Vigor2925 Series is the IPv6 ready dual WAN broadband security firewall router. It ensures the business continuity for today and the future IPv6 network. Its two gigabit Ethernet WAN port can accept various high-speed Ethernet-based WAN links via FTTx/xDSL/Cable. The 2 USB ports are for 3G/4G LTE mobile broadband access. With the multi-WAN accesses, Vigor2925 routers support bandwidth management functions such as failover and load-balancing, making them ideal solutions for reliable and flexible broadband connectivity for the small business office.
Dual Gigabit Ethernet WAN ports for failover and load-balancing
The Gigabit Ethernet WAN ports cater for any type of Internet access, including FTTx, xDSL and Cable fitting your local infrastructure. You can then use both WAN 1 and WAN 2 for failover, ensuring that you will always have an access to the Internet even if one of the WAN fails, or for load-balancing so the 2 WANs share Internet traffic requirements of your organization.
2 USB 2.0 ports for 3G/4G LTE mobile, FTP drive and network printers
The two USB ports can be used for the connection of 3G/4G mobile broadband dongle, FTP drive and network printers. A 3G/4G mobile broadband connected to one of the 2 USB ports can be used as a second WAN for bandwidth management. The USB WAN interface can also be the primary access if the local fixed line service hasn’t been deployed yet. You can have 2 USB 3G/4G dongles connected to the USB ports, and assign one of these (WAN 3) to be the primary access and the other (WAN 4) as the fail-over back-up. And, you have the flexibility to convert back to fixed line services when these become available.
Object-based SPI Firewall for network security
Like all DrayTek routers, Vigor2925 Series supports Object-based SPI firewall and CSM (Content Security Management). The firewall allows setting of Call/Data Filters and DoS/DDoS prevention, whereas the CSM covers IM/P2P/Protocol filter, URL Content Filter and Web Content Filter.
With Objects settings, you can pre-define objects or groups for IP, service type, keyword, file extension, etc., and mix these with the Time Scheduler or the VLAN groups as required. Altogether this gives you peace of mind whether you are guarding a complicated network or a small office.
DrayTek Vigor2925 series inherited versatile firewall mechanism from previous Vigor series routers. The firewall allows setting of Call/Data Filters and DoS/DDoS prevention, whereas the CSM covers IM/P2P/Protocol filter, URL Content Filter and Web Content Filter. The object-based design used in SPI (Stateful Packet Inspection) firewall allows users to set firewall policy with ease. The object-based firewall is flexible and allows your network be safe. With Objects settings, you can pre-define objects or groups for IP, service type, keyword, file extension, etc., and mix these with the Time Scheduler or the VLAN groups as required. Altogether this gives you peace of mind whether you are guarding a complicated network or a small office. The DoS/DDoS prevention and URL/Web content filter strengthen the security outside and control inside. The enterprise-level CSM (Content Security Management) enables users to control and manage IM (Instant Messenger) and P2P (Peer-to-Peer) applications more efficiently. The CSM hence prevents inappropriate content from distracting employees and impeding productivity. Furthermore, the CSM can keep office networks threat-free and available.
By adoption of the world-leading Cyren GlobalView Web Content Filtering, you can block whole categories of web sites (e.g. sports, online shopping), subject to an annual subscription to the Cyren GlobalView WCF, which is timely updated with changed or new site categorizations. A free 30-day trial can be activated via activation wizard of Vigor2925 series routers’ web user interface.
The “User Management” implemented on your router firmware can allow you to prevent any computer from accessing your Internet connection without a username or password. You can set scheduler or maximum usage time to your employees within office network. The user accounts can also be restricted by any other aspect of the firewall rule on a user-by-user basis.
The Vigor2925 series support DrayTek’s SmartMonitor network traffic analyzer (up to 50 nodes), which captures actual live data of activities in your managed network, such as the content of MSN entering to or out of your network. You can track specified files download/upload or view statistics on data type activities to realize what corporate related information have been released accidentally or on purpose.
Because the IPv4 addresses are limited and IPv6 allows for a larger address space and much more efficient routing. The Vigor2925 series support IPv6 and IPv4. The Vigor2925 series can support IPv6 broker/tunnel services to provide IPv6 access using either AICCU or TSPC via 3rd party IPv6 providers if your ISP does not support IPv6 yet.
- can be run on any one of the WAN ports (ADSL/VDSL2, Ethernet or 3G; but the USB WAN port can run AICCU/TSPC tunnel mode only)
- can connect to direct native IPv6 ISPs
- can build tunnel to 3rd party IPv6 brokers using either AICCU or TSPC methods
- Default stateful firewall for all IPv6 LAN clients/ devices
- DHCPv6 Client
- Static IPv6 Client
- DHCPv6 & RADVD (Router Advertisement Server) for client configuration
- QoS for IPv6 with DiffServ
- IP Filtering Rules
- Router Management over IPv6 (Telnet/HTTP) with IPv6 access list
- Concurrent operation with IPv4 (“Dual-Stack”)
- Other router features are only available on IPv4
VLAN for secure and efficient workgroup management
Not only with 5 x Gigabit LAN ports for the needs of unified communication applications, such as CRM server, FTP server, Mail server, the Vigor2925 Series has the comprehensive VLAN function for management. The VLAN functions allow 5 subnets to be allocated for multiple workgroups. When combined with the NAT and firewall functions, you can design corporate network groups in terms of traffic, security level, priority settings, etc.
