DrayTek Vigor 3220 Quad-WAN Load-Balancer

Product Code/EAN Description V3220-K / 4716779076721 Vigor 3220 (UK/IE) Supports four Gigabit Ethernet WAN Ports USB 3G/4G/LTE modem can also be added Wireless Management of up to 30 DrayTek APs IPv6/IPv4 Dual-Stack High performance - up to 500Mb/s firewall throughput DrayTek Firewall with huge flexibility High Availability (Hardware failover) Hardware DMZ (LAN) RJ-45 Port Multiple Private LAN Subnets SMS (Text Message) Alert VLANs (802.1q tag-based) IGMP v3 MultiCast Content Filtering (by keyword, data type or category) LDAP Integration for VPN and user access QoS (Layer 2&3, 802.1p & TOS/DCSP) Up to 100 VPN tunnels for LAN-to-LAN or teleworkers VPN Trunk/Backup to remote sites SSL VPN - Tunnel or Proxy (50 users) Optional VigorCare Available
Manufacturer: DrayTek
£479.00 excl tax
£389.00 excl tax

Vigor 3220 Quad-WAN Router Firewall & Load Balancer

 

The Vigor 3220 is a router/firewall with four Gigabit Ethernet WAN ports, providing load balancing or failover for up to four WAN connections of any type. The router runs the DrayOS operating system, providing familiarity for users of other existing DrayTek products.

 

Robust & Comprehensive Firewall

The DrayTek firewall offers extremely high levels of security and protects against attacks including IP-based DoS (Denial of Service) attacks and access by unauthorised hackers and intruders. Wireless, Ethernet and VPN are also protected by further, bespoke systems. The DrayTek object-based firewall allows for greater levels of configuration than ever before, enabling you to create combinations of users, rules and restrictions to suit multi-departmental organisations and requirements. The Vigor 3220 can also allow selective direction firewall rules of LAN to WAN, WAN to LAN & LAN to VPN. As well as this, QoS (Quality of Service Assurance) can now be selectively applied to specific users and rules.

High Availability

For mission critical situations an additional Vigor 3220can be set up in high-availability mode - also known as 'hardware failover' to mirror the service across an additional or the same connections.  This removes the risk of the Vigor 3220 being a single point of failure if it ceases operation or is damaged - the standby router takes over operations automatically.

 

IPv6 - Next Generation Internet Routing

The Vigor 3220 supports IPv6 - the successor to the current IPv4 addressing system that has been used since the Internet was first created. IPv4 address space is full up and IPv6 allows for much more efficient routing and a larger address space. IPv6 is supported both from your own ISP, but if your ISP does not (yet) support IPv6, the Vigor 2860 also supports IPv6 broker/tunnel services to provide IPv6 access using either TSPC or AICCU via 3rd party IPv6 providers. 

 

Web Content Filtering

GlobalView Categories

The Vigor 3220 content control features allow you to set individual restrictions on various website access, such as blocking download of certain file or data types, blocking specific web sites with whitelists or blacklists, filtering IM/P2P applications, or other potentially harmful or wasteful content. Restrictions can be per user, per device, or both. With the DrayTek GlobalView service, you can block different categories of web sites (e.g. gambling, adult sites etc.), subject to an annual subscription provided by the Cyren Globalview service, which is continuously updated to contain newly released sites or sites that have recently been compromised with malware etc. A free 30-day trial is included with your new 3220.

 

User Management/Authentication

The Vigor 3220  ships with user management allowing for conditional internet access to different users based on their own unique login (stored in the router, or by external Radius server) which also can be linked to the inbuilt content filtering system. 

 

WAN Load Balancing & Backup

The Vigor 3220's multiple WAN interfaces can be used either for WAN-Backup or load balancing. Each of the 4-WAN Ethernet ports can be connected to any Ethernet-based Internet connection, such as a DSL modem, cable modem, leased line etc.

In Load-balancing mode, the router distributes the Internet traffic across all available connections to optimise use of your total available bandwidth.  This can be either automatic, according to rules or by reserving specific WAN connections for specific users, devices or services.

WAN-Backup provides a contingency (in the form of having a fully redundant comnnection to failover to) in case your primary connection or ISP sufferers a temporary outage. The Internet Traffic will then be temporarily routed via the second, third or fourth Internet connection. When normal services is restored to your primary line(s), the traffic is switched back.

 

 

802.1q Tagged, Wireless & Port Based VLAN

The Vigor 3220 includes a comprehensive and highly-configurable VLAN system for separating traffic concerning different requirements or users. Each of the six Gigabit LAN ports can be isolated from each other, for example to feed different companies or departments but keeping their local traffic completely separated as the traffic flowing through the WAN ports is 'tagged' as destined for each differnt LAN port. The tagging keeps the traffic separate even as it passes through the same WAN ports. This functionality can also extend to switches etc. (this functionality is increased if using DrayTek switches.)

 

3G/4G Cellular Data Features

 

 

The Vigor 3220's USB ports can (as shown on the Vigor 2860 above) host a compatible 3G/4G/LTE USB modem for access to the cellular network for full Internet Access as primary or failover connectivity for your internet or other services. 

