Vigor 2930 Series Router Firewall

Vigor 2930 Series Router Firewall
Vigor 2930 Series Router Firewall
Â
Â
Vigor 2930 Series Router Firewall
- Broadband Router/Firewall
- Dual Ethernet WAN portsÂ
- Load Balancing & WAN FailoverÂ
- VPN Dial-in/dial-out with VPN hardware co-processorÂ
- SSL VPNÂ
- VPN TrunkingÂ
- Comprehensive and Robust Firewall
- Content Filtering (by matched keyword or data type)Â
- Web Site Category Filtering & BlockingÂ
- Ethernet and WLAN Virtual LAN segmentation (common/distinct)Â
- Configurable QoS Features (For traffic prioritisation)Â
- 802.11n Draft 2.0 Wireless LAN ('n' models)Â
- Highly configurable amd easy to install and manageÂ
{tab=Overview}
Â
The Vigor 2930 is a high-performance dual-WAN firewall. The two dedicated
ethernet WAN ports can provide load balancing, WAN failover or bandwidth
aggregation (increasing total bandwidth onto the Internet). Versions with
SIP-Compliant VoIP (Voice-over-IP) and ISDN support are also available. High
Speed total WAN througput of up to 70Mb/s is available, and IPSec VPN throughput
of up to 40Mb/s. Extensive QoS support and comprehensive Web Content filtering
features help you make the most efficient use of your bandwidth.
The Vigor 2930 is in an all-new DrayTek housing design with all LEDs and
http://www.cambridge-networks.co.uk - IT SUPPORT CAMBRIDGE
Powered by Mambo
Generated: 9 June, 2017, 02:02
sockets provided conveniently on the front. This makes desk usage, wall mouting
or rack-mounting (optional bracket required) all equally covenient.
{tab=Wireless LAN}Â
The Vigor2930 Series ('n' models) features the latest 802.11n Draft 2.0
wireless LAN specification and has been certified by the WiFi alliance for cross
compatibility and WiFi compliance (including WPA/WPA2 and WMM).
802.11n Draft 2.0 provides a total wireless bandwidth of up to 300Mb/s using
new methods such as packet aggregation and channel bonding. Throughput depends
on your own environment (factors such as obstructions, number of hosts and
distance all make a significant difference), but actual transfer speeds of
100Mb/s are achievable (based on our real world tests). In addition, 802.11n
Draft 2.0 provides greater coverage and resilience to interference compared to
previous wireless standards thanks to the MIMO technology and the Vigor's
triple-antennae diversity arrangement. This offset arrangement of aerials
provides offset paths between hosts so that interference can be overcome.
Wireless Security is comprehensive too; the Vigor 2930
Series provides several independent levels of security including encryption (up
to WPA2), authentication (802.11x) and methods such as MAC address locking and
DHCP fixing to restrict access to authorised users only. The Web interface lets
you see how many and which clients are currently connected as well as their
current bandwidth usage. An 'instant' block lets you disconnect a wireless user
temporarily in case of query. The Wireless VLAN facility allows you to isolate
wireless clients from each other or from the 'wired' LAN.
Your laptop PC's built-in wireless may not support 802.11n Draft 2.0
wireless, in which case you will need to add a new wireless LAN interface such
as the DrayTek N61 USB adaptor. Click on 'accessories' for details.
For specialist coverage applications, optional aerials can be used with the
Vigor 2930 to potentially increase the range of wireless coverage (depending on
enviroment) or provide directional coverage in order that your wireless
transmission is focussed and concentrated into one direction only, for example
into a room or across open space.
- 802.11n Compliant (Draft 2.0)
- WiFi Alliance Approved
- Latest 'MIMO' Technology with three aerials (2T3R)
http://www.cambridge-networks.co.uk - IT SUPPORT CAMBRIDGE
Powered by Mambo
Generated: 9 June, 2017, 02:02
- Packet Aggregation and Channel Bonding
- Optional Higher Gain or directional aerials available - Click Here.
