DrayTek Vigor 3900 Gigabit Darkfibre/Cityfibre Class Firewall/Router
The DrayTek Vigor 3900 is for enterprise customers with advanced requirements for bandwidth, traffic control and multiple network routing requirements. The device supports quad-Gigabit WAN ports for high-performance and multiple levels of redundancy. The system also carries a VPN co-processor allowing complicated variances of different applications and sophisticated remote access between sites and for mobile users. Its WAN throughput runs at up to 1Gb/s for the most demanding applications. Multiple WAN ports on the Vigor 3900 provide for load balancing or WAN failover by splitting your connections across concurrent connections and/or providers. The 3900 is based on the new DrayTek OS platform giving a clearer set of screens and configuration panels for remote users and connections alike.
For multi-tenant or departmental flexibility, the Vigor3900 will support multiple LAN IP subnets, together with VLAN capabilities and user management, providing access to WAN resources only to the appropriate users or departments, as well as maintaining infrastructure effciency.
Four WAN ports for load-balancing or failover
The four Gigabit Ethernet WAN ports (and one SFP slot for fibre modules or an additional Ethernet module) provide 5 independent WAN connections for load-balancing and/or failover applications. Conversely, gigabit Ethernet and SFP LAN Interfaces provide high speed connectivity to your LAN also for intense connectivity and throughput. This allows for the router to be a single go-to point in any enterprise where the connectivity is required to be spread over greater disctances internally - such as between local sites or floors - without the need to have an integrated fibre-capable switch to be seperately programmed to ferry the necessary traffic. This improves processing and reaction time for mission critical applications. WAN Load-balancing weight or traffic-typeare set on an automatic basis to spread WAN traffic evenly across all interfaces on a best-endeavour basis so that your systems are not fighting over a single connection for traffic.
The New DrayTek Vigor Firewall
The Vigor 3900's includes a fully stetful firewall, with a flowtrack mechanism and comprehensive WAN defences. The pre-defined protection modules include DoS/DDoS protection and flexible IP packet filtering. To ensure only the correct content passes, the Vigor 3900 has several methods of filtering to control user access and keep their access appropriate, safe and productive. Content filtering at the earliest opportuntiy helps keep your network efficient as no routing of unecessary traffic is performed and so your data is secure and your online productivity high.
Traffic Prioritisation and QoS
Enterprise-grade QoS features give efficient traffic prioritisation to ensure critical data is given appropriate priority and that your network topology handles data in the most efficient way to avoid congestion and bottlenecks. WAN traffic is assigned one of 7 different priorities for egress and 2 for ingress and bandwidth is reserved for critical applications.. Rules can be based on service type, users or IP source/destintation according to requirement.
In this example, VoIP traffic identified and given highest priority
and given a priority of 3:1 over email.
Mobile User Remote Access and Hardware VPNs
The DrayTek Vigor 3900 will support a 500 simultaneous teleworker or LAN-to-LAN VPNs with a VPN throughput of up to 700Mb/s, thanks to its hardware-based VPN co-processor. VPN security includes certificate, MOTP or token/PSK based access and key-hash authentication to ensure maximum security.
Adaptive VPN Trunking Across Multiple Devices and Connections
By the use of multiple WAN connections, the Vigor 3900's VPN-Trunking features can increase the bandwidth/capacity of your VPN connections, creating a single virtual tunnel between locations using 2, 3 or all 4 WAN connections.
VPN Trunking is the facility to create more than one VPN tunnel, over a second Wan connection, to the same remote location in order to provide either increased bandwidth between the two sites (load balancing) or resilience (failover) in the event that one tunnel/connection is interrupted. The Vigor 3900 supports both Failover and Load Balancing modes for VPN Trunks.
The Vigor 3900 already supports load balancing to the Internet using its four-WAN ports. What VPN trunking does is enables a single virtual tunnel to be created across two or more WAN connections to the same remote location creating a single virtual tunnel, recombining the tunnel at the other end. As far as the traffic and LAN devices/clients are concerned, there is just a single tunnel, with increased bandwidth.
In the diagram above, you can see a single virtual tunnel as far as the LAN at each end is concerned. Within the router, two WAN connections are being used with each router, across which the VPN tunnel can be spread, increasing total capacity and/or redundancy (for failover).
SSL Portal VPN Access & SSL VPN Clients
The Vigor 3900 provides for up to 20 concurrent SSL VPN web-proxy tunnels, allowing remote access to your network from virtually any network or situation without the inconvenience or installation issues of a VPN client. As it is a standard Internet protocol, SSL VPNs are resilient to obstructions normally affecting tunnels through guest networks (web cafes, hotels etc.) where other VPN tunnels often have difficulties. SSL encryption is using 128bit DES/3DES or AES for added strength. Using two-factor MoTP, teleworker passwords are strong and realtime unique; a password is generated in real-time bysmartphone and can be used once only once generated. All teleworkers can optionally use LDAP or X.509 certificates for authentication. In addition to Web-proxy mode, full SSL VPN tunnelling is provded using SSL clients.