  

 

Network Attached Storage (NAS)

Either of the Vigor 3220's USB ports can also be used as a storage device by using a USB memory stick on which to store data saved across the network. That memory can be used for recording syslogs or accessed as a simple FTP/file storage for users, local or remote (password protected).   This requires a USB memory stick (up to 64Gb, FAT32 formatted) to be inserted in either or both USB ports.

 

VPN - Linking remote offices, HQ, teleworkers and mobile staff

A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across the VPN may therefore benefit from the functionality, security, and management of the private network.

VPNs may allow employees to securely access a corporate intranet while located outside the office. They are used to securely connect geographically separated offices of an organization, creating one cohesive network. Individual Internet users may secure their wireless transactions with a VPN, to circumvent geo-restrictions and censorship, or to connect to proxy servers for the purpose of protecting personal identity and location. However, some Internet sites block access to known VPN technology to prevent the circumvention of their geo-restrictions.

The Vigor 3220 allows for up up to 100 simultaneous VPN tunnels to remote offices or from remote teleworkers. The Vigor 3220 supports industry standard protocols, including many widely-used encryption and authentication methods. Teleworkers can authenticate directly with your LDAP server if preferred to minimise administration of passwords such as using your existing Windwos Active Directory infrastructure and logins.

The Vigor 3220 also supports VPN trunking which allows the creation of tunnels across muliple WAN connections to a single remote site to load-balance traffic and, therefore increase bandwidth. VPN trunking also provides failover (backup) of your VPN route down a secondary WAN connection, this can be combined with having redundant routers also to erradicate single points of failure.

The Vigor 3220 also supports the more popular SSL VPN now. These are encrypted tunnels linking you to your main office but they are 'clientless' in that your computer does not generate the tunnel and you do not need  any VPN software. You instigate an SSL tunnel using your web browser and you could be in a web cafe or guest network. Another advantage is that the tunnel is creating using SSL technology - the same encryption that you use for secure web sites such as your bank, and so the traffic is accepted through normal firewalls for hotels etc. rather than being blocked as VPN traffic often is. The Vigor 3220 can operate SSL VPNs in either Proxy or full tunnel mode and allow for up to 50 simultaneous incoming users. For SSL VPN tunnel mode Windows OS, Mac OS X, Apple iOS and Android are supported.

 

