DrayTek
  VigorPro 5510 UTM Firewall with Anti-Virus & Anti-Spam   SME  
  • Anti-Virus, Anti-Intrusion & Anti-Spam
  • Deep Packet Inspection with DrayTek MSSI™
  • Load Balancing & Failover between WAN ports
  • Intrusion Detection & Prevention (Inline, Realtime)
  • DoS/DDos Protection & Stateful Packet Inspection
  • VPN - Up to 200 concurrent tunnels
  • VPN Trunking - Increase VPN bandwidth - New
  • 3G USB modem connectivity for WAN backup
  • QoS (Quality of Service) Assurance
  • Parental Control/Categorical Web Site Filtering
  • Web Content Filtering
  • Five Gigabit Ethernet LAN ports

Overview

VigorPro Unified Security Firewall

The VigorPro Security Firewall featuring UTM (Unified Threat Management) protects from network threats at the point of entry. Combined with your own prudent personnel policy, the VigorPro enables you to provide far stronger protection and detection than with simpler firewalls. This includes built-in real-time anti-virus scanning, Anti-Spam, anti-trojan and Intusion detection/protection. VPN facilities also make the VigorPro ideal for your world connecitivity for remote offices and teleworkers.

The VigorPro also provides two WAN ports to allow you to have load balancing/bandwith aggegation across two separate WAN feeds, or use the secondary WAN port as a backup on another feed in case your first Internet feed (e.g. broadband connection) fails. In summary, the VigorPro provides your network with far greater security, productivity and resilience.

To read our in-depth White Paper on the threats your network faces and understand how the VigorPro can product you against them, Click Here.

SSL VPN

SSL VPNs

VPNs (Virtual Private Networks) enable you to link two remote computers or networks securely using the public Internet. An encrypted tunnel is created to carry your private data between the two sites. Tunnels making use of PPTP, L2TP, AES and IPSec protocols have been available on Vigor routers for many years and provide a simple to set up solution for your site-to-site or teleworker VPNs. SSL VPNs provide a new method for teleworker to central site VPN, providing great convenience, low TCO and simplicity where other methods may not be possible.

The need for SSL VPNs

One potential drawback of using the above methods for a Teleworker-to-central site VPN is that they need compatiable protocol stacks at each end (e.g. an IPSec client or hardware) and most importantly those protocols need to be freely passed by your local host network. This isn't normally a problem where you own the computers and the network in use and you can install any client, software or hardware you choose, as well as allowing any traffic types you like. Where it can become a problem is where you are using someone else's computer or network where either you cannot use the O/S VPN client, or the host network blocks VPN protocols or makes them unreliable. This is most commonly a problem when using WiFi hotspots or other public Internet access methods (hotels, conference centres etc.).

You may already have heard of SSL previously, and you have almost certainly used it. SSL (Secure Sockets Layer) is the protocol used by all web browsers for accessing 'secure' web sites. You will have used secure web sites whenver you have used your credit card online or accessed your banking web sites, for example. SSL is supported by all web browsers, and as it is so commonly used, all hotspots and other public Internet will always allow SSL to pass properly. By using the SSL protocol for your telework VPN tunnel you therefore have some important benefits:

Traditional VPN (e.g. AES/IPSecSSL VPN
Requires VPN Client or HardwareUses Standard Web Browser SSL
Support for popular O/S's onlyCompatible with all computers/browsers
Licence fees all for some vendor
client software (Not DrayTek though!)		No client licence fees
Requires user to operate VPN ClientNo special operator procedures.
Just use your web browser.
At OSI 'network' layerAt OSI 'session' layer
AES/DES/3DES EncryptionSSL Encryption
Full network access (unless filtered)Ability to easily restrict users to
specific web applications
Network Level Access as standard.Network level access via
DrayTel Active-X SSL Tunnel Plug-in
Teleworker or Site-to-Site (LAN-to-LAN)Teleworker-to-Host site only

Another advantage of web based SSL VPN is that your host Vigor router presents the user with his/her login page to the network within their browser and then can provide access only to the web based applications or local servers which you allow as opposed to a regular VPN which connects the user to the network directly for access to any resource which is accessible locally. No TCP/UDP ports have to be opened on your host router; if the user cannot login to the VPN, they won't get access.

As mentioned previously, an SSL VPN uses your standard web browser; this means that for your web based applications running at your office (webmail, Intranet, Thin Clients etc.) SSL VPNs work really well for this access method, which is called 'SSL Web Proxy' mode. A very common application for SSL VPN is remote desktop. By using the Windows 'Remote Desktop Web Connection', your office desktop will be accessible from your web browser whereever you are and whoever's computer you're using. In addition, by using Vigor web proxy, you can browse external web sites via the tunnel, thus bypassing any local web site blocking policy (content filtering or local polcies). If you are familiar with 'port redirection' or 'open ports setup' on Vigor routers, SSL Proxy to your internal web services is very similar in concept to this except that the data passes through a secured tunnel, hence increasing security and privacy.

