Vigor 3900
- 4 Gigabit Ethernet WANs + 1 Active Fiber (SFP) for a total of 5 WAN ports.
- 2 Gigabit LAN ports + 1 Active Fiber (SFP).
- 1 Console port.
- Up to 500 simultaneous VPN tunnels.
- SPI firewall, Multi-NAT, DoS/DDoS prevention, content filters for complete protection and policy enforcement.
- Bandwidth management, traffic shaping and QoS to control allocation of resources.
- Comprehensive certificate management.
- 2 USB ports.
| WAN Protocol | |
|---|---|
| Ethernet | PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6 |
| Multi WAN | |
| Outbound policy based load balance |
|
| Bandwidth on demand | Service/IP based preference rules or auto-weight |
| VPN | |
| Prevent Replay Attack | |
| Protocols | PPTP, IPSec, L2TP, L2TP over IPSec. |
| Up to 500 connections simultaneously | LAN to LAN, remote access (teleworker-to-LAN), dial-in or dial-out. |
| VPN trunking | VPN load-balancing and VPN backup. |
| VPN throughput | 760Mbps. |
| NAT-traversal (NAT-T) | VPN over routes without VPN pass-through. |
| PKI certificate | Digital signature (X.509). |
| IKE authentication | Pre-shared key; IKE. |
| Authentication | Hardware-based MD5, SHA-1. |
| Encryption | MPPE and hardware-based AES/DES/3DES. |
| RADIUS client | Authentication for PPTP remote dial-in. |
| DHCP over IPSec* | Because DrayTek add a virtual NIC on the PC, thus, while connecting to the server via IPSec tunnel, PC will obtain an IP address from the remote side through DHCP protocol, which is quite similar with PPTP. |
| GRE over IPSec | Creating a virtual point-to-point link to various brands of routers at remote sites over an IP internetwork. |
| Dead Peer Detection (DPD) | When there is traffic between the peers, it is not necessary for one peer to send a keep-alive to check for liveness of the peer because the IPSec traffic serves as implicit proof of the availability of the peer. |
| Smart VPN software utility | Provided free of charge for teleworker convenience (Windows environment). |
| Easy of adoption | No additional client or remote site licensing required. |
| Industrial-standard interoperability | Compatible with other leading 3rd party vendor VPN devices. |
| SSL VPN | |
|
|
| Content filter | |
| IM/P2P blocking | Java applet, cookies, active X, compressed, executable, multimedia file blocking. |
| Web content filter | Dynamic URL filtering database. |
| Time schedule control* | Set rule according to your specific office hours. |
| Firewall | |
| Stateful Packet Inspection (SPI) | Outgoing/Incoming traffic inspection based on connection information. |
| Multi-NAT | You have been allocated multiple public IP address by your ISP. You hence can have a one-to-one relationship between a public IP address and an internal/private IP address. This means that you have the protection of NAT (see earlier) but the PC can be addressed directly from the outside world by its aliased public IP address, but still by only opening specific ports to it (for example TCP port 80 for an http/web server). |
| Port redirection | The packet is forwarded to a specific local PC if the port number matches with the defined port number. You can also translate the external port to another port locally. |
| DMZ host | This opens up a single PC completely. All incoming packets will be forwarded onto the PC with the local IP address you set. The only exceptions are packets received in response to outgoing requests from other local PCs or incoming packets which match rules in the other two methods. |
| Policy-based IP packet filter | The header information of an IP packet (IP or Mac source/destination addresses; source /destination ports; DiffServ attribute; direction dependent, bandwidth dependent, remote-site dependent. |
| DoS/DDoS prevention | Act of preventing customers, users, clients or other computers from accessing data on a computer. |
| IP address anti-spoofing | Source IP address check on all interfaces only IP addresses classified within the defined IP networks are allowed. |
| Notification | E-mail alert* and logging via syslog. |
| Bind IP to MAC address | Flexible DHCP with 'IP-MAC binding'. |
| System management | |
| Web-based user interface (HTTP) | Integrated web server for the configuration of routers via Internet browsers with HTTP. |
| Quick start wizard | Let administrator adjust time zone and promptly set up the Internet (PPPoE, PPTP, Static IP, DHCP). |