Vigor 3220 Series - Technical Specification

  • Physical Interfaces:Performance:
    • LAN Ports:
      • 1 X RJ-45 Gigabit Ethernet (1000Mb/s) - LAN
      • 1 X RJ-45 Gigabit Ethernet (1000Mb/s) - DMZ Port
    • WAN Ports:
      • WAN1 : RJ-45 Gigabit Ethernet (1000Mb/s)
      • WAN2 : RJ-45 Gigabit Ethernet (1000Mb/s)
      • WAN3 : RJ-45 Gigabit Ethernet (1000Mb/s)
      • WAN4 : RJ-45 Gigabit Ethernet (1000Mb/s)
      • WAN5 : USB3.0 Port for 3G/4G Cellular Modem or NAS feature
    • Firewall: Up to 500Mb/s
    • IPSec VPN: Up to 200Mb/s
    • NAT Sessions : 100,000
  • Load Balance/Failover Features:
    • Outbound Policy-Based Load-Balance to direct traffic via:
      • NAT or Routing
      • WAN Interface
      • LAN Interface
      • Specific LAN Gateway
      • VPN Tunnel
    • IP-Based or Session-Based Load Balance modes
    • WAN Connection Fail-over
    • BoD (Bandwidth on Demand)
    • Configurable Load-Balance pool, specify WAN interfaces to load balance
    • WAN Budget
  • WAN Protocols (Ethernet):
    • DHCP Client
    • Static IP
    • IPv4 / IPv6
    • PPPoE
    • PPTP
    • L2TP
  • IPv6 Features:
    • Operation on all of the WAN ports
    • Default-Deny Firewalling
    • Static IP, DHCPv6 or PPP
    • Connectivity to ISPs provided direct/native IPv6
    • Built-in tunnelling to IPv6 brokers:
      • TSPC
      • AICCU
      • 6in4
      • 6rd
    • Default stateful firewall for all IPv6 LAN Clients/Devices
    • DHCPv6 & RADVD for client configuration
    • IP Filtering Rules
    • QoS for IPv6 with DiffServ
    • Router Management over IPv6 (Telnet/HTTP) with IPv6 Access List
    • Dual-Stack (Concurrent) operation with IPv4)
  • Firewall & Security Features:
    • CSM (Content Security Management):
      • URL Keyword Filtering - Whitelist or Blacklist specific sites or keywords in URLs
      • Block Web sites by category (e.g. Adult, Gambling etc. Subject to subscription)
      • Prevent accessing of web sites by using their direct IP address (thus URLs only)
      • Blocking automatic download of Java applets and ActiveX controls
      • Blocking of web site cookies
      • Block http downloads of file types :
        • Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
        • Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
        • Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
      • Time Schedules for enabling/disabling the restrictions
      • Block popular P2P (Peer-to-Peer) file sharing programs
      • Block Instant Messaging programs (e.g. IRC, MSN/Yahoo Messenger etc.)
    • DNS Filter: Use DNS to enforce categorisation
    • Web Portal
    • Multi-NAT (32 WAN IPs per WAN1 & WAN2)
    • DMZ Host
    • DMZ Port
    • 40 Port Redirection rules
    • 40 Open Port rules (10 port ranges per rule)
    • Policy-Based Firewall
    • MAC Address Filter
    • SPI ( Stateful Packet Inspection ) with new FlowTrack Mechanism
    • DoS / DDoS Protection
    • IP Address Anti-spoofing
    • E-Mail Alert and Logging via Syslog
    • Bind IP to MAC Address
    • User Management:
      • Up to 200 Profiles
      • Supports external authentication via LDAP or RADIUS
      • Per User Bandwidth and Time Quota
      • Schedule Control to delete or disable account automatically
  • Bandwidth Management:
    • Quality of Service (QoS)
      • Guaranteed Bandwidth for VoIP
      • Class-based Bandwidth Guarantee by User-Defined Traffic Categories
      • Layer 2&3 (802.1p & TOS/DCSP)
      • DiffServ Code Point Classifying
      • 4-level Priority for each Direction (Inbound / Outbound)
      • Bandwidth Borrowed
      • App QoS: Classify traffic by Application
    • Temporary (5 minute) Quick Blocking of any LAN Client
    • Bandwidth Limit (Shared or individual limit)
    • Smart Bandwidth Limitation (Triggered by Traffic / Session)
    • Session Limit
  • Network/Router Management:
    • Web-Based User Interface (HTTP / HTTPS)
    • CLI ( Command Line Interface ) / Telnet / SSH
    • Web Console: Access CLI through Web Interface
    • Administration Access Control
    • Configuration Backup / Restore
    • Configuration Import from Vigor 3200
    • Built-in Diagnostic Function
    • Firmware Upgrade via Web Interface, TFTP, FTP
    • Logging via Syslog
    • Supports SmartMonitor (up to 50 IPs monitored)
    • SNMP v3 Management with MIB-II
    • TR-069
    • TR-104
    • Access Point Management: Centrally Manage up to 30 DrayTek VigorAPs
  • VPN Facilities:
    • Up to 100 Concurrent VPN Tunnels (incoming or outgoing)
    • Tunnelling Protocols:
      • PPTP
      • IPSec
      • L2TP
      • L2TP over IPSec
      • DrayTek SSL
    • IPSec Main and Aggressive modes
    • IKE Phase 1 DiffieHelman Groups 1,2,5 & 14
    • IKE Phase 2 DiffieHelman Groups 1,2,5 & 14 (will match phase 1 selection)
    • Encryption : MPPE, DES and Hardware-Based AES (128/192/256bits) / DES / 3DES (168bits)
    • Authentication : Hardware-Based MD5, SHA-1 and SHA-256
    • IKE Authentication : Pre-shared Key or X.509 Digital Signature
    • SSL VPN for teleworkers - Up to 50 user. Proxy or tunnel.
    • LAN-to-LAN & Teleworker-to-LAN connectivity
    • DHCP over IPSec
    • NAT-Traversal ( NAT-T )
    • Dead Peer Detection (DPD)
    • VPN Pass-Through (PPTP, L2TP, IPSec)
    • MOTP (Mobile One Time Password)
    • Virtual IP Mapping, map a remote IP subnet/range to another range to resolve IP subnet/range conflicts
  • SSL VPN:
    • Up to 50 Concurrent VPN Tunnels (incoming or outgoing)
    • SSL Application support for RDP, VNC & Samba
    • Encryption/Authentication : RC4 (128bits), AES (128bits), DES/3DES
    • X.509 Digital Signature
  • Network Features:
    • Port-Based VLAN (Inclusive/Exclusive Groups)
    • 802.1q VLAN Tagging
    • Port Mirroring
    • 802.1X LAN Port Authentication
    • Multi Subnet DHCP Servers with DHCP Relay
    • Custom DHCP Option support
    • Dynamic DNS
    • DNS Transparent Proxy
    • DNS Caching
    • LAN DNS (supports CNAME)
    • NTP Client (Synchronise Router Time)
    • Call Scheduling (Enable/Trigger Internet Access by Time)
    • RADIUS Client
    • LDAP Client
    • TACACS+ Client
    • Internal RADIUS Server
    • Microsoft™ UPnP Support
    • High Availability
    • Routing Protocols:
      • Static Routing
      • RIP V2
  • Certificate Management:
    • Trusted CA
    • Local Certificate
  • Operating Requirements:
    • Rack Mountable (brackets included)
    • Temperature Operating : 0°C ~ 45°C
    • Storage : -25°C ~ 70°C
    • Humidity 10% ~ 90% (non-condensing)
    • Silent operation (fanless)
    • Power Consumption: 19 Watt Max.
    • Dimensions: L273 * W176 * H46 ( mm )
    • Operating Power: 220-240VAC directly to unit
    • Warranty : Two (2) Years RTB