|
WAN Protocol
|
|
Ethernet
|
PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6
|
|
Dual WAN
|
|
Outbound Policy based Load Balance
|
Allow your local network to access Internet using multiple Internet
connections with high-level of Internet connectivity availability.
|
|
Two dedicated Ethernet WAN ports (Gigabit WAN)
|
|
WAN fail-over or load-balanced connectivity.
|
|
VPN
|
|
Protocols
|
PPTP, IPsec, L2TP, L2TP over IPsec.
|
|
Up to 200 connections simultaneously
|
LAN to LAN, remote access (teleworker-to-LAN), dial-in or dial-out.
|
|
VPN trunking
|
VPN load-balancing and VPN backup.
|
|
LDAP/Active Directory
|
Lightweight directory access protocol.
The enterprises use LDAP/Active Directory authentication technology to
allow administrator, IT personnel and users to be authenticated when
trying to access company's intranet environment.
|
|
NAT-traversal (NAT-T)
|
VPN over routes without VPN pass-through.
|
|
PKI certificate
|
Digital signature (X.509).
|
|
IKE authentication
|
Pre-shared key; IKE phase1 aggressive/standard modes & phase 2 selectable lifetimes.
|
|
Authentication
|
Hardware-based MD5, SHA-1.
|
|
Encryption
|
MPPE and hardware-based AES/DES/3DES.
|
|
RADIUS client
|
Authentication for PPTP remote dial-in.
|
|
DHCP over IPsec
|
Because DrayTek add a virtual NIC on the PC, thus, while connecting
to the server via IPSec tunnel, PC will obtain an IP address from the
remote side through DHCP protocol, which is quite similar with PPTP.
|
|
GRE over IPsec
|
GRE is used when IP packets need to be sent from one network to another without being parsed by any intervening routers
|
|
Dead Peer Detection (DPD)
|
When there is traffic between the peers, it is not necessary for one
peer to send a keep-alive to check for liveness of the peer because the
IPSec traffic serves as implicit proof of the availability of the peer.
|
|
Smart VPN software utility
|
Provided free of charge for teleworker convenience (Windows 7/XP including 32/64 bit).
|
|
Easy of adoption
|
No additional client or remote site licensing required.
|
|
Industrial-standard interoperability
|
Compatible with other leading 3rd party vendor VPN devices.
|
|
CVM
|
CVM, central VPN management, manages VPN tunnels easily.
|
|
Content Filter
|
|
IM/P2P blocking
|
Java applet, cookies, active X, compressed, executable, multimedia file blocking.
Web content filter
|
|
Web content filter
|
Dynamic URL filtering database.
|
|
Time schedule control
|
Set rule according to your specific office hours.
|
|
Firewall
|
|
Stateful Packet Inspection (SPI)
|
Outgoing/Incoming traffic inspection based on connection information.
|
|
Content Security Management(CSM)
|
Appliance-based gateway security and content filtering
|
|
Multi-NAT
|
You have been allocated multiple public IP
address by your ISP. You hence can have a one-to-one relationship
between a public IP address and an internal/private IP address. This
means that you have the protection of NAT (see earlier) but the PC can
be addressed directly from the outside world by its aliased public IP
address, but still by only opening specific ports to it (for example TCP
port 80 for an http/web server).
|
|
Port redirection
|
The packet is forwarded to a specific
local PC if the port number matches with the defined port number. You
can also translate the external port to another port locally.
|
|
Open Ports
|
As port redirection (above) but allows you to define a range of ports.
|
|
DMZ Port*
|
-This
opens up a single PC completely. All incoming packets will be forwarded
onto the PC with the local IP address you set. The only exceptions are
packets received in response to outgoing requests from other local PCs
or incoming packets which match rules in the other two methods.
-The precedence is as follows : Port Redirection > Open Ports > DMZ
|
|
Policy-based IP packet filter
|
The header information of an IP packet (IP
or Mac source/destination addresses; source /destination ports;
DiffServ attribute; direction dependent, bandwidth dependent,
remote-site dependent.
|
|
DoS/DDoS prevention
|
Act of preventing customers, users, clients or other computers from accessing data on a computer.
|
|
IP address anti-spoofing
|
Source IP address check on all interfaces only IP addresses classified within the defined IP networks are allowed.
|
|
Object-based Firewall
|
Utilizes object-oriented approach to firewall policy
|
|
Notification
|
E-mail alertand logging via syslog.
|
|
Bind IP to MAC address
|
Flexible DHCP with 'IP-MAC binding'.
|
|
User/Rule base
|
User base integrates LDAP/Active Directory authentication to enforce policies.*
|
|
System Management
|
|
Web-based user interface (HTTP or HTTPS)
|
Integrated web server for the configuration of routers via Internet browsers with HTTP or HTTPS
|
|
Quick start wizard
|
Let administrator adjust time zone and promptly set up the Internet (PPPoE, PPTP, Static IP, DHCP).
|
|
User Administration
|
RADIUS user administration for dial-in access (PPP/PPTP and ISDN CLIP)
|
|
CLI(Command Line Interface, Telnet/SSH)
|
Remotely administer computers via the telnet.
|
|
DHCP client/relay/server
|
Provides an easy-to configure function for your local IP network.
