Overview

 

Vigor 2920 Series Router Firewall

The Vigor 2920 series is a dual-WAN port Firewall Router with excellent performance to run both WAN interfacess simultaneously. It also now supports IPv6 - the next generation Internet system (click IPv6 tab below for moe information).

Robust & Comprehensive Firewall

Security is a major feature Vigor 2920 Series. The firewall features measures for protection against attacks including DoS (Denial of Service) attacks, IP-based attacks and access by unauthorised remote systems. Wireless, Ethernet and VPN are also protected by various protection systems (see later). The DrayTek object-based firewall allows vast flexibility, enabling you to create combinations of users, rules and restrictions to suit multi-departmental organisations.

Content control features of the firewall allow you to set restrictions on web site access, blocking download of certain file types, blocking specific web sites, blocking IM/P2P applications or other potentially harmful or wasteful content. Filtering using web site categorisations enable you to block whole categories of web sites (e.g. gambling, adult sites etc.), subject to subscription.

Dual-WAN Load Balancing & Backup

Either (or both) Ethernet WAN ports on the Vigor 2920 can be connected to an ADSL modem, cable modem or any other Ethernet-based Internet feed. When you are using both ports, the secondary interface can be used either for WAN-Backup or load balancing.

WAN-Backup provides contingenry (redundancy) in cases of your primary feed or ISP suffering temporary outage. Internet Traffic will be temporarily routed via the secondary Internet access. When normal services is restored to your primary ADSL line, all traffic is switch back to that.

In load-balancing mode, the Vigor 2920 will make use of both of your WAN feeds together, spreading your Internet traffic across both either as equally as possible or according to user-configurable rules. For example, you might want all of your VoIP traffic to be routed only through one ISP connection.

The Vigor 2920's USB port provides an alternative connection method for Internet backup by connecting to a compatible USB modem (or cellphone) for access to the high speed 3G cellular networks from UK providers such as Vodafone, O2, Orange, 3 and T-Mobile. The 3G access method can be used as your primary/only Internet connection, ideal for temporary locations, mobile applications or where broadband access is not available.

Note : For WAN failover you can use only one method at a time, e.g. Ethernet, 3G.

WiFi

Wireless LAN ('n' models only)

The Vigor 2920 Series features 802.11n wireless LAN specification and has been certified by the WiFi alliance for cross compatibility and WiFi compliance (including WPA/WPA2 and WMM).

802.11n provides a total wireless bandwidth of up to 300Mb/s using new methods such as packet aggregation and channel bonding. Throughput depends on your own environment (factors such as obstructions, number of hosts and distance all make a significant difference), but actual transfer speeds of 100Mb/s are achievable (based on our real world tests). In addition, 802.11n Draft 2.0 provides greater coverage and resilience to interference compared to previous wireless standards thanks to the MIMO technology and the Vigor's triple-antennae diversity arrangement. This offset arrangement of aerials provides offset paths between hosts so that interference can be overcome.

Wireless Security is comprehensive too; the Vigor 2920 Series provides several independent levels of security including encryption (up to WPA2), authentication (802.11x) and methods such as MAC address locking and DHCP fixing to restrict access to authorised users only. The Web interface lets you see how many and which clients are currently connected as well as their current bandwidth usage. An 'instant' block lets you disconnect a wireless user temporarily in case of query. The Wireless VLAN facility allows you to isolate wireless clients from each other or from the 'wired' LAN.

The Multiple SSID features enables you to have up to four distinct or common virtual wireless access points. For example, you could have one for company usage, with access to your company LAN and another for public access which allows internet surfing only. Setting up wireless security is made easier thanks to the WPS feature (WiFi protected setup) whereby your client PC can get it's security keys by pressing a button on the front of the router.

If your laptop PC's built-in wireless doesn't support 802.11n wireless, you can use the optional Vigor N65 USB adaptor. Click on 'accessories' for details.

For specialist or more demanding coverage applications, optional aerials can be used with the Vigor 2920 to potentially increase the range of wireless coverage (depending on enviroment) or provide directional coverage in order that your wireless transmission is focussed and concentrated into one direction only, for example into a room or across open space. With the increasing popularity of wireless LANs, you will want to choose the least congested wireless channel (Nos. 1-13) for yours. The Vigor can scan and provide a list of all devices in the vicinity so that you can choose the best channel (see screenshot below).

