Mailing List
Mailing List
Sign Up Here
Like, follow & share: visit DrayTek UK's Facebook page visit DrayTek UK's Twitter page visit DrayTek UK's Linkedin page
DrayTek
Vigor 3220 Quad-WAN Load-Balancer
Product Code/EAN Description
V3220-K / 4716779076721 Vigor 3220 (UK/IE)
  • Supports four Gigabit Ethernet WAN Ports
  • USB 3G/4G/LTE modem can also be added
  • Wireless Management of up to 30 DrayTek APs
  • IPv6/IPv4 Dual-Stack
  • High performance - up to 500Mb/s firewall throughput
  • DrayTek Firewall with huge flexibility
  • High Availability (Hardware failover)
  • Hardware DMZ (LAN) RJ-45 Port
  • Multiple Private LAN Subnets
  • SMS (Text Message) Alert
  • VLANs (802.1q tag-based)
  • IGMP v3 MultiCast
  • Content Filtering (by keyword, data type or category)
  • LDAP Integration for VPN and user access
  • QoS (Layer 2&3, 802.1p & TOS/DCSP)
  • Up to 100 VPN tunnels for LAN-to-LAN or teleworkers
  • VPN Trunk/Backup to remote sites
  • SSL VPN - Tunnel or Proxy (50 users)
  • Optional VigorCare Available

 

Vigor 3220 Quad-WAN Router Firewall & Load Balancer

 

The Vigor 3220 is a router/firewall with four Gigabit Ethernet WAN ports, providing load balancing or failover for up to four WAN connections of any type. The Vigor 3220 is based on DrayTek's own DrayOS operating system, providing familiarity for users of other existing DrayTek products.

 

Robust & Comprehensive Firewall

Security is always taken seriously with DrayTek routers. The firewall protects against attacks including DoS (Denial of Service) attacks, IP-based attacks and access by unauthorised remote systems. Wireless, Ethernet and VPN are also protected by various protection systems. The DrayTek object-based firewall allows even more setup flexibility than ever, enabling you to create combinations of users, rules and restrictions to suit multi-departmental organisations. The Vigor 2860 now also allows selective direction firewall rules of LAN to WAN, WAN to LAN or LAN to VPN. In addition, QoS (Quality of Service Assurance) can now be selectively applied to specific users.

High Availability

For mission critical applications, a pair of Vigor 3220's can be set up in high-availability mode - also known as 'hardware failover'.  This removes the Vigor 3220 as a single point of failure if it ceases operation or is damaged - the standby router takes over operations. See more details on High Availability here.

 

IPv6 - Next Generation Internet Routing

The Vigor 3220 supports IPv6 - the successor to the current IPv4 addressing system that has been used since the Internet was first created. IPv4 address space is full up and IPv6 allows for much more efficient routing and a larger address space. IPv6 is supported both from your own ISP, but if your ISP does not (yet) support IPv6, the Vigor 2860 also supports IPv6 broker/tunnel services to provide IPv6 access using either TSPC or AICCU via 3rd party IPv6 providers. To learn all about IPv6, you can get our detailed guide to IPv6 here.

 

Web Content Filtering

GlobalView Categories

The content control features of the Vigor 3220 allows you to set restrictions on web site access, blocking download of certain file or data types, blocking specific web sites with whitelists or blacklists, blocking IM/P2P applications or other potentially harmful or wasteful content. Restrictions can be per user, per PC or universal. Using DrayTek's GlobalView service, you can block whole categories of web sites (e.g. gambling, adult sites etc.), subject to an annual subscription to the Cyren Globalview service, which is continuously updated with new or changed site categorisations or sites which have become compromised (such as infected with Malware). A free 30-day trial is included with your new router.

 

User Management/Authentication

The Vigor 3220 has built-in user management which allows you to provide conditional internet access to different users based on their own unique login (stored in the router, or on an external Radius server) and including the restrictions of web content filtering (above) too. For full details of this feature, click here.

 

WAN Load Balancing & Backup

The Vigor 3220's multiple WAN interfaces can be used either for WAN-Backup or load balancing. Each of the 4-WAN Ethernet ports can be connected to any Ethernet-based Internet connection, such as a DSL modem, cable modem, leased line etc.

In Load-balancing mode, the router will spread your Internet sessions across all Internet connections to make best use of your available total bandwidth.  This can be automatic, according to rules or reserving specific WAN connections for specific clients or services.

