|The Vigor 2910 is a high-performance firewall and VPN device, providing up to 32 simultaneous VPN tunnels for branch-office linking or teleworkers. In addition, sophisticated firewalling is provided making the Vigor 2910 a comprehensive and feature-packed firewall device to increase both security, flexibility and performance of your network Internet connectivity. Security features are packed into every area of the Vigor2910's functions.
Dual Ethernet WAN Interfaces
The primary 'WAN' interface (the connection to the outside world) is 10/100BaseT Ethernet. This can connect to any Ethernet based router IP or Internet feed which might typically be fed via Leased Line, cable modem, ADSL, Satellite system - anything which is then terminated in Ethernet. In addition, one of the LAN Ethernet ports or the USB port can be selected as a secondary WAN (Internet) Interface. The second interface can be used as the primary interface, backup fail over for the primary WAN port, load balancing or just for increased total bandwidth. This allows you to use two Internet feeds simultaneously to provide higher total capacity, or rule-based routing over two feeds (load balancing). If you do not have a second WAN feed, you can use the 2nd WAN port as a regular LAN port instead.
3G USB Modem Support
As mentioned above, you can use the Vigor 2910's USB port as a WAN interface to a USB 3G (cellular) modem. This enables you to provide broadband access anywhere in the UK (subject to network coverage) without needing fixed lines. This can be in a temporary office, a coach, hotel or anywhere you like and your users can then browse web sites or check there email with ease. Existing Vigor2910 owners can download a free firmware upgrade to add this facility. The USB modem and SIM is not supplied with the router; you obtain that separately from your cellphone company. For full details of this facility and modem support/compatibility
LAN-to-LAN VPN Services
A VPN (Virtual Private Network) is a method for using a public network (Internet) to carry private data between offices or from teleworkers to office. The Vigor 2910 can act as a VPN concentrator (endpoint) for up to 32 remote sites - i.e. running 16 simultaneous tunnels to remote locations; either single teleworkers or remote networks/offices. The VPNs use industry standard protocols including IPSec, PPTP and with high level encryption including 3DES, AES and MPPE. No additional licenses are needed for users. Cross compatibility with with common Microsoft Windows and MacOS VPN software clients is supported as well as compatibility with many other 3rd party VPN vendor's products, including Cisco™ Pix, Nokia™, Sonicwall™, Checkpoint™, Juniper™ and Watchguard™. For more details on VPN, see DrayTek VPN.
Vigor2910 Enhanced Firewall The Vigor 2910 includes full packet-level firewall facilities and also employs stateful packet inspection/recording for both NAT and non-NAT (IP routed) modes. A default 'deny' policy means that any packet arriving which appears unsolicited won't get through to your LAN. The Vigor 2910 series also features automatic selectable protection from Dos/DDos (Denial of Service/Distributed Denial of Service) attacks and IP anti-spoofing. User-definable filters also allow you to add additional protection to your connection (see right); a new object-oriented system makes specifying flexible filter sets easier and more flexible. For added confidence, potential or foiled attacks are logged and can be reported via the router's syslog facility or emailed to you by the router.
Voice-Over-IP (VoIP) Features
The Vigor2910VG model adds twin phone ports for VoIP (Voice over IP). VoIP enables you to use your existing broadband capacity to carry regular voice calls to suitably equipped remote sites, for example another Vigor VoIP enabled router or to other compatible hardware/software products. The DrayTek supports the open 'SIP' standard for compatibility with other vendors' products.
The calls between the two sites in the example above are, of course, free of charge because they are making use of your existing always-on ADSL connection, but cost isn't the only advantage; using VOIP means that you have additional call capacity in your home or office, without tying up your regular phone line. Using a VoIP-PSTN gateway service, such as Draytel you can also fully integrate with the PSTN, making and receiving calls to and from any regular phone number, worldwide.
Selectable QoS Assurance
The Vigor2910 supports selectable QoS (Quality of Service). This enables you to select specific protocols/services to have guaranteed levels of your Internet bandwidth. For example, if you need POP3 email to have priority, you could specify that 50% of your available bandwidth is guaranteed for POP3 email. When the bandwidth is not being used by POP3, it is still available for all other traffic,. The Vigor2910's QoS facility provides flexibility - you can set several groups of services to have different priorities, data directions and bandwidth reservations.