Multi-Device High Availability
For greater resilience, the DrayTek Vigor 3900 provides High Availability (HA). The CARP protocol (equivalent to VRRP or HSRP) allows for the set-up of a master and secondary Vigor 3900 and in the event of the master unit failing, the secondary unit seamlessly and automatically switches over removing the possibility of a single point of failure within routers. Multiple active Vigor3900's can also effect reciprocal routing backup to other active DrayTek Vigor3900s.
DrayTek Vigor 3900 Specification
- Physical Interfaces:
- LAN Interfaces:
- 2 x Gigabit (10/100/1000 Base-T)
- 1 x Active SFP Slot
- WAN Interfaces:
- 4 x Gigabit (10/100/1000 Base-T)
- 1 x Active SFP Slot
- 3.5G (Cellular) Access via compatible USB Adaptor ('dongle') - Later firmware upgrade (Schedule TBA)
- 2 x USB 2.0 Host Ports
- Console (RJ45)
- WAN Connectivity/Protocols:
- DHCP Client
- Static IP
- IPv4
- IPv6 (available on a single WAN port only)
- PPPoE
- L2TP (Later firmware upgrade)
- 3G / 3.5G (later firmware upgrade)
- Port Load-Balancing
- Port Failover
- QoS
- 802.1q Tag-Based VLAN
- Network Protocols:
- DHCP Client/Server
- DHCP Options
- Dynamic DNS Service Updating
- NTP Client
- DNS Cache/Proxy
- Static Routing
- NAT (IPv4):
- 100,000 Sessions
- Port Redirection
- One-to-One Public-to-Private Mappping
- MultiNAT
- VPN:
- Dial-in and Dial-out LAN-to-LAN
- Dial-in Teleworker
- Protocols:
- PPTP
- L2TP
- IPSec
- L2TP over IPSec
- Encryption/authentication:
- Hardware-based AES (128, 192, 256 bits)
- Hardware-based DES/3DES (56 & 168 bits)
- MPPE (40 or 128 bits)
- Hardware-based MD5 & SHA-1
- IKE authentication : Pre-shared Key (PSK)
- PKI : X.509 Digital Signature (certificate)
- Certificate Server (CA) / Trusted CA / Local Certificate
- MOTP for Teleworkers
- Dead Peer Detection (DPD)
- VPN Passthrough : PPTP, L2TP, IPSec, SSL
- NAT Traversal (NAT-T)
- DHCP over IPSec
- GRE over IPSec
- Traffic / Content Management:
- QoS (7/2 levels egress/ingress)
- DiffServ Codepoint Classifying
- Session & Bandwidth Limitation (IP-based)
- Globalview Categoric Web Content Filtering
- Web URL Keyword Blocking
- SSL VPN:
- Tunnel Mode : up to 200 Web Proxy Tunnels
- SSL Full tunnelling (firmare upgrade - schedule TBA)
- SSL Applications : HTTP (web), VNC, RDP
- Encryption : RC4 (128 bits), AES (128 bits), DES/3DES
- Digital Signature (X.509)
- Pre-shared key
- MOTP
- Management Facilities:
- Web Interface (HTTP & HTTPS)
- CLI : Telnet and SSH
- Firmware Upgrade : TFTP and HTTP
- Configuration Backup/Restore (Binary)
- Admin Access Control
- SNMP Management (MIB-II))
- Syslog
- TR-069
- Supported by Vigor-ACS Platform
- Operating Requirements:
- Rack Mountable. 1U. (Mount brackets included)
- Temperature Operating : 0°C ~ 45°C
- Storage : -10°C ~ 70°C
- Humidity 10% ~ 90% ( non-condensing )
- Power Consumption: 20W max (typically 10-15W)
- Dimensions: 443 x 280 x 44 mm (LxWxH) - 1U
- Operating Power: 220-240VAC
- Warranty : 2 Years Manufacturer's RTB included
Details
- Professional Router/Firewall
- Five Gigabit WAN ports (4 x Ethernet & 1 SFP)
- Up to 50 WAN ports with optional switch
- WAN Load Balancing & WAN Failover
- High-Availability (with CARP)
- Up to 500 simultaneous IPSec/PPTP/L2TP Tunnels
- Up to 200 SSL VPN Tunnels (Web-Proxy)
- 3 Gigabit LAN ports (2 x Ethernet & 1 x SFP)
- IPv4 & IPv6 Dual-Stack
- Two Independent USB Ports
- 802.1q Tagged and port-based VLANs
- QoS Assurance on different traffic types
- Mobile One-Time Passwords for Teleworker VPNs
- VPN Trunking (aggregated/failover links)
- Up to 50 WAN/LAN-side IP subnets
- Web Content Filtering
- Optional VigorCare Available