- Also Compatible with 802.11b and 802.11g Standards
- Active Client list in Web Interface
- Wireless LAN Isolation (from VLAN groups and wired Ethernet interfaces)
- 64/128-bit WEP Encryption
- WPA/WPA2 Encryption
- Switchable Hidden SSID
- Restricted access list for clients (by MAC address)
- Time Scheduling (WLAN can be disabled at certain times of day)
- Access Point Discovery
- WDS (Wireless Distribution system) for WLAN Bridging (Firmware
Upgradable, ETA March 2008)
- 802.1x Radius Authentication
- Wireless Rate-Control
- Automatic Power Management
- 802.11e WMM (Wi-Fi Multimedia)
Important Note : Wireless performance (speed
and range) always depends on your specific environment and will vary
considerably. Factors affecting performance include wireless traffic, other
networks nearby, site construction, walls, ceilings and other electronic
equipment nearby. The product may not be upgradable to future 802.11n Draft
standards or be compatible with products from other manufacturers. Speeds quoted
are the maximum wireless capacity, including RX/TX capacity, protocol overheads
and all clients/hosts connected.
{tab=VOIP}Â
VPNs (Virtual Private Networks) enable you to link two remote computers or networks securely using the public Internet.
An encrypted tunnel is created to carry your private data between the two sites. Tunnels making use of PPTP, L2TP,
http://www.cambridge-networks.co.uk - IT SUPPORT CAMBRIDGE
Powered by Mambo
Generated: 9 June, 2017, 02:02
AES and IPSec protocols have been available on Vigor routers for many years and provide a simple to set up solution for
your site-to-site or teleworker VPNs. SSL VPNs provide a new method for teleworker to central site VPN, providing great
convenience, low TCO and simplicity where other methods may not be possible.
The benefits of SSL VPNs
One potential drawback of using the above methods for a Teleworker-to-central site VPN is that they need compatiable
protocol stacks at each end (e.g. an IPSec client or hardware) and most importantly those protocols need to be freely
passed by your local host network. This isn't normally a problem where you own the computers and the network in use
and you can install any client, software or hardware you choose, as well as allowing any traffic types you like. Where it
can become a problem is where you are using someone else's computer or network where either you cannot use the O/S
VPN client, or the host network blocks VPN protocols or makes them unreliable. This is most commonly a problem when
using WiFi hotspots or other public Internet access methods (hotels, conference centres etc.).
You may already have heard of SSL previously, and you have almost certainly used it. SSL (Secure Sockets Layer) is
the protocol used by all web browsers for accessing 'secure' web sites. You will have used secure web sites whenver
you have used your credit card online or accessed your banking web sites, for example. SSL is supported by all web
browsers, and as it is so commonly used, all hotspots and other public Internet will always allow SSL to pass properly. By
using the SSL protocol for your telework VPN tunnel you therefore have some important benefits:
Traditional VPN (e.g. AES/IPSec SSL VPN
Requires VPN Client or Hardware Uses Standard Web Browser SSL
Support for popular O/S's only Compatible with all computers/browsers
Licence fees all for some vendor
client software (Not DrayTek though!) No client licence fees
Requires user to operate VPN Client No special operator procedures.
Just use your web browser.
At OSI 'network' layer At OSI 'session' layer
AES/DES/3DES Encryption SSL Encryption
Full network access (unless filtered) Ability to easily restrict users to
specific web applications
Network Level Access as standard. Network level access via
DrayTel Active-X SSL Tunnel Plug-inÂ
Teleworker or Site-to-Site (LAN-to-LAN) Teleworker-to-Host site only
Another advantage of web based SSL VPN is that your host Vigor router presents the user with his/her login page to the
network within their browser and then can provide access only to the web based applications or local servers which you
allow as opposed to a regular VPN which connects the user to the network directly for access to any resource which is
accessible locally. No TCP/UDP ports have to be opened on your host router; if the user cannot login to the VPN, they
won't get access.
As mentioned previously, an SSL VPN uses your standard web browser; this means that for your web based applications
running at your office (webmail, Intranet, Thin Clients etc.) SSL VPNs work really well for this access method, which is
called 'SSL Web Proxy' mode. A very common application for SSL VPN is remote desktop. By using the Windows
'Remote Desktop Web Connection', your office desktop will be accessible from your web browser whereever you are and
whoever's computer you're using. In addition, by using Vigor web proxy, you can browse external web sites via the
tunnel, thus bypassing any local web site blocking policy (content filtering or local polcies). If you are familiar with 'port
redirection' or 'open ports setup' on Vigor routers, SSL Proxy to your internal web services is very similar in concept to
this except that the data passes through a secured tunnel, hence increasing security and privacy.
SSL VPNs beyond the Browser
Using the web browser for your remote access is great for accessing web-based applications (intranet, webmail, remote
web desktop etc.) but it does not provide access to the actual network directly, for example for shared directory access,
network resources or other applications which are not browser based. Only data or applications which are available in
your web browser locally are available remotely via the SSL Proxy (see above).