| User management | Dial-in access management (PPTP/L2TP and mOTP). |
| CLI(Command Line Interface, Telnet/SSH) | Remotely administer computers via the telnet. |
| DHCP client/relay/server | Provides an easy-to configure function for your local IP network. |
| Dynamic DNS | When you connect to your ISP, by broadband or ISDN you are normally allocated an dynamic IP address. i.e. the public IP address your router is allocated changes each time you connect to the ISP. If you want to run a local server, remote users cannot predict your current IP address to find you. |
| Administration access control | The password can be applied to authentication of administrators. |
| Configuration backup/restore | If the hardware breaks down, you can recover the failed system within an acceptable time. Through TFTP, the effective way is to backup and restore configuration between remote hosts. |
| Built-in diagnostic function | Dial-out trigger, routing table, ARP cache table, DHCP table, NAT sessions table, data flow monitor, traffic graph, ping diagnosis, trace route. |
| NTP client/call scheduling | The Vigor has a real time clock which can update itself from your browser manually or more conveniently automatically from an Internet time server (NTP). This enables you to schedule the router to dial-out to the Internet at a preset time, or restrict Internet access to certain hours. A schedule can also be applied to LAN-to-LAN profiles (VPN or direct dial) or some of the content filtering options. |
| Tag-based VLAN (802.1Q) | By means of using a VLAN ID, a tag-based VLAN can identify VLAN group membership. The VLAN ID provides the information required to process the traffic across a network.Furthermore, the VLAN ID associates traffic with a specific VLAN group. |
| Firmware upgrade via TFTP/HTTP | Using the TFTP server and the firmware upgrade utility software, you may easily upgrade to the latest firmware whenever enhanced features are added. |
| Remote maintenance | With Telnet/SSL, SSH (with password or public key), browser (HTTP/HTTPS), TFTP or SNMP, firmware upgrade via HTTP or TFTP. |
| Logging via syslog | Syslog is a method of logging router activity. |
| SNMP management | SNMP management via SNMP v1/v2, MIB II. |
| VigorACS SI Centralized Management | TR-069 based |
| Certificate management | |
| Advance encrypted method | A pair of public/priviate key for encryption/decryption. |
| Comprehensive Certificate Authentication | Trusted CA / Local Certificate / CA server. |
| Bandwidth management | |
| Bandwidth management | Dynamic bandwidth management with IP traffic shaping. |
| Bandwidth reservation | Reserve minimum and maximum bandwidths by connection based or total data through send/receive directions. |
| DiffServ codepoint classifying | Priority queuing of packets based on DiffServ. |
| Individual IP bandwidth/session limitation | Define session/bandwidth limitation based on IP address. |
| User-defined class-based rules | More flexibility. |
| QoS | Ingress/Egress Filter Rules monitor both LAN/WAN packets/8 priority level setting. |
| Routing functions | |
| Router | IP and NetBIOS/IP-multi-protocol router. |
| Advanced routing and forwarding | Complete independent management and configuration of IP networks in the device, i.e. individual settings for DHCP, DNS, firewall, VLAN, routing, QoS etc. |
| DNS | DNS cache/proxy. |
| DHCP | DHCP client/relay/server. |
| NTP | NTP client, automatic adjustment for daylight-saving time. |
| Dynamic routing | It is with routing protocol of RIP v2. Learning and propagating routes. |
| Static routing | An instruction to re-route particular traffic through to another local gateway, instead of sending it onto the Internet with the rest of the traffic. A static route is just like a 'diversion sign' on a road. |
| High availability | |
| CARP |
|
| Hardware | |
| LAN |
|
| WAN |
|
| Console | 1 x console, RJ-45 |
| Reset | 1 x factory reset button |
| USB | 2 x USB host 2.0 |
| Support | |
| Warranty | 2-year limited warranty, technical support through e-mail and Internet FAQ/application notes. |
| Firmware upgrade | Free firmware upgrade from Internet. |
| Model | Ports | Wireless |
|---|---|---|
| Vigor 3900 | 4 Gigabit WAN & 1 SFP 2 Gigabit LAN & 1 SFP 2 USB + 1 Console for Admin. | None |
Click link to download PDF file