The Vigor2955 SSL VPN Security Firewall is a broadband router with high throughput, high capacity VPN capabilities and dual-WAN interface. It provides policy-based load-balance, fail-over and BoD (Bandwidth on Demand) , and also integrates IP layer QoS, NAT session/bandwidth management to help users control and allocate the bandwidth on networks. With a dedicated VPN co-processor, the hardware encryption of AES/DES/3DES and hardware key hash of SHA-1/MD5 are seamlessly handled, thus maintaining maximum router performance. For remote teleworkers and inter-office links, the Vigor2955 supports up to 200 simultaneous VPN tunnels (such as IPSec/PPTP/L2TP protocols)and 50 sessions of SSL VPN.

 

It allows users to access Internet and combine the bandwidth of the dual WAN to speed up the transmission through the network. Each WAN port can connect to different ISPs, Even if the ISPs use different technology to provide telecommunication service (such as DSL, Cable modem, etc.). If any connection problem occurred on one of the ISP connections, all the traffic will be guided and switched to the normal communication port for proper operation.

 

Without the necessity of installing VPN client on individual PC, the Secure Socket Layer (SSL) virtual private network (VPN) facility lets remote workers connect to the office network at any one time. SSL is supported by standard web browsers such as FireFox and IE. For users of small offices and teleworkers who need to access enterprises's internal applications, file server and file sharing, Vigor2955 security router series allow up to 50 concurrent SSL sessions.

 

The Vigor2955 also provides high-security firewall options with both IP-layer and content based protection. The DoS/DDoS prevention and URL/Web content filter strengthen the security outside and inside the network. The enterprise-level CSM (Content Security Management) enables users to control and manage IM (Instant Messenger) and P2P (Peer to Peer) applications more efficiently. The CSM hence prevents inappropriate content from distracting employees and impeding productivity. Furthermore, the CSM can keep office networks threat-free and available. With CSM, you can protect confidential and essential data from modification or theft.

 

 

 

1. WAN Protocol

Ethernet

2. Dual WAN

Outbound policy based Load Balance

3. VPN

Protocols : PPTP, IPSec, L2TP, L2TP over IPSec Up to 200 Sessions Simultaneously VPN Trunking SSL VPN LDAP VPN Throughput NAT-Traversal (NAT-T) PKI Certificate : Digital signature (X.509) IKE Authentication : Pre-shared key; IKE phase 1 aggressive/standard modes & phase 2 selectable lifetimes Authentication : Hardware-based MD5, SHA-1 Encryption : MPPE and hardware-based AES/DES/3DES RADIUS Client DHCP over IPSec Dead Peer Detection (DPD) Smart VPN Software Utility Easy of Adoption Industrial-standard Interoperability

4. Content Filter

URL Keyword Blocking Web Content Filter Time Schedule Control

5. Firewall

Stateful Packet Inspection (SPI) Content Security Management (CSM) Multi-NAT Port Redirection Open Ports DMZ Host Policy-based IP Packet Filter DoS/DDoS Prevention IP Address Anti-spoofing Object-based Firewall Notification Bind IP to MAC address WDS Security

6. USB

3.5G USB Modem (USB 3.5G backup only for WAN1) Printer Sharing

7. System Management

Web-based User Interface (HTTP/HTTPS) DrayTek's Quick Start Wizard User Administration CLI ( Command Line Interface, Telnet/SSH) DHCP Client/Relay/Server Dynamic DNS Administration Access Control Configuration Backup/Restore Port-based VLAN Built-in Diagnostic Function NTP Client/Call Scheduling Firmware Upgrade via TFTP/HTTP/FTP Remote Maintenance Wake On LAN Logging via Syslog SNMP Management

8. Bandwidth Management

Traffic Shaping Bandwidth Reservation Packet Size Control DiffServ Codepoint Classifying 4 Priority Levels (Inbound/Outbound) Individual IP Bandwidth/Session Limitation Bandwidth Borrowing User-defined Class-based Rules

9. Routing Functions

Router Advanced Routing and Forwarding DNS DHCP NTP Policy-based Routing Dynamic Routing Static Routing

10. Internet CSM (Content Security Management) Featuring

URL keyword filtering - whitelist or blacklist specific sites or keyword in URLs Block web sites by category (subject to subscription) Prevent accessing of web sites by using their direct IP address (thus URLs only) Blocking automatic download of Java applets and Active X controls Blocking of web site cookies Block http downloads of file types (binary, compressed, multimedia) Time schedules & exclusions for enabling/disabling these restrictions Block P2P (Peer-to-Peer) file sharing programs (e.g. Kazaa, WinMX etc.) Block Instant messaging programs (e.g. IRC, MSN/Yahoo Messenger)

11. Support

Smart Monitor (Free & Optional Utility ): Network service analyze, User Management, System Management, System Management, Top10 ranking system, Up to 100 PC Users Warranty : 2-year limited warranty, technical support through e-mail and Internet FAQ/Application Notes Firmware Upgrade : Free Firmware upgrade form Internet

12. Declaration of Conformity