SSL VPNs beyond the Browser

Using the web browser for your remote access is great for accessing web-based applications (intranet, webmail, remote web desktop etc.) but it does not provide access to the actual network directly, for example for shared directory access, network resources or other applications which are not browser based. Only data or applications which are available in your web browser locally are available remotely via the SSL Proxy (see above).

For full network access, DrayTek provide an Active-X Tunnel plug-in (a VPN client, effectively) which can transfer at the network layer, making a fully VPN tunnel. This is called SSL Tunnel mode. This plug-in is downloaded automatically by your browser from the host Vigor router when you log into the SSL VPN and select Tunnel mode. You are then fully connected to the remote network for direct network resource access. In this way, you are no longer limited to running web-based applications and can access shares and other network resources.

DrayTek SSL VPN ActiveX CLient

If you'd like to see just how easy it is to set up a DrayTek SSL VPN, Click Here.

VPN Trunking

VPN Trunking

VPN Trunking is the facility to create more than one VPN tunnel to the same remote location in order to provide either increased bandwidth between the two sites (load balancing) or resilience (failover) in the event that one tunnel/connection is interrupted. The VigorPro supports both Failover and Load Balancing modes for VPN Trunks.

The VigorPro already supports load balancing to the Internet using its dual-WAN ports. What VPN trunking does is enables a tunnel to be created down each WAN connection to the same remote location creating a single virtual tunnel, as far as the traffic and LAN devices/clients are concerned.

DrayTek VPN Trunking

In the diagram above, you can see a single virtual tunnel as far as the LAN at each end is concerned. Within the router, two WAN connections are being used with each router, across which the VPN tunnel can be spread, increasing total capacity and/or redundancy (for failover).

3G

3G Cellular Data Features

The VigorPro 5510's USB port can host a compatible 3G modem or cellphone for access to the cellular network for full Internet Access. Most UK networks now provide high speed HSDPA data connections at up to 3.6Mb/s or 7.2Mb/s download speed. The 3G connection can be used as your primary/only Internet access, or as backup to your main ADSL line connection. This is not only ideal for homes or offices which don't want to pay fixed line + broadband rental, but also for temporary locations, or those to where fixed lines aren't available.

Supported 3G Modems / Phones

  • Huawei E220 (As used by Vodafone, T-Mobile, 3)
  • Huawei E226
  • Huawei E270
  • Huawei E272
  • Huawei E172
  • Nokia N70
  • Nokia N95
  • Nokia 6233
  • Nokia N73
  • Nokia E65
  • Vodafone K3565
  • Option Globesurfer iCon 7.2 (not '225' or '7.2s)
  • Sierra Aircard 876u
  • Sierra 875U
  • Telstra HSDPA USB Modem
  • 4G System XSPlug P3
  • MomoDesign MD-@
  • Benq EF91
  • LG U8380
  • Telstra Next G 3G USB
  • Bandrich Bandluxe C100
  • Bandrich Bandluxe C100S
  • Bandrich Bandluxe C120
  • Amoi H01
  • Aiko 76E
  • BigPond Next G
  • C-Motech D-50
  • ASUS T500 Modem
  • Zapp Telemodem Z020
  • ZTE AC8700 3G
  • ZTE MF622
  • Additional Modem Support is added continuously or you can request specific models by following the Instructions Here.

The VigorPro 5510 and 3G cellular modem setup is ideal for:

  • Backup to your primary Internet feed (ADSL, cable etc.)
  • Providing lower cost broadband than a fixed line solution
  • Areas without fixed line broadband access
  • Compatibility with a wide range of 3G modems/phones
  • Temporary Locations
  • Mobile Homes
  • Locations on the move - coaches, trains
  • Fairgrounds & temporary exhibitions
  • Outdoor locations (the router and modem itself must be indoors!)
  • Disaster Planning & High Availability

VigorPro 5510 with 3G Modem

Note: DrayTek have no control over local network/provider operations, changes in network facilities/tarrifs nor make any claim over specific network compatibility. Please assure yourself that the router will be compatible with your chosen cellular network and provider and that you have adequate signal coverage before committing to any contract term. Please also ensure that your chosen provider and the tariff allows access to all of your required applications (e.g. VPN, VoIP, Messaging etc.) as many packages exist, some blocking certain data types.

Awards

For the full reviews, click on the logo or review rating:

Recent Awards

VigorPro5510 Recommended Award PC Pro Trusted Reviews VigorPro 5510 Award SC Magazine Europe 2008 Award - Highly Commended PC Pro Magazine Award Finalist Best SME Security Solution - Highly Commended

Review Ratings

PC Pro VigorPro5510 Trusted Reviews VigorPro5510

Subscription

Subscription Information

Every day, new viruses, spams, trojans, web sites are being developed and distributed, so it's important that your VigorPro is kept up to date with the latest threat information. The VigorPro updates itself automatically to ensure that it has the latest threat information. There are various options and the VigorPro includes a 12 month DT-DT AV/AI licence as standard.