For full network access, DrayTek provide an Active-X Tunnel plug-in (a VPN client, effectively) which can transfer at the
network layer, making a fully VPN tunnel. This is called SSL Tunnel mode. This plug-in is downloaded automatically by
your browser from the host Vigor router when you log into the SSL VPN and select Tunnel mode. You are then fully
connected to the remote network for direct network resource access. In this way, you are no longer limited to running
web-based applications and can access shares and other network resources.
If you'd like to see just how easy it is to set up a DrayTek SSL VPN, Click Here.
Â
http://www.cambridge-networks.co.uk - IT SUPPORT CAMBRIDGE
Powered by Mambo
Generated: 9 June, 2017, 02:02
Microsoft SSTP
Microsoft has developed their own version of SSL VPN called 'SSTP' (Secure Socket Tunnelling Protocol) which is
supported by Windows Vista. DrayTek Corp. has signed a licencing agreement with Microsoft to develop SSTP capability
on their firewalls/routers. The Vigor2930 SSTP firmware is due ETA Q3/09.
{tab=VPN Trunking}Â
VPN Trunking
VPN Trunking is the facility to create more than one VPN tunnel to the same remote location in order to provide either
increased bandwidth between the two sites (load balancing) or resilience (failover) in the event that one
tunnel/connection is interrupted. The Vigor 2930 supports both Failover and Load Balancing modes for VPN Trunks.
The Vigor 2930 already supports load balancing to the Internet using its dual-WAN ports. What VPN trunking does is
enables a tunnel to be created down each WAN connection to the same remote location creating a single virtual tunnel,
as far as the traffic and LAN devices/clients are concerned.
In the diagram above, you can see a single virtual tunnel as far as the LAN at each end is concerned. Within the router,
two WAN connections are being used with each router, across which the VPN tunnel can be spread, increasing total
capacity and/or redundancy (for failover).
{tab=Specification}
Vigor2930 Series Specification
Physical Interfaces:
- LAN: 4-port 10/100 Base-TX Switch
- WAN: 2-port 10/100 Base-TX EthernetÂ
- VoIP: 2-port FXS Phone Ports ('V' models only)Â
- ISDN: 2-Ports. One fixed S0, one configurable NT / TE mode
('S' model only
 Dual-WAN Ports:
- 10/100Base-T EthernetÂ
http://www.cambridge-networks.co.uk - IT SUPPORT CAMBRIDGE
Powered by Mambo
Generated: 9 June, 2017, 02:02
- Outbound Policy-Based Load-BalanceÂ
- WAN Connection Fail-over
VoIP Features ('V' Models only):
- BoD (Bandwidth on Demand)
- Protocols: SIP, RTP / RTCPÂ
- 12 SIP Registrar Accounts (for up to 12 VoIP providers)Â
- G.168 Line Echo-cancellation
Automatic Gain Control
Jitter Buffer ( 125ms )
Voice Codecs:
G.711 A / µ Law
G.723.1
G.726
G.729 A / B
Wireless LAN Features ('n' models only):
802.11n Compliant (Draft 2.0)
Latest 'MIMO' Technology with three aerials (2T3R)
Packet Aggregation and Channel Bonding
Optional Higher Gain or directional aerials available - Click Here.