|
|
Dynamic DNS
|
When you connect to your ISP, by broadband
or ISDN you are normally allocated an dynamic IP address. i.e. the
public IP address your router is allocated changes each time you connect
to the ISP. If you want to run a local server, remote users cannot
predict your current IP address to find you.
|
|
Administration access control
|
The password can be applied to authentication of administrators.
|
|
Configuration backup/restore
|
If the hardware breaks down, you can recover the failed system within
an acceptable time. Through TFTP, the effective way is to backup and
restore configuration between remote hosts.
|
|
Port-based VLAN
|
Create separate groups of users via
segmenting each of the Ethernet ports. Hence, they can or can't
communicate with users in other segments, as required.
|
|
Built-in diagnostic function
|
Dial-out trigger, routing table, ARP cache table, DHCP table, NAT
sessions table, data flow monitor, traffic graph, ping diagnosis, trace
route.
|
|
NTP client/call scheduling
|
The Vigor has a real time clock which can update itself from your
browser manually or more conveniently automatically from an Internet
time server (NTP). This enables you to schedule the router to dial-out
to the Internet at a preset time, or restrict Internet access to certain
hours. A schedule can also be applied to LAN-to-LAN profiles (VPN or
direct dial) or some of the content filtering options.
|
|
Tag-based VLAN (802.1Q)
|
By means of using a VLAN ID, a tag-based
VLAN can identify VLAN group membership. The VLAN ID provides the
information required to process the traffic across a
network.Furthermore, the VLAN ID associates traffic with a specific VLAN
group.
|
|
Firmware upgrade via TFTP/HTTP/TR-069
|
Using the TFTP server and the firmware upgrade utility software, you
may easily upgrade to the latest firmware whenever enhanced features are
added.
|
|
User Management
|
Dial-in access management (PPTP/L2TP and mOTP) and LDAP/Active Directory integration.
|
|
Remote maintenance
|
With Telnet/SSL, SSH (with password or public key), browser (HTTP/HTTPS), TFTP or SNMP, firmware upgrade via HTTP or TFTP.
|
|
Wake On LAN
|
A PC on LAN can be woken up from an idle/stand by state by the router
it connects when it receives a special 'wake up' packet on its
Ethernet interface.
|
|
Logging via syslog
|
Syslog is a method of logging router activity.
|
|
SNMP management
|
SNMP management via SNMP v1/v2, MIB II.
|
|
VigorACS SI Centralized Management
|
TR-069 based
|
|
External Device
|
Auto-detection mechanism to manage Vigor devices such routers/ switches/APs
|
|
Smart Monitor Traffice Analyzer
|
Support 200 PC Users
|
|
Bandwidth Management
|
|
Traffic Shaping
|
Dynamic bandwidth management with IP traffic shaping
|
|
Bandwidth reservation
|
Reserve minimum and maximum bandwidths by connection based or total data through send/ receive directions.
|
|
DiffServ codepoint classifying
|
Priority queuing of packets based on DiffServ.
|
|
4 Priority Levels(Inbound/Outbound)
|
Prioritization in terms of Internet usage
|
|
Individual IP bandwidth/session limitation
|
Define session /bandwidth limitation based on IP address.
|
|
Bandwidth Borrowing
|
Transmission rates control of data services through packet scheduler
|
|
User-defined class-based rules
|
More flexibility.
|
|
Routing functions
|
|
Router
|
IP and NetBIOS/IP-multi-protocol router.
|
|
Advanced routing and forwarding
|
Complete independent management and
configuration of IP networks in the device, i.e. individual settings for
DHCP, DNS, firewall, VLAN, routing, QoS etc.
|
|
DNS
|
DNS cache/proxy.
|
|
DHCP
|
DHCP client/relay/server.
|
|
NTP
|
NTP client, automatic adjustment for daylight-saving time.
|
|
Policy-based Routing
|
Based on firewall rules, certain data types are marked for specific routing, e.g. to particular remote sites or lines.
|
|
Dynamic routing
|
It is with routing protocol of RIP v2/OSPFv2/V3*. Learning and propagating routes.
Support BGP routing protocol.
|
|
Static routing
|
An instruction to re-route particular
traffic through to another local gateway, instead of sending it onto the
Internet with the rest of the traffic. A static route is just like a
'diversion sign' on a road.
|
|
Internet CSM (Content Security Management) Featuring
|
-
-
- URL keyword filtering - whitelist or blacklist specific sites or keywords in URLs
- Block web sites by category (subject to subscription)
- Prevent accessing of web sites by using their direct IP address (thus URLs only)
- Blocking automatic download of Java applets and ActiveX controls
- Blocking of web site cookies
- Block http downloads of file types (binary, compressed, multimedia)
- Time schedules & exclusions for enabling/disabling these restrictions
- Block P2P (Peer-to-Peer) file sharing programs (e.g. Kazaa, WinMX etc. )
- Block Instant messaging programs (e.g. IRC, MSN/Yahoo Messenger)
|
|
Support
|
|
Warranty
|
2-year limited warranty, technical support through e-mail and Internet FAQ/application notes.
|
|
Firmware upgrade
|
Free firmware upgrade from Internet.
|
Networking