WAN-Backup (failover) provides contingency (redundancy) in case of your primary connection or ISP sufferers temporary outage. Internet Traffic will be temporarily routed via the second, third or fourth Internet connection. When normal services is restored to your primary line(s), all traffic is switched back to that.

 

 

802.1q Tagged, Wireless & Port Based VLAN

The Vigor 3220 features a hugely flexible VLAN system. Each of the 6 Gigabit LAN ports can be isolated from each other, for example to feed different companies or departments but keeping their local traffic completely separated. For more detailed explanation about VLANs click here

 

3G/4G Cellular Data Features

 

 

The Vigor 3220's USB port can host a compatible 3G/4G/LTE USB modem for access to the cellular network for full Internet Access as your primary or failover WAN connectivity. For further details, see here and for a list of supported 3G/4G modems see this page

 

 

 

 

Network Attached Storage (NAS)

Either of the Vigor 3220's USB ports can also be used to add storage memory to the unit in the form of a USB memory stick. That memory can be used for recording syslogs or accessed as a simple FTP/file storage for users, local or remote (password protected).   Requires a USB memory stick (up to 64Gb, FAT32 formatted).

 

 

 

 

 

 

 

 

VPN - Linking remote offices, HQ, teleworkers and mobile staff

A feature central to DrayTek routers is the VPN (Virtual Private Networking) features. A VPN enables you to link two remote offices, branch offices back to HQ or home-based/mobile teleworkers back to your office. Once connected, they have access to your office/remote resources through a secure encrypted tunnel allowing remote desktop, file sharing and seamless access to other resources and devices.

The Vigor 3220 allows you to set up up to 100 simultaneous VPN tunnels to remote offices or from remote teleworkers. The Vigor 3220 industry standard protocols, including encryption and authentication methods. Teleworkers can authenticate directly with your LDAP server if preferred.

The Vigor3220 supports VPN trunking; this allows you to create tunnels down muliple WAN connections to a remote site in order to increase bandwidth. VPN trunking also provides failover (backup) of your VPN route down a secondary WAN connection. You can learn more about DrayTek VPN here.

The Vigor 3220 also supports SSL VPN. These are encrypted tunnels linking your teleworker back to your main office but they are 'clientless in that your O/S does not need to generate the tunnel and you do not need to install any VPN software manually.  You instigate an SSL tunnel from your regular web browser, so it could be in a web cafe or guest network, and the tunnel is creating using SSL technology - the same encryption that you use for secure web sites such as your bank. The Vigor2860 can operate SSL VPNs in either Proxy or full tunnel mode and allows up to 50 simultaneous incoming users. For SSL VPN tunnel mode Windows OS is supported.

You can learn more about DrayTek SSL VPNs here.

 

Vigor 3220 Series - Technical Specification

  • Physical Interfaces:
    • LAN Ports:
      • 1 X RJ-45 Gigabit Ethernet (1000Mb/s) - LAN
      • 1 X RJ-45 Gigabit Ethernet (1000Mb/s) - DMZ Port
    • WAN Ports:
      • WAN1 : RJ45 Gigabit Ethernet (1000Mb/s) 
      • WAN2 : RJ-45 Gigabit Ethernet (1000Mb/s) 
      • WAN3 : RJ-45 Gigabit Ethernet (1000Mb/s) 
      • WAN4 : RJ-45 Gigabit Ethernet (1000Mb/s) 
      • WAN5 : USB3.0 Port for 3G/4G Cellular Modem or NAS feature
    • Performance:
      • Firewall: Up to 500Mb/s
      • IPSec VPN: Up to 200Mb/s
      • NAT Sessions : 100,000
    • Load Balance/Failover Features:
      • Outbound Policy-Based Load-Balance
      • WAN Connection Fail-over
      • BoD (Bandwidth on Demand)
    • WAN Protocols (Ethernet):
      • DHCP Client
      • Static IP
      • IPv4 / IPv6
      • PPPoE
      • PPTP
      • L2TP
    • IPv6 Features:
      • Operation on all of the WAN ports
      • Default-Deny Firewalling
      • Static IP, DHCPv6 or PPP
      • Connectivity to ISPs provided direct/native IPv6
      • Built-in tunnelling to IPv6 brokers:
        • TSPC
        • AICCU
        • 6in4
        • 6rd
      • Default stateful firewall for all IPv6 LAN Clients/Devices
      • DHCPv6 & RADVD for client configuration
      • IP Filtering Rules
      • QoS for IPv6 with DiffServ
      • Router Management over IPv6 (Telnet/HTTP) with IPv6 Access List
      • Dual-Stack (Concurrent) operation with IPv4)
    • Firewall & Security Features:
      • CSM (Content Security Management):
        • URL Keyword Filtering - Whitelist or Blacklist specific sites or keywords in URLs
        • Block Web sites by category (e.g. Adult, Gambling etc. Subject to subscription)
        • Prevent accessing of web sites by using their direct IP address (thus URLs only)
        • Blocking automatic download of Java applets and ActiveX controls
        • Blocking of web site cookies
        • Block http downloads of file types :
          • Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
          • Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
          • Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
        • Time Schedules for enabling/disabling the restrictions
        • Block popular P2P (Peer-to-Peer) file sharing programs 
        • Block Instant Messaging programs (e.g. IRC, MSN/Yahoo Messenger etc.)
      • Multi-NAT, DMZ Host
      • 802.1q Tagged VLANs
      • Port Redirection and Open Port Configuration
      • Policy-Based Firewall
      • MAC Address Filter
      • SPI ( Stateful Packet Inspection ) with new FlowTrack Mechanism
      • DoS / DDoS Protection
      • IP Address Anti-spoofing
      • E-Mail Alert and Logging via Syslog
      • Bind IP to MAC Address
    • Bandwidth Management:
      • QoS
      • Guaranteed Bandwidth for VoIP
      • Class-based Bandwidth Guarantee by User-Defined Traffic Categories
      • Layer 2&3 (802.1p & TOS/DCSP)
      • DiffServ Code Point Classifying
      • 4-level Priority for each Direction (Inbound / Outbound)
      • Bandwidth Borrowed
      • Temporary (5 minute) Quick Blocking of any LAN Client
      • Bandwidth / Session Limitation
    • Network/Router Management:
      • Web-Based User Interface (HTTP / HTTPS)
      • CLI ( Command Line Interface ) / Telnet / SSH
      • Administration Access Control
      • Configuration Backup / Restore
      • Built-in Diagnostic Function
      • Firmware Upgrade via TFTP / FTP
      • Logging via Syslog
      • SNMP v3 Management with MIB-II
      • TR-069
      • TR-104
    • VPN Facilities:
      • Up to 100 Concurrent VPN Tunnels (incoming or outgoing)
      • Tunnelling Protocols: PPTP, IPSec, L2TP, L2TP over IPSec
      • IPSec Main and Aggressive modes
      • IKE Phase 1 DiffieHelman Groups 1,2,5 & 14
      • IKE Phase 2 DiffieHelman Groups 1,2,5 & 14 (will match phase 1 selection)
      • Encryption : MPPE, DES and Hardware-Based AES (128/192/256bits) / DES / 3DES (168bits)
      • Authentication : Hardware-Based MD5, SHA-1 and SHA-256
      • IKE Authentication : Pre-shared Key or X.509 Digital Signature
      • SSL VPN for teleworkers - Up to 50 user. Proxy or tunnel.
      • LAN-to-LAN & Teleworker-to-LAN connectivity
      • DHCP over IPSec
      • NAT-Traversal ( NAT-T )
      • Dead Peer Detection (DPD)
      • VPN Pass-Through (PPTP, L2TP, IPSec)
      • MOTP (Mobile One Time Password)
    • SSL VPN:
      • SSL Application support for RDP, VNC & Samba 
      • Encryption/Authentication : RC4 (128bits), AES (128bits), DES/3DES
      • X.509 Digital Signature
    • Network Features:
      • DHCP Client / Relay / Server
      • DHCP Option 66 support
      • Dynamic DNS
      • NTP Client (Synchronise Router Time)
      • Call Scheduling (Enable/Trigger Internet Access by Time)
      • RADIUS Client
      • UPnP Support
    • Routing Protocols:
      • Static Routing
      • RIP V2
    • Certificate Management
      • Trusted CA
      • Local Certificate
      • CA Server
    • Operating Requirements:
      • Rack Mountable (brackets included)
      • Temperature Operating : 0°C ~ 45°C
      • Storage : -25°C ~ 70°C
      • Humidity 10% ~ 90% (non-condensing)
      • Power Consumption:  Watt Max.
      • Dimensions:  ( mm )
      • Operating Power: 220-240VAC directly to unit
      • Warranty : Two (2) Years RTB