Description
The Vigor2960 serves as a VPN gateway and a central firewall for multi-site offices and teleworkers. With data throughput up to 1 Gbps via the two Gigabit Ethernet WAN ports, the 4 Gigabit Ethernet LAN ports, and the high-performance VPN, Vigor2960 brings productivity to various business operations.
WAN Load Balancing
Vigor2960 offers WAN throughput up to 1 Gbps, there are 2 Gigabit Ethernet WAN for either load balance or failover applications, up to two 3G/4G USB modems can be attached to the USB ports to add additional cellular connectivity. Up to 4 physical WAN connections can be active simultaneously to provide a high-performance as well as high-availability network.
While acting as an authoritative DNS server, Vigor2960 can also perform inbound load balancing to distribute the incoming connection requests across multiple WAN links to the server behind Vigor2960.
Local Network Management
The 4 Gigabit Ethernet LAN ports of Vigor2960 provides high-speed connectivity for the servers and PCs on the local network, up to 20 Virtual LAN (VLAN) can be set up on Vigor2960 to separate the local network into different logical domains to increase the security and network efficiency, moreover, each VLAN can use a unique IP subnet.
As for IP assignment for the LAN clients, except for the commonly-used DHCP, Vigor2960 also supports being a PPPoE server to provide independent connections between the LAN hosts and Vigor2960 over a multiple-access network.
High Capacity VPN
Vigor2960 is a high-performance VPN server, it allows up to 200 concurrent VPN connections, including LAN-to-LAN and Teleworker-to-LAN VPN. All the industry standard tunneling protocols are supported, including PPTP, L2TP, IPsec, IKEv2, and GRE. DrayTek SSL VPN is also provided. Vigor2960 also features VPN trunking, which allows you to establish multiple VPN tunnels to one remote network but through different WAN links. The two trunking tunnels can be used for load balancing application to increase the VPN throughput, or to be used in failover mode to provide a backup access.
Firewall & Security
Vigor2960 has integrated Stateful Packet Inspection (SPI) Firewall and flexible filtering rules, it can accept or deny packets based on the source, destination, port number, and its application (e.g., P2P, instant messaging). IP-based restrictions can be set to filter certain HTTP traffic as well as various application software, and prevent time and network resource wasting on inappropriate network activities. With an annual subscription to CYREN Web Content Filtering service, you may also filter the websites by their categories, and set up restrictions to block the whole categories of websites (such as Social Networking, Gambling.. etc.) without the need to specify every site you would like to block. The CYREN service is constantly updating the categorization, and a free 30-day trial is included in every new router.
High Availability (Hardware Redundancy)
Vigor2960 offers High Availability to prevent a single point of failure. The feature is based on the Common Address Redundancy Protocol (CARP). The network administrator can add a redundant Vigor2960 to the network as a standby router, in the events of failure of the main Vigor2960 the backup one can take over the traffic automatically, and reduce the downtime of the network.
Specifications
Hardware
Interface
- 2 Gigabit Ethernet WAN
- 4 Gigabit Ethernet LAN
- 2 USB ports
- Factory Reset Button
Power
- Max. Power Consumption: 19 watts
Temperature
- Operating: 0 ~ 45°C
- Storage: -25°C ~ 70°C
Humidity
- Operating: 10% ~ 90%
(non-condensing)
Dimension (mm)
WAN
Ethernet Connection (IPv4)
- PPPoE Client
- DHCP Client
- Static IP
- PPTP/L2TP
- 802.1Q VLAN Tagging
(Up to 20 profiles)
- Triple-Play Applications
Ethernet Connection (IPv6)
- PPP
- DHCPv6 Client
- Static IPv6
Load Balance
- IP-based Load Balancing
- Session-based Load Balancing
- Custom Weight
- Inbound Load Balancing
Failover
Connectivity Detection
High Availability
- Active-Standby Method
- Hot-Standby Method
LAN Managment
VLAN
DHCP Server
- Up to 20 IP Subnet
- DHCP Server
- PPPoE Server
- Bind-IP-to-MAC (DHCP Reservation)
DNS Control
Hotspot Portal
- Authentication: Local User Profile, Guest Profile, RADIUS, LDAP, SMS PIN
- Landing Page: URL Redirection, Bulletin Board
- Mobile Device Blocking
- Custom Portal Page
- Walled Garden
Routing
Static Route
- 200 IPv4 Static Routes
- 200 IPv6 Static Routes
Dynamic Routing
Policy Routing
- 120 Route Policy
- Criteria: Protocol, Source IP, Destination IP, Destination Domain Name, Destination Country, Destination Port
- Failover options
- Scheduled Enable/Disable
VPN
Performance
- Up to 200 concurrent tunnels
- Max. 50 concurrent SSL VPN
Protocols
- PPTP, L2TP, IPsec, L2TP over IPsec, SSL, GRE, IKEv2, OpenVPN (Since f/w v1.4.0)
- LAN-to-LAN VPN
- Teleworker-to-LAN VPN
Encryption
- MPPE 40/128 bit
- Hardware-based AES/DES/3DES
Authentication
- PAP, CHAP, MS-CHAP, MS-CHAPv2
- MD5, SHA1, SHA2-256
- Pre-Shared Key, Digital Signature (X.509)
- mOTP
Advanced
- Hub-and-Spoke Topology support
- DHCP over IPsec
- VPN Redundancy for Load Balancing or Failover
Firewall
NAT
- One-to-One Port Redirection
- Range-to-Range Port Redirection
- Range-to-One Port Redirection
- Server Load Balance
- DMZ Host
- ALG: SIP, H.323
- VPN Pass-Through: PPTP, L2TP, IPsec
- UPnP 500 sessions
Firewall Filter
- IP Filter
- IPv6 Filter
- Country Filter
- MAC Address Filter
- Object-based Configuration
- Scheduled Enable/Disable
Content Filtering
- Application Filter
- URL Keyword Filtering
- Category Filtering (subscription required)
- DNS Keyword Filtering
- Web Features Filtering
- QQ Filter
- IP-Based Policy
- User-Based Policy
- Scheduled Enable/Disable
Attack Protection
Bandwidth Management
Bandwidth Policy
- Session Limit
- Bandwidth Limit
- IP-Based Policy
- User-Based Policy
- Scheduled Enable/Disable
Quality of Service
- Layer 3 QoS (TOS/DSCP)
- 4-Level Priority with user-defined classification
- Bandwidth Borrowing
- Guaranteed bandwidth for VoIP traffic
- APP QoS
Network Features
- Dynamic DNS
- DNS Security
- GVRP
- IGMP Proxy
- SMB File Sharing
- FTP Server
User Authentication
- Local User Database
- RADIUS Server
- Active Directory/LDAP
Management
Configuration
- Web Interface: HTTP, HTTPS
- Command-Line Interface: Telnet, SSH
- TR-069 via VigorACS
- Configuration File Export & Import
F/W Upgrade
Admin Access Control
- 2-level Administration Privilege
- Access from the Internet
- Access List
- Brute Force Protection
- Login Page Greeting
Monitoring
- Dashboard
- Syslog
- SMS/E-mail Alert
- TR-069 via VigorACS
- SNMP v2, v2c, v3
- Port Mirroring
Central Management
- Wireless Controller for up to 50 VigorAP
- 10 Vigor Switch
- 12 Vigor Router (CVM)