802.11n Compliant WiFi Alliance Approved Packet Aggregation and Channel Bonding Optional Higher Gain or directional aerials available - Click Here. Also Compatible with 802.11b and 802.11g Standards Active Client list in Web Interface Wireless LAN Isolation (from each other and/or wired LAN) 64/128-bit WEP Encryption WPA/WPA2 Encryption WPS - WiFi Protected Setup for client security setup - (Firmware Upgradable, ETA April 2008) Switchable Hidden SSID Restricted access list for clients (by MAC address) Time Scheduling (WLAN can be disabled at certain times of day) Access Point Discovery WDS (Wireless Distribution system) for Bridging and Repeating 802.1x Radius Authentication Wireless Rate-Control Automatic Power Management 802.11e WMM (Wi-Fi Multimedia)

Above : The Vigor2820n provides a local survey of other access points so that you can choose the least congested channel.

Wireless LAN WDS Facility

Vigor 2920 'n' models support a system called WDS (Wireless Distribution System) which enables you to use the wireless capability to bridge to another network, within wireless range. You need an additional compatible wireless router for this of course. Here is a simple example:

With WDS bridging, both networks should be within the same logical IP subnet (IP address range). Once set up, all of the PCs on both sides of the link can access each other, across the wireless bridge. Local wireless devices such as a laptop can continue to use their local access point.

An additional mode, as shown above, called 'repeating', allows you to set up a third station. In the diagram below, the router at 'B' is set up in repeating mode, relaying traffic between LANs at A and C. Therefore, all three physical networks can communicate with each other over the wireless links.

Important Note : Wireless performance (speed and range) always depends on your specific environment and will vary considerably. Factors affecting performance include wireless traffic, other networks nearby, site construction, walls, ceilings and other electronic equipment nearby. The product may not be upgradable to future 802.11n standards or be compatible with products from other manufacturers. Speeds quoted are the maximum wireless capacity, including RX/TX capacity, protocol overheads and all clients/hosts connected.

3G

3G Cellular Data Features

The Vigor 2920 Series's USB port can host a compatible 3G modem or cellphone for access to the cellular network for full Internet Access. Most UK networks now provide high speed HSDPA data connections at up to 3.6Mb/s download speed. The 3G connection can be used as your primary/only Internet access, or as backup to your main ADSL line connection. This is not only ideal for homes or offices which don't want to pay fixed line + broadband rental, but also for temporary locations, or those to where fixed lines aren't available.

With the Wireless LAN equipped models of the Vigor 2920 series, your local users can be connected wirelessly to the router, so instant free 'hotspots' can be deployed quickly and easily. Mains power is required for the router's PSU, but this could be from a mobile generator or equivalent so you need to plan for this.

Supported 3G Modems / Phones Huawei E156G Huawei E160 / E / X / G Huawei E169 / G Huawei E171 Huawei E172 Huawei E220 Huawei E230 Huawei E270 Huawei E272 Huawei E353 Huawei E1550 * Huawei K3765 Huawei K4505 Vodafone K3565 / K3565-H (not K3565-z) Vodafone K3520 / K3520-H (not K3520-z) Vodafone K3760 * T-Mobile 110 T-Mobile Web'n'walk Stick III Nokia N70 Nokia N95 Nokia 6233 Nokia N73 Nokia E65 Option Globesurfer iCon 7.2 Sierra Aircard 876u Sierra 875U ZTE AC8700 3G ZTE MF622 ZTE MF627 ZTE MF637 ZTE MF662 This is not a complete list as additional 3G USB modem support is added continuously as telcos introduce new models; please check here for latest information on your preferred modem model. * : Supported in beta firmware A USB connection cable is required for your phone (not supplied).

The Vigor 2920 and 3G cellular modem setup is ideal for:

• Backup to your primary Internet feed (ADSL, cable etc.)
• Providing lower cost broadband than a fixed line solution
• Areas without fixed line broadband access
• Compatible with a wide range of 3G modems/phones
• Temporary Locations
• Mobile Homes
• Locations on the move - coaches, trains
• Fairgrounds & temporary exhibitions
• Outdoor locations (the router and modem itself must be indoors!)
• Disaster Planning & High Availability

 
Example Use : Installation in a mobile café or moving bus

There is more information about DrayTek 3G solutions here.