Content Filtering The Vigor2910 also helps protect against internal Internet abuse with its content filter which can block specified sites according to matched keywords which you specify - i.e. keywords within URLs. You can alternatively set the router to only allow access to specific pre-set site - all other sites are blocked. Additionally, you can block Java/ActiveX applet downloads, cookies as well as HTML download of specific file types (e.g. ZIP, EXE, multimedia etc.). This all provides a deterrent to internal abuse of your Internet resources and re-enforce your local Internet user policies for staff or family members.
For specific categories filtering, the Vigor2910 also provides integration with the Surfcontrol™ service, allowing you to block werb surfing by categories (e.g. adult material, gambling etc.) based on Surfonctrol's online database of millions of sites. Surfcontrol is provided as a free trial to test, and a subscription service thereafter, provided by Surfcontrol directly (current cost est. from £25 per year).
To protect your Internet connection from abuse or your users from unsuitable content, you can block popular Peer-to-Peer applications, as well as Instant Messaging software. You can set a time schedule so that the activities are allowed at only certain times of day.
Printer Port The USB port on the back of the router allows you to connect most standard USB based printers and then print to them from any Windows98SE/XP/2000 PC, using built-in O/S support from any application, thus not needing to have a particular PC be on to provide printer sharing to its peers.
Virtual LAN (VLAN) The Vigor 2910's VLAN facility enables you to segment each of the router's four RJ45 Ethernet ports, so that each is a separate virtual LAN. You can create VLAN groups which include or exclude any of the ports so that groups, departments and companies can communicate with each other, or not. For example, two companies could share the same broadband feed, without having access to each others networks. For more details of VLAN. For the wireless models, wireless VLANs can also be specified, with groups common/exclusive to wired and wireless clients.
The Wireless interface on the Vigor2901VG enables wireless connection of PCs and supports Atheros™ Super-G, for total wireless bandwidth of up to 108Mb/s. Support for regular 802.11g and 802.11b is also provided. Twin extra-gain aerials provide an additional gain, ensuring maximum coverage range and signal diversity (higher-gain aerials are available as an optional extra). The wireless clients can be segmented into wireless 'VLANs' to create common or distinct groups and multiple levels of security lock down access even further (see later).
WDS - Wireless Distribution System
WDS provides two modes of operation to expand the Wireless range of your LAN. Where you install two or more compatible wireless routers, the WDS-enabled router becomes a satellite (slave) to the main base. In 'Repeater' Mode, the slave unit is within range of the main base unit and then repeats the main wireless signal into its own coverage area - this can effectively double the total range of the network (depending on the environment). In WDS Bridge mode, two physically separated LAN can be joined wireless, in order than they can communicate with each other. This is ideal where two offices need to be linked but a cable cannot be run (e.g. across a road). For more information about WDS
Wireless VLAN & Rate Control
As with the VLAN facility on the wired (RJ45) Ethernet ports, the Wireless VLAN facility enables you to create groups of LAN clients which are common (can communicate with each other) or distinct (cannot communicate with each other) whilst still allowing Internet access to all clients. Wireless VLAN Groups can be combined with VLAN groups on the wired ports too. Wireless Rate Control allows you to limit the wireless rate that a particular wireless client can use.
The wireless VLAN facility also allow you to require any wireless users to log into the router with a username and password before they can get wireless access, thus increasing security further.
Extensive Wireless Security
The Vigor2910VG models support industry standard WEP encryption, WPA and WPA2 encryption methods. For Enterprise level control, 802.1x authentication is also supported, operating with your own Radius server. Wireless VLAN allows user authentication (permitting wireless access only after entering a username/password). Finally, you can lock the router down further so if the unique hardware ('MAC') address of the wireless client is not in the 'allow' list, the client is also denied access as well as pre-set DHCP allocations and block any other devices which attempt to connect.
Optional ISDN Interface
The Vigor2901VGi model offers all of the same facilities as the standard Vigor2910VG model but has an ISDN interface in addition. This can connect to any ISDN2e or BT Highway/Midband line. The ISDN interface provides dial-backup in the event of your main Internet feed being interrupted. Alternatively, the ISDN interface can be used on its own if you do not have a broadband feed to connect to the Vigor2910, both for shared internet access and direct-dial ISDN LAN-to-LAN Wide Area Networking.
3G Cellular Data Features
The Vigor 2910's USB port can host a compatible 3G modem or
cellphone for access to the cellular network for full Internet Access.
