DrayTek 2960 dual-WAN security firewall (V2960F)

Prijs: € 528,95
€ 437,15 ex. btw

2960 dual-WAN security firewall (V2960F)

Artikelnummer: V2960F

Vigor 2960F Dual gigabit WAN breedband router met Active Fiber WAN, 4 gigabit LAN, 200 VPN LAN-LAN IPSEC, IPv6, incl. fiber kabel en module, 19" rack mountable

De DrayTek Vigor 2960 dual WAN security firewall combineert high speed internet toegang en een uitgebreide beveiliging. De geavanceerde firewall en VPN mogelijkheden maken deze router uitermate geschikt voor zakelijke toepassingen. Functionaliteiten zoals VPN, object oriented firewall en gigabit LAN zorgen voor een optimale integratie en beveiliging van uw netwerk. De dual WAN optie met load balancing en fail over zorgt voor een hogere betrouwbaarheid van de internetverbinding. Dit product wordt geleverd in een metalen behuizing en kan eenvoudig in een 19" patchkast worden gemonteerd.

Dual Gigabit WAN/LAN - doorvoersnelheid tot 1Gbps
Multiple subnet - tot 20 subnets
Tag based VLAN
4x Virtual WAN
200x IPSec VPN en 100x SSL VPN
VLAN bridging
IPv6 ondersteuning