Note: DrayTek have no control over local network/provider operations, changes in network facilities/tarrifs nor make any claim over specific network compatibility. Please assure yourself that the router will be compatible with your chosen cellular network and provider and that you have adequate signal coverage before committing to any contract term. Please also ensure that your chosen provider and the tariff allows access to all of your required applications (e.g. VPN, VoIP, Messaging etc.) as many packages exist, some blocking certain data types.

IPv6

IPv6 - Next Generation Internet Routing

The Vigor 2920 supports IPv6 - the successor to the current IPv4 addressing system that has been used since the Internet was first created. IPv4 address space is full up and IPv6 allows for much more efficient routing and a larger address space. IPv6 is supported both from your own ISP, but if your ISP does not (yet) support IPv6, the Vigor 2850 also supports IPv6 broker/tunnel services to provide IPv6 accss using either TSPC or AICCU via 3rd party IPv6 providers. To learn all about IPv6, you can get our detailed guide to IPv6 here.

IPv6 on the Vigor 2920 provides the following features: Operation on any one of the WAN ports (Ethernet or 3G) Connectivity to direct native IPv6 ISPs Built-in tunneling to 3rd party IPv6 brokers suppporting TSPC or AICCU methods Default stateful firewall for all IPv6 LAN Clients/Devices DHCPv6 Client or Static IPv6 Client DHCPv6 & RADVD for client configuration IP Filtering Rules QoS for IPv6 with DiffServ Router Management over IPv6 (Telnet/HTTP) with IPv6 Access List Simultaneous (concurrent) operation with IPv4 ("Dual-Stack") Other router features are available on IPv4 only currently

NAS

Network Attached Storage (NAS)*

The Vigor 2920 Series's USB port can also be used to add storage memory to the unit in the form of a USB memory key (as shown right) or for higher capacity a USB hard drive (normally requires its own power). The Vigor 2820 then provides FTP access file uploading/downloading which can be from the local LAN or from anywhere on the Internet - ideal for a simple to deploy file depository. Access can be 'public' or using usernames and passwords, each of which can have their own directories and/or file access rights. As well as FTP, file sharing is available as a Windows 'network drive'. Using Internet Explorer, you can view the contents of the USB drive connected to the Vigor 2820 and read or write files.

The NAS facility uses any FAT16/FAT32 formatted device (includes USB memory sticks, USB hard drives etc.) and supports a transfer rate of 12Mb/s.

* Intended to be added in future firmware version

Specification

Vigor 2920 Series - Technical Specification

• Physical Interfaces:
  • LAN Ports (Switch):
    • 4 X Gigabit Ethernet (1000Mb/s) Ports
    • Port-Based VLAN (Inclusive/Exclusive Groups)
  • WAN Ports:
    • Primary WAN Port : 10/100 Base-TX Ethernet
    • Secondary WAN Port : 10/100/1000 Base-TX Gigabit Ethernet
    • USB Port for 3G Cellular Modem, NAS* or Printer
• Performance:
  • Firewall: Up to 100Mb/s
  • IPSec VPN: Up to 25Mb/s
• Load Balance/Failover Features:
  • Outbound Policy-Based Load-Balance
  • WAN Connection Fail-over
  • BoD (Bandwidth on Demand)
• Wireless LAN Features ('n' Models Only):
  • 802.11n Compliant
  • Latest 'MIMO' Technology with three aerials (2T3R)
  • Multiple SSID : Create up to 4 virtual wireless LANs (independent or joined)
  • Packet Aggregation and Channel Bonding
  • Optional Higher Gain or directional aerials available - Click Here.
  • Compatible with 802.11b and 802.11g Standards
  • Active Client list in Web Interface
  • Wireless LAN Isolation (from VLAN groups and wired Ethernet interfaces)
  • 64/128-bit WEP Encryption
  • WPA/WPA2 Encryption
  • Switchable Hidden SSID
  • Restricted access list for clients (by MAC address)
  • Time Scheduling (WLAN can be disabled at certain times of day)
  • Access Point Discovery
  • WDS (Wireless Distribution system) for WLAN Bridging and Repeating (Firmware Upgradable)
  • 802.1x Radius Authentication
  • Wireless Rate-Control
  • Automatic Power Management
  • 802.11e WMM (Wi-Fi Multimedia)
• WAN Protocols (Ethernet):
  • DHCP Client
  • Static IP
  • PPPoE
  • PPTP
  • L2TP *
• Firewall & Security Features:
  • CSM (Content Security Management):
    • URL Keyword Filtering - Whitelist or Blacklist specific sites or keywords in URLs
    • Block Web sites by category (e.g. Adult, Gambling etc. Subject to Globalview subscription)
    • Prevent accessing of web sites by using their direct IP address (thus URLs only)
    • Blocking automatic download of Java applets and ActiveX controls
    • Blocking of web site cookies
    • Block http downloads of file types :
      • Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
      • Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
      • Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
    • Time Schedules for enabling/disabling the restrictions
    • Block P2P (Peer-to-Peer) file sharing programs (e.g. Kazza, WinMX etc. )
    • Block Instant Messaging programs (e.g. IRC, MSN/Yahoo Messenger etc.)
  • Multi-NAT, DMZ Host
  • Port Redirection and Open Port Configuration
  • Policy-Based Firewall
  • MAC Address Filter
  • SPI ( Stateful Packet Inspection ) with new FlowTrack Mechanism
  • DoS / DDoS Protection
  • IP Address Anti-spoofing
  • E-Mail Alert and Logging via Syslog
  • Bind IP to MAC Address
• Bandwidth Management:
  • QoS
  • QoS Retag
  • Guaranteed Bandwidth for VoIP
  • Smart Bandwidth Limit
  • Class-based Bandwidth Guarantee by User-Defined Traffic Categories
  • Layer 2&3 (802.1p & TOS/DCSP)
  • DiffServ Code Point Classifying
  • 4-level Priority for each Direction (Inbound / Outbound)
  • Bandwidth Borrowed
  • Temporary (5 minute) Quick Blocking of any LAN Client
  • Bandwidth / Session Limitation
• Network/Router Management:
  • Web-Based User Interface (HTTP / HTTPS)
  • CLI ( Command Line Interface ) / Telnet / SSH*
  • Administration Access Control
  • Configuration Backup / Restore
  • Built-in Diagnostic Function
  • Firmware Upgrade via TFTP / FTP
  • Logging via Syslog
  • SNMP v2 & v3 management with MIB-II
  • TR-069
  • TR-104
• VPN Facilities:
  • Up to 32 Concurrent VPN Tunnels (incoming or outgoing)
  • Tunnelling Protocols: PPTP, IPSec, L2TP, L2TP over IPSec
  • IPSec Main and Agressive modes
  • Encryption : MPPE and Hardware-Based AES / DES / 3DES
  • Authentication : Hardware-Based MD5 and SHA-1
  • IKE Authentication : Pre-shared Key and X.509 Digital Signature
  • LAN-to-LAN & Teleworker-to-LAN connectivity
  • DHCP over IPSec
  • NAT-Traversal ( NAT-T )
  • Dead Peer Detection (DPD)
  • VPN Pass-Through
• Network Features:
  • DHCP Client / Relay / Server
  • DHCP Option 66 support
  • Dynamic DNS
  • NTP Client (Syncrhonise Router Time)
  • Call Scheduling (Enable/Trigger Internet Access by Time)
  • RADIUS Client
  • DNS Cache / Proxy
  • Microsoft™ UPnP Support
Routing Protocols:
• Static Routing
• RIP V2
• Operating Requirements:
  • Rack Mountable (Optional mounting bracket 'RM1' required)
  • Wall Mountable
  • Temperature Operating : 0°C ~ 45°C
  • Storage : -25°C ~ 70°C
  • Humidity 10% ~ 90% (non-condensing)
  • Power Consumption: 18 Watt Max.
  • Dimensions: L240.96 * W165.07 * H43.96 ( mm )
  • Operating Power: DC 15V (via external PSU, supplied)
  • Warranty : Two (2) Years RTB
  • Power Requirements : 220-240VAC

  * Intended to be added in future firmware version

Screenshots

You can also interactively explore the router's web interface.

Real-Time Status Display

Web Content Filtering

Diagnostic Tools

Wireless LAN Access Point Scanning

Accessories

Rack Mounting Kit

The RM1 Rackmount Bracket enabled you to fit any Vigor 2920 series router into a standard 19" rack or cabinet. The bracket takes up one rack slot (1U). The front mounted sockets remain fully accessible. For wireless models, we then recommend extension aerials (or aerial extensions) as aerials will not perform well if sited inside your metal cabinet.

---

Directional and Higher-Gain Aerials

Omnidirectional and Unidirectional aerials are available for increased coverage or other specialist requirements. For full specifications, click here.

---

Wireless LAN Adaptors

---