Most UK networks now provide high speed HSDPA data connections at up to
3.6Mb/s download speed. The 3G connection can be used as your
primary/only Internet access, or as backup to your main ADSL line
connection. This is not only ideal for homes or offices which don't
want to pay fixed line + broadband rental, but also for temporary
locations, or those to where fixed lines aren't available.
With the Wireless LAN equipped models of the Vigor 2910 series, your
local users can be connected wireless to the router, so instant free
'hotspots' can be deployed quickly and easily. Mains power is required
for the router's PSU, but this could be from a mobile generator or
equivalent so you need to plan for this.
The Vigor 2910 and 3G cellular modem setup is ideal for:
- Backup to your primary Internet feed (ADSL, cable etc.)
- Providing lower cost broadband than a fixed line solution
- Areas without fixed line broadband access
- Compatible with a wide range of 3G modems/phones
- Temporary Locations
- Mobile Homes
- Locations on the move - coaches, trains
- Fairgrounds & temporary exhibitions
- Outdoor locations (the router and modem itself must be indoors!)
- Disaster Planning & High Availability
Supported Modems / Phones
- Huawei E220 (As used by Vodafone, T-Mobile, 3)
- Huawei E270
- Option Globesurfer Icon
- Nokia N70
- Nokia N95
- Nokia 6233
- Nokia N95
- Telstra HSDPA USB Modem
- 4G System XSPlug P3
- Zapp Telemodem Z020
- Option Globesurfer iCON
- 4G System XSPlug P3
- ZTE AC8700 3G
- Benq EF91
- LG U8380
- Telstra Next G 3G USB
- ZTE AC8700
A USB connection cable is required for your phone (not supplied).
Vigor 2910 Series - Product Highlights
- Combination Ethernet router, VPN Device, Firewall and Load-Balancer
- Primary Ethernet WAN Interface
- Selectable secondary WAN Interface - New!
- Load Balancing across both WAN ports with automatic or user-defined policies - New!
- WAN Backup using secondary WAN in case of fisr WAN failure - New!
- Four-Port 10/100BaseT autosensing Ethernet interface with manual speed over-ride (one port switchable to WAN2 port)
- Printer Port - built-in USB port compatible with most standard printers and any Windows 98SE, 2000 or XP client PC.
- Internet Firewall facilities featuring :
- Automatic Keep-state facility for tracking packets and denying unsolicitied incoming data
- Selectable DoS/DDoS protection
- IP Address anti-spoofing
- User-configurable packet-filtering with new Object Manager - New!
- NAT/PAT for Automatic LAN/WAN Mapping and Security
- NAT Port Redirection with automatic internal ranging - New!
- NAT Port Forwarding (Up to 200 IP ports) - New!
- True-DMZ for WAN IP Address Passthrough - New!
- QoS (Quality of Service) assurance with 8 selectable levels & support
- Internet Content Filtering:
- URL Keyword Filtering - Whitelist or Blacklist specific sites or keywords in URLs
- Surfcontrol Support - Block Web sites by category (subject to subscription)
- Prevent accessing of web sites by using their direct IP address (thus URLs only)
- Blocking automatic download of Java applets and ActiveX controls
- Blocking of web site cookies
- Block http downloads of file types :
- Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
- Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
- Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
- Time Schedules for enabling/disabling these restrictions
- Block P2P (Peer-to-Peer) file sharing programs (e.g. Kazza, WinMX etc. )
- Block Instant Messaging programs (e.g. IRC, MSN/Yahoo Messenger)
- VPN facilities :
- High performance VPN supports up to 32 simultaneous VPN tunnels.
- Dial-in or dial-out, LAN-to-LAN or Teleworker-to-LAN
- Protocol support for PPTP, L2TP, IPSec
- MD-5 & SHA-1 Authentication
- Encryption : MPPE, DES/3DES & AES
- Hardware Co-processor for VPN Encryption
- PFS (Perfect Forward Secrecy) - Adds additional key protection
- Pre-shared/IKE keying & PKI (X.509) certificate support
- IKE Phase 1 Agressive/Standard Modes & Phase 2 Selectable lifetimes
- Radius Support for dial-in teleworker profiles
- Compatible with other leading 3rd party vendor VPN devices
- For further details about Vigor VPN click here
- VoIP Facilities (Vigor2910V / Vigor2910VG only) :
- Voice calls carried over existing ADSL connection
- Two VOIP ports (RJ11 to BT type sockets)
- Automatic QoS Assurance for Voice-over-IP Calls - VoIP given highest priority
- SIP Standard Compliant
- VoIP Codecs : 8Kb/s-64Kb/s
- Registration with multiple different SIP Registrars at the same time - New!
