El Vigor3900 es la solución más completa de la familia de ruteadores Draytek para las aplicaciones de VPN y múltiples WAN de nivel empresarial, este equipo garantiza la seguridad y los beneficios de ahorro de costos para las empresas a través de Múltiples VPN. Este router no solo ofrece cientos de túneles VPN compatibles con protocolos como PPTP/L2TP/IPSec/L2TP a traves de IPSec para satisfacer LAN-to-LAN remotas y las necesidades de comunicación seguras, sino también proporcionar conectividad SSL VPN para brindar un mejor acceso remoto a los usuarios.

Principales Características:

•4 puertos WAN Gigabit y 1 slot activo SFP.
•2 puertos LAN Gigabit y 1 slot activo SFP.
•500 Conexiones simultaneas de VPN.
•Soporta protocolos PPTP, IPSec, L2TP, L2TP over IPSec.
•Soporta 200 tuneles SSL.
•Bloqueo IM/P2P.
•Web Content Filter (requiere licencia).
•Multi-NAT.
•Redireccionamiento de Puertos.
•Administración de Ancho de Banda.
•QoS.
•CARP, protocolo de redundancia.

ALTO RENDIMIENTO GIGABIT

El Vigor3900 con cuatro puertos Gigabit Ethernet y un puerto SFP de fibra activa como interfaces WAN permite la incorporación de servicios de conexión a Internet de hasta cinco diferentes ISPs, estas cinco interfaces WAN puede hacer balanceo de carga para facilitar el uso del ancho de banda en la conexión. Además, el Vigor3900 con dos puertos Gigabit Ethernet y un puerto SFP fibra activa como interfaces LAN facilita gran cantidad de datos y el intercambio de aplicaciones de negocios.

CONFIABILIDAD EN LINEA ESTABLE

El Vigor3900 ofrece alta disponibilidad por Common Dirección Redundancy Protocol (CARP) para la operación confiable del negocio, incluso durante la crisis del sistema. El administrador de red puede configurar otro Vigor3900 como dispositivo de copia de seguridad pasiva de reserva en caso de falla del Vigor3900 principal.

Administración eficiente de Aplicaciones Corporativas, el CSM permite características más precisas y eficaces en el control del acceso de URL / filtrado de contenidos Web, mensajería instantánea y aplicaciones P2P. Por otra parte, Vigor3900 tiene ocho clases de configuración del nivel de prioridad que permiten al administrador priorizar mejor la importancia del uso del ancho de banda en detalle. El administrador puede utilizar limitación de ancho de banda para otorgar ancho de banda diferente para diferentes grupos de trabajo en base a su función de trabajo principal.

APLICACIONES DE VPN Y FIREWALL

El CSM permite características más precisas y eficaces para el control del acceso de URL / filtrado de contenidos Web, mensajería instantánea y aplicaciones P2P.

SMART MONITOR

¿Te gustaría obtener reportes de los sitios web que visitan tus usuarios GRATUITAMENTE? Se trata de un software gratuito propio de Draytek que captura y analiza información mediante una aplicación para de los ruteadores de la serie Vigor. Es muy útil para interpretar el uso de Internet y obtener información que te permita hacer los ajustes necesarios para optimizar el uso de ancho de banda y evitar el acceso a sitios web indeseados, mejorando así la seguridad e integridad de tus datos y equipos.

Yo te indico SIN COSTO donde descargar el software diseñado y creado por el fabricante, así como el manual de instalación y administración. Este software soporta hasta 500 equipos para el modelo Vigor 3900.

FILTRADO WEB POR CONTENIDO

La función de Filtrado Web por Contenido viene con 1 mes gratuito, si la pruebas y quieres seguir contando con esta función, será necesario adquirir la licencia por 1 año que tiene costo aparte. PD: Es la única función del equipo que requiere licencia.