Compatible with 802.11b and 802.11g Standards
Active Client list in Web Interface
Wireless LAN Isolation (from VLAN groups and wired Ethernet interfaces)
64/128-bit WEP Encryption
WPA/WPA2 Encryption
Switchable Hidden SSID
Restricted access list for clients (by MAC address)
Time Scheduling (WLAN can be disabled at certain times of day)
Access Point Discovery
WDS (Wireless Distribution system) for WLAN Bridging (Firmware Upgradable)
802.1x Radius Authentication
Wireless Rate-Control
Automatic Power Management
802.11e WMM (Wi-Fi Multimedia)
VAD / CNG
Tone Generation: DTMF , Dial , Busy , Ring Back , Call Progress
DTMF Transmission: In Band / Out Band ( RFC-2833 ) / SIP info
FAX / Modem Support G.711 Pass-through
T.38 for FAX
Supplemental Services:
http://www.cambridge-networks.co.uk - IT SUPPORT CAMBRIDGE
Powered by Mambo
Generated: 9 June, 2017, 02:02
Caller ID
Call Hold / Retrieve
Call Waiting
Call Waiting with Caller ID
Call Transfer
Call Forwarding ( Always , On Busy and On No Answer )
DND (Do not Disturb)
Call Barring ( Incoming / Outgoing )
MWI ( Message Waiting Indicator ) ( RFC-3842 )
Hotline (Dial preset number when handset lifted)
ISDN Features ('S' Model Only):
RJ-45 S/T Interfaces
ISDN Loop-Through
ISDN On-net / Off-net
Euro ISDN Compatible
Automatic ISDN Backup for Internet Access
Support 64 / 128Kbps ( Multilink-PPP)
BoD ( Bandwidth on Demand )
Remote Dial-In / LAN-to-LAN Connection
Remote Activation (Dial back on ISDN Caller ID recognition)
ISDN Port Passthrough During Power Cut
WAN Protocols:
DHCP Client
Static IP
PPPoE
PPTP
L2TP *
BPA
Firewall & Security Features:
CSM (Content Security Management):
URL Keyword Filtering - Whitelist or Blacklist specific sites or keywords in URLs
Surfcontrol Support - Block Web sites by category (subject to subscription)
Prevent accessing of web sites by using their direct IP address (thus URLs only)
Blocking automatic download of Java applets and ActiveX controls
Blocking of web site cookies
Block http downloads of file types :
Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
Time Schedules for enabling/disabling the restrictions
Block P2P (Peer-to-Peer) file sharing programs (e.g. Kazza, WinMX etc. )
Block Instant Messaging programs (e.g. IRC, MSN/Yahoo Messenger etc.)
Multi-NAT, DMZ Host
Port Redirection and Open Port Configuration
Policy-Based Firewall
MAC Address Filter
SPI ( Stateful Packet Inspection )
DoS / DDoS Protection
IP Address Anti-spoofing
E-Mail Alert and Logging via Syslog
Bind IP to MAC Address
http://www.cambridge-networks.co.uk - IT SUPPORT CAMBRIDGE
Powered by Mambo
Generated: 9 June, 2017, 02:02
VPN Support:
Up to 50 Simultaneous VPN Tunnels
Protocols : PPTP, IPSec, L2TP, L2TP over IPSec
Encryption : MPPE and Hardware-Based AES / DES / 3DES
Authentication : Hardware-Based MD5 , SHA-1
IKE Authentication : Pre-shared Key and Digital Signature ( X.509 )
PFS (Perfect Forward Secrecy)
IKE Phase 1 Agressive/Standard Modes & Phase 2 Selectable lifetimes
LAN-to-LAN (Dial-in & Dial-Out), Teleworker-to-LAN
DHCP over IPSec
NAT-Traversal (NAT-T)
Dead Peer Detection (DPD)
VPN Pass-Through
Bandwidth Management:
QoS
Guaranteed Bandwidth for VoIP
Class-based Bandwidth Guarantee by User-Defined Traffic Categories
DiffServ Code Point Classifying
4-level Priority for each Direction (Inbound / Outbound)
Bandwidth Borrowed
Temporary (5 minute) Quick Blocking of any LAN Client
Bandwidth / Session Limitation
Network/Router Management:
Web-Based User Interface (HTTP / HTTPS)
CLI ( Command Line Interface ) / Telnet / SSH*
Administration Access Control
Configuration Backup / Restore
Built-in Diagnostic Function
Firmware Upgrade via TFTP / FTP
Logging via Syslog
SNMP Management with MIB-II
Network Features:
DHCP Client / Relay / Server
Dynamic DNS
NTP Client (Syncrhonise Router Time)
Call Scheduling (Enable/Trigger Internet Access by Time)
RADIUS Client
DNS Cache / Proxy
Microsoftâ„¢ UPnP
Port-Based VLAN (Ethernet LAN ports exclusive/inclusive groups)
Routing Protocols:
Static Routing
RIP V2
Operating Requirements:
Rack Mountable (Optional mount bracket required)
Temperature Operating : 0°C ~ 45°C
Storage : -25°C ~ 70°C
http://www.cambridge-networks.co.uk - IT SUPPORT CAMBRIDGE
Powered by Mambo
Generated: 9 June, 2017, 02:02
Humidity 10% ~ 90% ( non-condensing )
Power Consumption: 18 Watt Max.
Dimensions: L240.96 * W165.07 * H43.96 ( mm )
Operating Power: DC 15V (via external PSU, supplied)
Warrantyu : 2 Years Manufacturer's RTB included
Power Requirements : 220-240VAC
{/tabs}
http://www.cambridge-networks.co.uk - IT SUPPORT CAMBRIDGE
Powered by Mambo
Generated: 9 June, 2017, 02:02
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising