Draytek Vigor 3900, IEEE 802.1Q,IEEE 802.3,IEEE 802.3u, 128-bit AES,3DES,DES,
PPTP, L2TP, IPSec, L2TP over IPSec, HTTP / HTTPS, DHCP Client/Server, DHCP
Options, Dynamic DNS Service Updating, NTP, DNS Cache/Proxy, Kabelový a
Draytek Vigor 3900. Síťové standardy: IEEE 802.1Q,IEEE 802.3,IEEE 802.3u.
Šifrování/zabezpečení: 128-bit AES,3DES,DES, Podpora VPN: PPTP, L2TP,
IPSec, L2TP over IPSec. Protokoly pro management: HTTP / HTTPS, Podporované
síťové protokoly: DHCP Client/Server, DHCP Options, Dynamic DNS Service
Updating, NTP, DNS Cache/Proxy. Technologie propojení: Kabelový a
bezdrátový, WAN port: Ethernet (RJ-45). Formát: 1U
High Performance Multi-WAN VPN Appliance
The Vigor 3900 is a high-performance quad-Gigabit WAN firewall for
high-performance applications. The 5 WAN ports on the Vigor 3900 can provide
load balancing, WAN failover or bandwidth aggregation (increasing total
bandwidth onto the Internet). Based on a new DrayTek OS platform, the Vigor
3900 combines high performance and capacity with DrayTek's traditional ease
of use and comprehensive features set.
For multi-tenant or departmental flexibility, the Vigor3900 will support
multiple LAN IP subnets, together with VLAN capbilities and user management,
providing access to WAN resources only to the appropriate users or departments,
as well as maintaining infrastructure effciency.
Four WAN ports for load-balancing or failover
Four Gigabit Ethernet WAN ports and one SFP slot (for fibre modules or an
additional Ethernet module) provide 5 independent WAN ports for either
load-balancing or failover applications. Gigabit Ethernet and SFP LAN Interfaces
provide high speed connectivity to your LAN. Fibre is of particular use for
longer distance deliveries, beyond the range of standard Ethernet, or where
copper connections cannot be used. WAN Load-balancing weight or traffic-type
rules can be set or on an automatic basis to spread WAN traffic evenly across
all interfaces on a best-endeavour basis.
The Vigor 3900's firewall is fully stateful, with a flowtrack mechanism and
comprehensive WAN defences, including DoS/DDoS protection and flexible IP packet
filtering. On the content side, the Vigor 3900 has several methods of content
filtering to control user access to the web to keep their access appropriate,
safe and productive. That helps keep your network efficient, your data secure
and your online productivity high.
Extensive QoS facilities allow for efficient local traffic handling, ensuring
that critical traffic is given the appropriate priority and that your network
topology handles data in the most efficient way to help avoid congestion and
bottlenecks. WAN traffic can be assigned one of 8 different priority levels
based on egress or ingress. Bandwidth can be reserved for critical
applications.. Rules can be based on traffic type, users or IP
As a VPN endpoint/concentrator, the Vigor 3900 will support up to
500 simultaneous teleworker or LAN-to-LAN VPNs with a VPN throughput of up to
500Mb/s, thanks to its hardware-based VPN co-processor. VPN security includes
certificate, MOTP or token/PSK based access and key-hash authentication to
ensure maximum security.
By the use of multiple WAN connections, the Vigor 3900's VPN-Trunking features
can increase the bandwidth/capacity of your VPN connections, creating a single
virtual tunnel between locations using 2, 3 or all 4 WAN connections.
VPN Trunking is the facility to create more than one VPN tunnel, over a second
Wan CONNECTION, to the same remote location in order to provide either increased
bandwidth between the two sites (load balancing) or resilience (failover) in the
event that one tunnel/connection is interrupted. The Vigor 3900 supports both
Failover and Load Balancing modes for VPN Trunks.
The Vigor 3900 already supports load balancing to the Internet using its
four-WAN ports. What VPN trunking does is enables a single virtual tunnel to be
created across two or more WAN connections to the same remote location creating
a single virtual tunnel, recombining the tunnel at the other end. As far as the
traffic and LAN devices/clients are concerned, there is just a single tunnel,
with increased bandwidth.
In the diagram above, you can see a single virtual tunnel as far as the LAN at
each end is concerned. Within the router, two WAN connections are being used
with each router, across which the VPN tunnel can be spread, increasing total
capacity and/or redundancy (for failover).
The Vigor 3900's ‚Virtual System‘ feature allows you to have VPN tunnels
from remote networks which have the same subnet IP address as each other. For
example, if two remote networks are both on 192.168.1.0/24, the vigor 3900 can
access vPN tunnels from both remote sites and still allow full connectivity to
the host LAN.
Feature due Q3/2012
For ease of remote access, the Vigor 3900 can provide up to 200 simultaneous
SSL VPN web-proxy tunnels, remote access to your network possible from virtually
anywhere with both security and ease and without the inconvenience or
compatibility issues of installing a VPN client. As SSL is a standard Internet
protocol (used for web sites) )SSL VPNs are also resilient to difficulties in
creating tunnels through guest networks (web cafes, hotels etc.) where
traditional IPSec/PPTP tunnels can often have difficulties. SSL encryption is
strong too, using 128bit DES/3DES, RC4 or AES. Using MoTP, your teleworker
passwords are strong and realtime; a password is generated in real-time by your
mobile phone (iphone, Android etc.) which can be used once only, and only at the
time its generated. You can read more about SSL VPNs and MoTP here.
For even greater resilience, the Vigor 3900 provides High Availability (HA).
The CARP protocol (equivalent to VRRP or HSRP) lets you set up a master and
secondary Vigor 3900 whereby in the event of the master unit failing, the
secondary unit can seamlessly and automatically switch over. This can remove the
possibility of a single point of failure within your routers. Additionally,
multiple active Vigor3900's can provide reciprocal routing backup to other