REDUNDANCIA Y BALANCEO DE CARGAS CON MULTI-WAN

ESPECIFICACIONES TECNICAS:

1. WAN Protocol.-
•Ethernet: PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6

2. Multi WAN.-
•Outbound policy based load balance:
-Allow your local network to access Internet using multiple Internet connections with high-level of Internet connectivity availability.
•4 dedicated Ethernet WAN ports (10/100/1000Mbps) and 1 active fiber (SFP) slot.
•WAN fail-over or load-balanced connectivity.
•Redundancy:
*By WAN interfaces traffic volume.
*By destination IP address range.
*By fixed VPN connection.
•Flexible pooling rule setting.
•Service/IP based preference rules or auto-weight.
•Bandwidth on demand: Service/IP based preference rules or auto-weight.

3. VPN.-
•Prevent Replay Attack
•Protocols: PPTP, IPsec, L2TP, L2TP over IPsec.
•Up to 500 connections simultaneously: LAN to LAN, remote access (teleworker-to-LAN), dial-in or dial-out.
•VPN trunking: VPN load-balancing and VPN backup: VPN load-balancing and VPN backup.
•VPN throughput: Up-to 800 Mbps (LAN-to-LAN IPsec).
•NAT-traversal (NAT-T): VPN over routes without VPN pass-through.
•PKI certificate: Digital signature (X.509).
•IKE authentication: Pre-shared key; IKE.
•Authentication: Hardware-based MD5, SHA-1.
•Encryption: MPPE and hardware-based AES/DES/3DES.
•RADIUS client: Authentication for PPTP remote dial-in.
DHCP over IPsec: Because DrayTek add a virtual NIC on the PC, thus, while connecting to the server via IPSec tunnel, PC will obtain an IP address from the remote side through DHCP protocol, which is quite similar with PPTP.
•GRE over IPsec: Creating a virtual point-to-point link to various brands of routers at remote sites over an IP internetwork.
•Dead Peer Detection (DPD): When there is traffic between the peers, it is not necessary for one peer to send a keep-alive to check for liveness of the peer because the IPSec traffic serves as implicit proof of the availability of the peer.
•Smart VPN software utility: Provided free of charge for teleworker convenience (Windows environment).
•Easy of adoption: No additional client or remote site licensing required.
•Industrial-standard interoperability: Compatible with other leading 3rd party vendor VPN devices.
•CVM: Central VPN management manages VPN tunnels easily.

4. Content Filter.-
•IM/P2P blocking: Java applet, cookies, active X, compressed, executable, multimedia file blocking.
•Web content filter: Dynamic URL filtering database.
•Time schedule control: Set rule according to your specific office hours.

5. Firewall.-
•Stateful Packet Inspection (SPI): Outgoing/Incoming traffic inspection based on connection information.
•Multi-NAT: You have been allocated multiple public IP address by your ISP. You hence can have a one-to-one relationship between a public IP address and an internal/private IP address. This means that you have the protection of NAT (see earlier) but the PC can be addressed directly from the outside world by its aliased public IP address, but still by only opening specific ports to it (for example TCP port 80 for an http/web server).
•Port redirection: The packet is forwarded to a specific local PC if the port number matches with the defined port number. You can also translate the external port to another port locally.
•DMZ Port: This opens up a single PC completely. All incoming packets will be forwarded onto the PC with the local IP address you set. The only exceptions are packets received in response to outgoing requests from other local PCs or incoming packets which match rules in the other two methods.
•Policy-based IP packet filter: The header information of an IP packet (IP or Mac source/destination addresses; source /destination ports; DiffServ attribute; direction dependent, bandwidth dependent, remote-site dependent.
•DoS/DDoS prevention: Act of preventing customers, users, clients or other computers from accessing data on a computer.
•IP address anti-spoofing: Source IP address check on all interfaces only IP addresses classified within the defined IP networks are allowed.
•Notification: E-mail alert and logging via syslog.
•Bind IP to MAC address: Flexible DHCP with 'IP-MAC binding'.