- Distinctive Ring for incoming calls on different accounts - New!
- Automatically select different SIP providers depending on destination called - New!
- Manually select SIP provider for outgoing calls by user-defined prefix - New!
- Hotline Facility - connects to a fixed destination when you lift the handset - New!
- Do Not Disturb - Phones can be set to not ring according to a time schedule (e.g. at night) - New!
- Speed Dial (Phone Book) for quick dialling
- Caller ID on phone ports (UK Standard Compliant) - New!
- Integration with the PSTN via ITSP (e.g. DrayTel) enabling you to make/recieve calls from regular phone lines
- Connect any standard analogue phone into the phone ports
- UK Standard Call progress Tones (Ring, Busy cadence etc.)
- Adjustable Gain (volume) for voice tx/rx
- Log of incoming/outgoing calls & realtime Status reporting
- DTMF Transmission : In-Band, Out-of-Band (RFC2833), SIP Info
- Low latency queuing (LLQ), Random Early Detection
- G.168 Line Electrical Echo cancellation & Jitter Buffer (125 ms)
- Support for VoIP through VPN tunnels
- Built-in Call Handling (PBX) Facilities:
- Intercom (call) between local voice/phone ports - New!
- SIP Compliant Call Diversion (Forwarding) - Always, Busy or No-Answer
- DND (Do Not Disturb) with automatic time schedule - New!
- Call Waiting - New!
- Call Transfer - New!
- T.38 Fax Facilities - New!
- Outbound NAT Proxy / STUN Server Support
- Wireless Features (Vigor2910VG only) :
- 802.11g Super-G Wireless LAN (Total bandwidth up to 108Mb/s) - New!
- Twin gain aerials provide diversity and optimum coverage
- Optional Higher-Gain Aerials (see here)
- Backward compatible with 802.11b (11Mb/s) and regular 802.11g (54Mb/s) standards
- Wireless Security Features :
- WEP, WPA and WPA2 Wireless Security & Encryption - New!
- WLAN Isolation - Isolate WLAN from wired LAN - New!
- SSID Stealthing
- Restricted access list for clients (by MAC address)
- Time Scheduling (WLAN can be disabled at certain times of day)
- 802.1x User Authentication (via Radius Server, EAP-TLS Mode) - New!
- Optional Username/Password Required for Wireless Users
- WDS (Wireless Distribution system) for WLAN Bridging and Repeating (see here) - New!
- Wireless Client Rate control - New!
- Wireless VLAN - Set inclusive/Exclusive wireless groups - New!
- Active Client list in Web Interface
- ISDN Features (Vigor2910VGi only):
- Compatible with ISDN2e, BT's Home/Business Highway & BT Midband™ lines
- Uses ISDN for shared Internet access (dial-on-demand)
- Support for 64Kb/s and 128Kb/s (Multilink-PPP)
- Automatic ISDN backup for Internet access during WAN port (broadband) failure
- Bandwidth-on-demand (automatically switches between 64Kb/s and 128Kb/s)
- Direct ISDN Dial-up LAN-to-LAN connectivity (to another ISDN site)
- Remote 'teleworker' direct dial-in access to your LAN (from a remote ISDN line)
- Remote activation of ISP dial-up (dials ISP on receipt of recognised Caller ID)
- Dynamic DNS Posting, compatible with popular services
- DHCP Server facility with pre-settable allocations and alien lock-out
- Support for non-NAT public subnets (multiple public IP addresses)
- LAN Side IP address range and built-in DHCP server/relay is fully configurable
- RIP & Static Routing configurable
- Diagnostic Facilities:
- SNMP Reporting/Monitoring - compatible with industry standard tools
- Comprehansive Syslog logging/monitoring (DrayTek Syslog tool supplied)
- Ping & TraceRoute from WUI - New!
- Real Time Data Flow Monitor, with instant block (cut of any user immediately!) - New!
- VPN Passthrough for VPN client/server running behind the router
On the Vigor2910VG, the Wireless interface can be turned off and you do not have to use VoIP. A version of the Vigor2910VG without VoIP (Vigor2910G) or without Wireless LAN (Vigor2910G) is also available, to special order, if it is particularly required.