Feature Summary

Vigor 3300V Feature Summary

• High Performance Firewall featuring :
  • Easy to navigate Web Interface
  • Full Stateful Packet Inspection for both NAT and non-NAT operation
  • Load Balancing, WAN Port backup & High-Availability
  • Packet Filtering & IP DMZ Support
  • DHCP Client, Server & Relay
  • Bandwidth/Speed Limitation Function
  • Bind IP Address to MAC Address on LAN
  • Physical DMZ Port (selectable)
  • WAN & LAN Port Mirroring (for audit/diagnostic)
  • RFC Compliance Testing
  • Dos & DDoS protection on all interfaces (LAN & WAN side) including signature testing
  • Support for multiple private subnets on the LAN side
  • Built-in diagnostics for all interfaces, and ping/traceroute tools
  • QoS facilities for guaranteeing available bandwidth for traffic categories
• Internet Access Control/Restriction :
  • Web URL filtering based on keywords, with reporting facility
  • Blocking enabled/disabled based on time / day schedules
  • Content Inspection : Real-time detection and blocking of Java Applet, Active X, Ccookies and Web Proxies (selectable).
  • Surfcontrol™ Site Category blocking ('Parental Control')
• Physical Interfaces :
  • WAN-Side 10/100BaseT Ethernet Interface
  • LAN-Side 10/100BaseT (4 ports)
  • Separate LAN-side DMZ Port (10/100BaseT)
  • Power : 220VAC; IEC socket on rear
• Comprehensive Reporting & management facilities :
  • Syslog reporting of real-time routing & firewalling activity
  • Email notification of breaches
  • Configuration and management from web-based user interface
  • Secure remote management
  • Test and debug facilities also available on Telnet interface
  • Built-in self-diagnostic tools
  • SNMP Agent with MIB-II
• Rackmountable (19") - Brackets included

 

main features

Main Features:

• Robust & Comprehensive Firewall
  
• Up to eight optional VoIP (Voice-over-IP) ports
  FXS (Phone Ports) or FXO (Line Ports) provide PSTN and VoIP integration.
• High Performance VPN Server
  Up to 200 simultaneous VPN Tunnels with high security encryption managed by a dedicated VPN co-processor.
• Load-balanced WAN Ports
  Connect up to four Internet feeds for increased Internet bandwidth, fault-tolerance and redunancy.
• Port Based VLAN or 802.1q based VLAN, supporting multiple independent or common LAN subnets.
• Physical DMZ Ports
  Up to three of the WAN ports can be alternatively configured to be hardware DMZ ports for the isolated hosting of a public-facing server.
• QoS Assurance
  Quality of Service assurance allows you to set different priorities for different types of Internet traffic to ensure that your mission critical connectivity can always get as much of the available Internet bandwidth as it needs.
• Content Filtering
  The Vigor3300V has several levels of Internet filtering including URL-keyword blocking and more comprehensive complete Surfcontrol™ category-based filtering.

technical skillset

The Vigor3300V is a sophisticated product, and something which your business will want to rely on. Vigor Enterprise Partners are required to have technical staff who undergo specific training and experience on the Vigor3300V, so you can be confident you're buying from someone who can best advise and support you before and after your purchase. The Vigor3300V is backed up with a manufacturer's 3-year warranty as standard (subject to registration) and when you purchase your Vigor3300V from a DrayTek Enterprise Partner, you can also choose VigorCare, which gives you priority advanced swap-out, giving you peace of mind in the unlikely event that a fault develops. VigorCare will deliver a replacement unit to you, normally the next working day, and collect the faulty unit. Subject to VigorCare™ terms and conditions and currently available in the UK Mainland only.   

Firewall

Robust Firewalling

The Vigor3300V employs full Stateful Packet Inspection (SPI) to help protect your network from intruders, rogue data and other potential attacks. In additional Dos (Denial-of-Service) and DDoS (Distributed DoS) attacks are protected against by robust coding, allowances for known attacks (e.g. SYN, ICMP Flood, Port Scanning etc.) and algorithms to detect specific rogue data patterns or protocol anomolies. By default, the firewall blocks all incoming data (except where it is an reply to outgoing request) and allows all outgoing data. The user can create specific packet filters to further restrict external/internal access. The Vigor3300V also provides full NAT/PAT operation enabling you to run your private network on a private subnet.

Content Filter

Content Filtering & Parental Control

The Vigor3300V has several levels of Internet and IP filtering. At the TCP/IP level, the firewall allows you to block specific internal or external IP addresses (or subnets) from being reached but the Vigor3300V's actual content filtering can provide application level control. In simple use, you can prevent access to web URLs which contain certain keywords by entering them into the router (e.g. 'hotmail' etc.). You can also block users from downloading potentially harmful java applets, EXE/ZIP/Multimedia files, cookies or using web proxies.

For more comprehensive protection, you can use Surfcontrol™ filtering, also known as Parental Control which permits access only to web sites within your selected categories (e.g. adult, gambling, news etc.). You can also exclude all 'uncategorised' sites. The Surfcontrol online database is continuously updated with new web sites, each one being categorised by Surfcontrol researchers. A 30-day trial licence is supplied with the Vigor3300V; renewal is subject to an annual subscription fee - currently from approximately £25 (subject to change; Surfcontrol is an independent organsiation to DrayTek).

VPN Capabilites

VPN Capabilities

The Vigor3300V can create VPN tunnels across the public internet. The tunnels can be to remote networks, or from a sifngle dial-in teleworker, needing to access your head office LAN where the Vigor3300V is installed. The Vigor3300V can create up to 200 simultaneous VPN tunnels, incoming or outgoing, to different locations. A dedicated VPN encryption co-processor ensures that maximum VPN performance in maintained, even with high level encryption.