Part CodeFeatureServiceIncludedRenewal (1 Year) SRP
AS-55-DTAnti-Virus/Anti-IntrusionDrayTek (DT-DT)1 years£69
AS-55-KLAnti-Virus/Anti-IntrusionKapersky Labs (DT-KT)-£99
WCFSWeb Content FilteringGlobalView30 Days£79
AS-55-12Anti-SpamCommTouch-£79
Notes: * You can operate either DrayTek or Kapersky AV-AI solution, but not both at the same time. The 'included' period is supplied with new VigorPro units at no extra cost and run concurrently even if not used. All other listed features of the VigorPro (firewalling, QoS, VPN) are included with the product as standard without further licencing requirements. All pricing shown is RRP and is subject to change. Service may be unavailable for renewal at expiry of subscription period.

Screenshots

VigorPro's web interface Interactive Tour : Click Here.

Specification

VigorPro - Specification

Security Features :

  • Security Firewall with dedicated UTM Co-Processor
  • Unified Threat Management:
    • Scans in realtime (no proxy) including inside compressed files
    • Scan's inbound and outbound data packets and cross-packet boundary scanning
    • Anti-Virus - Scanning of recognised signatures of viruses and trojans
    • Anti-Spam - Detects incoming spam email received via POP3, IMAP or SMTP
    • Intrusion Detection featuring DrayTek's MSSI™ (Multi-Stack Stateful Inspection)
    • DoS (Denial of Service) and DDoS Attack Blocking and Detection
    • Stateful Packet Inspection
    • Deep Packet Inspection
    • Blocking of non-HTTP content on Port 80 (switchable)
    • DrayTek MSSI™ (Multi-Stack Stateful Scanning)
    • IDP - Inline Intrusion Detection System
    • Unlimited File Size scanning
    • Rule-Based Packet Filtering
  • Selectable Web Content Filtering:
    • Web URL Keyword Filtering - Blacklist or Whitelist of web site URLs
    • Block Browsing by IP Address
    • Blocking download of Java applets and ActiveX controls
    • Blocking of web site cookies
    • Block http downloads of file types :
      • Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
      • Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
      • Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
  • Time Schedules for enabling/disabling the content restrictions
  • Block P2P (Peer-to-Peer) file sharing programs
  • Block Instant Messaging programs (e.g. ICQ, MSN/Yahoo Messenger)
  • Parental Control using Surfcontrol™ Database - block/allow specific web categories, for example block adult or uncategorised sites from your workplace or home.
  • Logging of Web Activity to Syslog for audit trail purposes
  • Automatic Emailing to Administrator of detected/foiled attacks/threats
  • Secure (SSL) Local & Remote Management and Status monitoring
  • Ethernet Port Mirroring for Sniffing/Diagnostic (VigorPro 5510 only)

Connectivity Features

  • Firewall Throughput up to 90Mb/s
  • VPN Throughput up to 50Mb/s
  • Twin-WAN Ports:
    • Load-balancing - Connect two broadband feeds and distribute your traffic between them either automatically or according to your chosen rule-set.
    • Redundant failover - switch to secondary feed when primary fails
    • Bandwidth-on-Demand (BoD)- use secondary WAN based on demand
    • Ethernet LAN ports with auto-crossover/uplink
  • Four Flexible LAN ports:
    • VLAN - Segement ports into inclusive or exclusive groups
    • Five Gigabit Ethernet LAN Ports
    • 10/100BaseT with auto-crossover/uplink

VPN Features

  • Up to 200 simultaneous VPN tunnels
  • Dial-in or dial-out, LAN-to-LAN or Teleworker-to-LAN
  • Protocol support for PPTP, L2TP, IPSec, L2TP over IPSec
  • MD-5 & SHA-1 Authentication (Hardware processed)
  • Encryption : MPPE, DES/3DES & AES
  • PFS (Perfect Forward Secrecy)
  • Pre-shared/IKE keying and PKI (X.509) certificate support
  • IKE Phase 1 Agressive/Standard Modes & Phase 2 Selectable lifetimes
  • Radius Support for dial-in teleworker profiles
  • Compatible with other leading 3rd party vendor VPN devices

Quality of Service Assurance

  • Guarantee Available bandwidth for priority services
  • For example, ensure VoIP traffic always has bandwidth available
  • Class-based policy by user-defined traffic categories
  • Support for DiffServ™ CodePoint classifying

Physical Characteristics

  • Rack Mountable (Brackets Included)
  • Dimensions : 273mm (W) x 166mm (D) x 44mm (H) (excluding rack mount kit)
  • Weight : 1.38Kg (VigorPro 5510)
  • Environmental Requirements: Operating 0-40 degrees C. Storage -25-40 degrees C.
    Humidity : 10-90% Non-Condensing
  • Manufacturer's 2 Year RTB Warranty
©2009. Reproduction prohibited without written permission. Specification subject to change at any time without notice. E&OE. All sales are subject to standard terms. Trademarks are acknowledged of their respective owners. No specific endorsement is implied by the mention of any particular service provider.