6. System Management.-
•Web-based user interface (http or https): Integrated web server for the configuration of routers via Internet browsers with http or https
•Quick start wizard: Let administrator adjust time zone and promptly set up the Internet (PPPoE, PPTP, Static IP, DHCP).
•User management: Dial-in access management (PPTP/L2TP and mOTP) .
•CLI(Command Line Interface, Telnet/SSH): Remotely administer computers via the telnet.
•DHCP client/relay/server: Provides an easy-to configure function for your local IP network.
•Dynamic DNS: When you connect to your ISP, by broadband or ISDN you are normally allocated an dynamic IP address. i.e. the public IP address your router is allocated changes each time you connect to the ISP. If you want to run a local server, remote users cannot predict your current IP address to find you.
•Administration access control: The password can be applied to authentication of administrators.
•Configuration backup/restore: If the hardware breaks down, you can recover the failed system within an acceptable time. Through TFTP, the effective way is to backup and restore configuration between remote hosts.
•Port-based VLAN: Create separate groups of users via segmenting each of the Ethernet ports. Hence, they can or can't communicate with users in other segments, as required.
•Built-in diagnostic function: Dial-out trigger, routing table, ARP cache table, DHCP table, NAT sessions table, data flow monitor, traffic graph, ping diagnosis, trace route.
•NTP client/call scheduling: The Vigor has a real time clock which can update itself from your browser manually or more conveniently automatically from an Internet time server (NTP). This enables you to schedule the router to dial-out to the Internet at a preset time, or restrict Internet access to certain hours. A schedule can also be applied to LAN-to-LAN profiles (VPN or direct dial) or some of the content filtering options.
•Tag-based VLAN (802.1Q): By means of using a VLAN ID, a tag-based VLAN can identify VLAN group membership. The VLAN ID provides the information required to process the traffic across a network.Furthermore, the VLAN ID associates traffic with a specific VLAN group.
•Firmware upgrade via TFTP/http/TR-069: Using the TFTP server and the firmware upgrade utility software, you may easily upgrade to the latest firmware whenever enhanced features are added.
•Remote maintenance: With Telnet/SSL, SSH (with password or public key), browser (http/https), TFTP or SNMP, firmware upgrade via http or TFTP.
•Logging via syslog: Syslog is a method of logging router activity.
•SNMP management: SNMP management via SNMP v1/v2, MIB II.
•VigorACS SI Centralized Management: TR-069 based
•External Device: Auto-detection mechanism to manage Vigor devices such routers/ switches/APs
•Smart Monitor Traffice Analyzer: Support 200 PC Users

7. Certificate Management.-
•Advance encrypted method: A pair of public/priviate key for encryption/decryption.
•Comprehensive Certificate Authentication: Trusted CA / Local Certificate / CA server.

8. Bandwith Management.-
•Bandwidth management: Dynamic bandwidth management with IP traffic shaping.
•Bandwidth reservation: Reserve minimum and maximum bandwidths by connection based or total data through send/ receive directions.
•vDiffServ codepoint classifying: Priority queuing of packets based on DiffServ.
•Individual IP bandwidth/session limitation: Define session /bandwidth limitation based on IP address.
•vUser-defined class-based rules: More flexibility.
•vQoS: Ingress/Egress Filter Rules monitor both LAN/WAN packets / 8 priority level setting.

9. Routing Functions.-
•Router: IP and NetBIOS/IP-multi-protocol router.
•vAdvanced routing and forwarding Complete independent management and configuration of IP networks in the device, i.e. individual settings for DHCP, DNS, firewall, VLAN, routing, QoS etc.
•DNS: DNS cache/proxy.
•DHCP: DHCP client/relay/server.
•NTP: NTP client, automatic adjustment for daylight-saving time.
•Dynamic routing:
-It is with routing protocol of RIP v2/OSPFv2/V3*. Learning and propagating routes.
-Support BGP routing protocol.
•Static routing: An instruction to re-route particular traffic through to another local gateway, instead of sending it onto the Internet with the rest of the traffic. A static route is just like a 'diversion sign' on a road.

10. High Availability.-
•CARP:
-Common address redundancy protocol.
-Enhanced security with encrypted packet.

11. Hardware.-
•LAN:
- 2 x 10/100/1000M Base-TX LAN switch, RJ-45
- 1 x active fiber (SFP) slot
•WAN:
- 4 x 10/100/1000M Base-TX WAN switch, RJ-45
- 1 x active fiber (SFP) slot
•Console: 1 x console, RJ-45
•Reset: 1 x factory reset button
•USB: 2 x USB host 2.0

12. Support.-
•Warranty: 1-year limited warranty, technical support through e-mail and Internet FAQ/application notes.
•Firmware upgrade: Free firmware upgrade from Internet.