At the remote sites, small offices can make use of other Vigor routers for the VPN termination, and single teleworkers can use the VPN capabilities built into Microsoft Windows 98SE/2K/XP. The Vigor3300V also provides compatibility with other third party vendor products, including Cisco™ Pix, Nokia™, Sonicwall™, Checkpoint™, ZyWall™ and Watchguard™ products

• Up to 200 Simultaneous VPN tunnels
• LAN-to-LAN or teleworker access
• VPN Dial-in, dial-out, always on or on-demand
• Dedicated High Performance VPN Co-Processor
• IPSec Authentication: SHA-1 and MD5
• DES, 3DES and AES Encryption (56-256 bits)
• HMAC-SHA-1 and HMAC-MD5 integrity algorithm
• ESP/AH header protocols
• MPPE Encryption for PPTP connections
• PKI (X.509) digital certificates / CA
• DHCP over IPSec
• Auto or manual keying for IPSec
• VPN Passthrough for all common protocols

Voip

Voice-over-IP Ports (VoIP) & Voice Call Handling

Voice-over-IP (VoIP) enables you to use your existing broadband Internet connection to carry regular Voice calls. With VoIP, you can call from your device to any other compatible VoIP user, anywhere else in the world. VoIP-to-VoiP calls are totally free of charge (the call is carried over your existing Internet connection) thus keeping your voice lines free, and saving you from having to install or pay rental on additional lines to add call capacity to your office.

For a further explanation of VoIP, see here and for scenarios of integration with an existing PBX, click here.

The Vigor3300V's Voice-over-IP ports are provided by optional modules which slide into the front of the router. Each VoIP module has four ports which are either FXO or FXS type (see later). You can have one of each type of module, or two the same. The modules can be ordered with the Vigor3300V, or purchased later. The modules provide standard RJ11 sockets. Understand FXO and FXS ports here.

voip summary Voice-over-IP Facilities - Summary Up to 8 FXS (phone interface) or FXO (line interface) voice ports (4+4) Connect any regular analogue telephone (FXS interfaces only) Connect into any standard phone line or PBX extension (FXO interfaces only) Integration Possible with your existing PBX SIP Compliant Multiple Simulataneous SIP Proxy/Registrar Registration Speed-Dial phone book available to all local users Codecs Supported : G.711, G729A, G723.1, G.726 Caller ID output on FXS ports to UK Standard Call Handling Features: Intercom (Internally between VoIP FXS ports Flexible Call Groups Simultaneous Port or Round Robin ringing on FXS ports Incoming Call Barring Hunt Groups Call Holding Vigor T.38 Faxing Preset (fixed) Destination for FXO Ports PIN-Code protection for FXO Port access Voice Call Quality Protorols : VAD (Voice Activity Dectection for Silence suppression) and CNG (Comfort Noise Generation) G.168-2000 Echo Cancellation & Jitter Buffer Packet Loss Concealment Adjustable Gain/Attentuation DTMF Transmission: Out of Band (RFC2833), In-Band and SIP Info Automatic QoS assurance for bandwidth reservation

Load balancing Load Balancing & Multi-Purpose WAN Ports The Vigor3300V has four WAN/DMZ ports which each be configured as either an Internet-facing WAN interface or as a LAN-facing physical DMZ (a 'Demilitarized Zone' which is isolated from the rest of the LAN). When configured as an Internet-facing (WAN) interface 2,3 or 4 ports can be combined for load balancing or backup, whereby you can use multiple Internet connections to provide greater total bandwidth capacity or fault-tolerance. Load Balancing In basic load-balancing mode, the Vigor3300V will distribute WAN traffic requests evenly. This means that if you have two 512Kb/s feeds, two LAN users can download at 512Kb/s simultaneously. Alternatively you can select traffic preferences for the load balancing, selecting specific Internet feeds for traffic types of traffic (e.g. VoIP, VPN), by source/destination IP address or TCP/UDP Port ranges. Backup/Fault Tolerance WAN ports can also be configured to act as backup to the main (primary) Internet feed, and only activate in the event of the primacry Internet feed failing (determined by lack of routing). Once the primary internet feed is restored, the backup WAN port goes idle again. VLAN & Multiple LAN Subnets The Vigor3300V supports Ethernet port based VLANs, where each of the four LAN (RJ45/Ethernet) ports can be put into common or distinct groups - i.e. isolated or joined to each other. In addition, the Vigor3300V can support up to four independent LAN-side private IP subnets, with the Vigor providing each with its own DHCP server. For more details of example configurations, Click Here. Bandwidth Management & QoS The Vigor3300V firewall allows the administrator to set Quality of Service (QoS) preferences such that specific services have greater priority over others, or that certain services can never take up more than a certain percentage of your bandwidth. For example, Voice-over-IP (VOIP) telephony might be considered the highest priority so when temporary Internet congestion exists, priority would be given by the Vigor3300V to the VOIP services so that VOIP calls can still be made, whereas FTP downloads, for example, would be given lower priority, i.e. a smaller percentage of the available bandwidth. Similarly, if you did not want users taking up too much of your valuable bandwith with P2P applications (e.g. downloading music) you could set a maximum percentage of your bandwidth that such applications could take up. The QoS facility allows service types to be given one of eight levels of priority. Each level has selectable parameters including guaranteed bandwidth (percentage), maximum bandwidth (percentage), DiffServ Codepoint and can recognise applications/targets based on IP Address, Service-Oriented Subnet, TCP/UDP Ports, IP protocol or volume of Traffic.