WAN Protocol
Ethernet PPPoE, PPTP, DHCP client, static IP, Ipv6
Dual WAN
Outbound policy based load balance Allow your local network to access Internet using multiple Internet connections with high-level of Internet connectivity availability.
2 dedicated Ethernet WAN ports (Gigabit WAN).
WAN fail-over or load-balanced connectivity.
Protocols PPTP, IPsec, L2TP, L2TP over IPsec.
Up to 200 sessions simultaneously LAN to LAN, remote access (teleworker-to-LAN), dial-in or dial-out.
VPN trunking VPN load-balancing and VPN backup.
VPN throughput Lightweight directory access protocol. The enterprises use LDAP/Active Directory authentication technology to allow administrator, IT personnel and users to be authenticated when trying to access company's intranet environment.
NAT-traversal (NAT-T) VPN over routes without VPN pass-through.
PKI certificate Digital signature (X.509).
IKE authentication Pre-shared key; IKE phase 1 aggressive/standard modes & phase 2 selectable lifetimes.
Authentication Hardware-based MD5, SHA-1.
Encryption MPPE and hardware-based AES/DES/3DES.
RADIUS client Authentication for PPTP remote dial-in.
DHCP over IPsec Because DrayTek add a virtual NIC on the PC, thus, while connecting to the server via IPSec tunnel, PC will obtain an IP address from the remote side through DHCP protocol, which is quite similar with PPTP.
GRE over IPsec GRE is used when IP packets need to be sent from one network to another without being parsed by any intervening routers.
Dead Peer Detection (DPD) When there is traffic between the peers, it is not necessary for one peer to send a keep-alive to check for liveness of the peer because the IPSec traffic serves as implicit proof of the availability of the peer.
Smart VPN software utility Provided free of charge for teleworker convenience (Windows7/Vista/XP including 32/64 bit).
Easy of adoption No additional client or remote site licensing required.
Industrial-standard interoperability Compatible with other leading 3rd party vendor VPN devices.
Allow users to use a web browser for secure remote user login, application mode and proxy mode
Support 100 SSL VPN connections
Content filter
URL Keyword blocking
Whitelist and Blacklist
Java applet, cookies, active X, compressed, executable, multimedia file blocking.
Web content filter Dynamic URL filtering database.
Time schedule control Set rule according to your specific office hours.
Stateful Packet Inspection (SPI) Outgoing/Incoming traffic inspection based on connection information.
Content Security Management (CSM) Appliance-based gateway security and c
Multi-NAT You have been allocated multiple public IP address by your ISP. You hence can have a one-to-one relationship between a public IP address and an internal/private IP address. This means that you have the protection of NAT (see earlier) but the PC can be addressed directly from the outside world by its aliased public IP address, but still by only opening specific ports to it (for example TCP port 80 for an http/web server).
Port redirection The packet is forwarded to a specific local PC if the port number matches with the defined port number. You can also translate the external port to another port locally.
Open ports As port redirection (above) but allows you to define a range of ports.
DMZ port This opens up a single PC completely. All incoming packets will be forwarded onto the PC with the local IP address you set. The only exceptions are packets received in response to outgoing requests from other local PCs or incoming packets which match rules in the other two methods.
The precedence is as follows:
Port redirection > Open ports > DMZ
Policy-based IP packet filter The header information of an IP packet (IP or Mac source/destination addresses; source /destination ports; DiffServ attribute; direction dependent, bandwidth dependent, remote-site dependent.
DoS/DDoS prevention Act of preventing customers, users, clients or other computers from accessing data on a computer.
IP address anti-spoofing Source IP address check on all interfaces only IP addresses classified within the defined IP networks are allowed.
Object-based firewall Utilizes object-oriented approach to firewall policy
Notification E-mail alert and logging via syslog.
Bind IP to MAC address Flexible DHCP with 'IP-MAC binding'.
User/Rule base User base integrates LDAP/Active directory authentication to enforce policies.
System management
Web-based user interface (HTTP/HTTPS) Integrated web server for the configuration of routers via Internet browsers with HTTP or HTTPS.
DrayTek's Quick start wizard Let administrator adjust time zone and promptly set up the Internet (PPPoE, PPTP, Static IP, DHCP).
User management Dial-in access management (PPTP/L2TP and mOTP) .
CLI(Command Line Interface, Telnet/SSH) Remotely administer computers via the telnet.
DHCP client/relay/server Provides an easy-to configure function for your local IP network.
Dynamic DNS When you connect to your ISP, by broadband or ISDN you are normally allocated an dynamic IP address. i.e. the public IP address your router is allocated changes each time you connect to the ISP. If you want to run a local server, remote users cannot predict your current IP address to find you.
Administration access control The password can be applied to authentication of administrators.
Configuration backup/restore If the hardware breaks down, you can recover the failed system within an acceptable time.
Port-based VLAN Create separate groups of users via segmenting each of the Ethernet ports. Hence, they can or can't communicate with users in other segements, as required.
Built-in diagnostic function Dial-out trigger, routing table, ARP cache table, DHCP table, NAT sessions table, data flow monitor, traffic graph, ping diagnosis, trace route.
NTP client/call scheduling The Vigor has a real time clock which can update itself from your browser manually or more conveniently automatically from an Internet time server (NTP). This enables you to schedule the router to dial-out to the Internet at a preset time, or restrict Internet access to certain hours. A schedule can also be applied to LAN-to-LAN profiles (VPN or direct dial) or some of the content filtering options.
Tag-based VLAN (802.1Q) By means of using a VLAN ID, a tag-based VLAN can identify VLAN group membership. (Support 20 VLAN groups)
Support GVRP protocol in conjuction with switch (e.g. VigorSwitch).
Firmware upgrade via HTTP/TFTP/TR-069/HTTPS Using the TFTP server and the firmware upgrade utility software, you may easily upgrade to the latest firmware whenever enhanced features are added.
User management Dial-in access management (PPTP/L2TP and mOTP) and LDAP/Active Directory integration.
Remote maintenance With Telnet/SSL, SSH (with password or public key), browser (HTTP/HTTPS), TFTP or SNMP, firmware upgrade via HTTP/HTTPS/TFTP/TR-069.
Wake on LAN A PC on LAN can be woken up from an idle/stand by state by the router it connects when it receives a special 'wake up' packet on its Ethernet interface.
Logging via syslog Syslog is a method of logging router activity.
SNMP management SNMP management via SNMP v1/v2, MIB II.
VigorACS SI Centralized Management TR-069 based
External device Auto-detection mechanism to manage Vigor devices such as router/switch/AP.
Smart monitor traffic analyzer Support 100 PC users
Certificate management
Advance encrypted method A pair of public/priviate key for encryption/decryption.
Comprehensive Certificate Authentication Trusted CA / Local Certificate / CA server.
Bandwidth management
Traffic shaping Dynamic bandwidth management with IP traffic shaping.
Bandwidth reservation Reserve minimum and maximum bandwidths by connection based or total data through send/ receive directions.
Packet size control Specify size of data packet
DiffServ codepoint classifying Priority queuing of packets based on DiffServ.
4 Priority levels (inbound/outbound) Prioritization in terms of internet usage.
Individual IP bandwidth/session limitation Define session /bandwidth limitation based on IP address.
Bandwidth borrowing Transmission rates control of data services through packet scheduler.
User-defined class-based rules More flexibility.
QoS Ingress/Egress Filter Rules monitor both LAN/WAN packets / 8 priority level setting.
Routing functions
Router IP and NetBIOS/IP-multi-protocol router.
Advanced routing and forwarding Complete independent management and configuration of IP networks in the device, i.e. individual settings for DHCP, DNS, firewall, VLAN, routing, QoS etc.
DNS DNS cache/proxy.
DHCP DHCP client/relay/server.
NTP NTP client, automatic adjustment for daylight-saving time.
Policy-based routing Based on firewall rules, certain data types are marked for specific routing e.g. to particula remote sites or lines.
Dynamic routing It is with routing protocol of RIP v2/OSPF v2/v3*. Learning and propagating routes; separate settings for WAN and LAN.
Static routing An instruction to re-route particular traffic through to another local gateway, instead of sending it onto the Internet with the rest of the traffic. A static route is just like a 'diversion sign' on a road.
LAN 4-port Gigabit switch, RJ-45
WAN 2-port Gigabit ethernet, RJ-45
USB 2 x USB host 2.0
Firmware upgrade Free firmware upgrade from Internet.
Throughput 1 Gbps 
Throughput VPN 400 Mbps (Max.) IPsec/AES-SHA-1
Throughput firewall 1 Gbps
Throughput firewall/VPN 400 Mbps
Concurrent sessions 80.000
Duiverman Automatisering
Over Wim