Reservation: Connection or client based

Packet Size Control

DiffServ Codepoint Classifying

4 Priority Levels (Inbound/Outbound)

Individual IP Bandwidth Session Limits per user/group

Bandwidth Borrowing

User-defined class-based rules

Web Content Filtering & CSM:

URL Keyword Blocking: Blacklist or Whitelist

Content Type Blocking: Java applet, cookies, Active-X

Block P2P Applications (inc. Kazza, WinMX, Bittorrent)

Block Instant messaging

Block access of web sites by direct IP address (thus URLs only)

Block HTTP download of compressed, executable or multimedia files

Web Content Filter: GlobalView filtering of 64 web site categories (e.g. adult, gambling sites etc.). subscription required (free trial included)

Time Scheduling: Blocking rules can be activated based on time schedules

Routing Functions:

IPv4 & IPv6 Dual-Stack

DNS Cache/Proxy

DHCP Client, Server & Relay

DHCP Options: 1,3,6,51,53,54,58,59,60,61,66,125

IGMP v1/v2 & Proxy/Snooping

uPnP: 500 Sessions

NAT: 80,000 Sessions

NTP Client with DST Adjustments

Static routing

Policy-based routing

Dynamic DNS : Updates DDNS servers with public IP address

Port-Based VLAN

Tag-Based VLAN: 802.1q

Client/Call Scheduling : Real-time clock, with NTP updating schedules access or connectivity

Wake-on-LAN : Passed from WAN to preset LAN device

Operating Requirements:

Rack Mountable (Mount brackets included)

Temperature Operating : 0°C ~ 45°C

Storage : -10°C ~ 70°C

Humidity 10% ~ 90% (non-condensing)

Power Consumption: 19W Max

Dimensions: L273 * W166 * H44 (mm) (1U Height))

Operating Power: 220-240VAC (internal PSU)

Warranty : 2 Years Manufacturer’s RTB included