Applications such as VoIP, IPTV and Wireless SSID can also be integrated into VLAN tags and firewall objects, giving you the maximum flexibility in designing workgroups for your organization.
50 VPN tunnels; hardware based with comprehensive secure protocols
Up to 50 VPN tunnels are supported, each can be set to IPsec/PPTP/L2TP/L2TP over IPsec protocols, with hardware encryption of AES/DES/3DES. This level of VPN capability covers the requirements of most businesses for secure inter-office and remote data accessing. For the site-to-site application, Vigor2925 Series offers VPN load-balancing & backup to deliver the high performance and reliable remote access. For client-to-site, remote dial-in users can use up-to 25 SSL VPN tunnels to avoid the local network infrastructure limitation, there are 64 profiles on WUI, but it only allows 25 concurrent tunnels.
With the 5-port Gigabit switch on the LAN side provides extremely high speed connectivity for the highest speed local data transfer of any server or local PCs. The tagged VLANs (802.1q) can mark data with a VLAN identifier. This identifier can be carried through an onward Ethernet switch to specific ports. The specific VLAN clients can also pick up this identifier as it is just passed to the LAN. You can set the priorities for LAN-side QoS. You can assign each of VLANs to each of the different IP subnets that the router may also be operating, to provide even more isolation. The said functionality is tag-based Multi-subnet.
On the Wireless-equipped models (Vigor2925n) each of the wireless SSIDs can also be grouped within one of the VLANs.
With F/W 3.7.4, the embedded Central VPN Management (CVM) will let network administrator register up to 16 remote routers but run concurrent remote management over 8 remote routers.
APM provides the 3-step installation, plug-plug-press, and then wireless clients are able to enjoy surfing internet. Moreover, through the unified user interface of Draytek routers, the status of APs is clear at the first sight.
Supports Smart Monitor traffic report software
Vigor2925 series routers support Smart Monitor, DrayTek’s proprietary network traffic reporting software, for up to 50 users. This software monitors all incoming and outgoing network traffic, categorizes these into various activity and data types and provides statistics in various report types, so network administrators can monitor network activities for planning and/or fault locating purposes.
Flexible Network Management
Like all DrayTek routers, Vigor2925 Series routers support comprehensive network management functions. For example, you can set username/password and directory/file access privilege for individual users as required. There are also routing/network tables, system log, debugging utilities, etc., making network administrators’ jobs easy.
Other management features include SNMP, TR-069 and TR-104. TR-069 can be utilized with DrayTek’s VigorACS SI management software to remotely monitor and manage the Vigor2925 Series.
- NBN (National Broadband Network – Australia) Ready to connect to NTD (Network Termination Device)
- 2 x Gigabit WAN ports & 2 x USB ports for 3.5G / 4G Mobile with Load Balance and Fail-Over
- 5 x Gigabit LAN ports with 50,000 NAT sessions and IPv6
- Object-based SPI Firewall, Content Security Management (CSM) and QoS
- 50 x VPN tunnels with VPN load balance and redundancy, Central VPN Management & 25 x SSL VPNs
- 2 x USB 2.0 ports for 3.5G / 4G modems, USB disk storage, network printers & USB temperature sensor
- Central AP Management *
- Support Smart Monitor Traffic Analyzer (up to 50-nodes)
- Support TR-069 for VigorACS SI Central Management
- Temperature Monitoring (optional: USB Thermometer)
- 2 years back to base warranty
- WAN Feature
- Ethernet WAN
- IPv4 – DHCP Client, Static IP, PPPoE, PPTP, L2TP, 802.1p/q Multi-VLAN Tagging
- IPv6 – Tunnel Mode: PPP, TSPC, AICCU, 6rd* (6rd will be supported by firmware v3.7.3) Dual Stack: DHCPv6 Client, Static IPv6
- USB WAN
- Outbound Policy-based Load-balance
- WAN Connection Failover
- WAN Budgets*
- 50,000 NAT Sessions
- Ethernet WAN
- Network Feature
- DHCP Client/Relay/Server
- IGMP Version 2 and Version 3
- IGMP Snooping
- Dynamic DNS
- NTP Client
- Call Scheduling
- RADIUS Client
- DNS Cache/Proxy
- UPnP 30 sessions
- Multiple Subnets
- Port-based/Tag-based VLAN (802.1q)
- Layer-2 QoS (802.1p)
- Routing Protocol:
- Static Routing
- RIP V2
- Policy Routing
- DNS Cache/Proxy and LAN DNS
- Up to 50 VPN Tunnels
- Protocol : PPTP, IPsec, L2TP, L2TP over IPsec
- Encryption : MPPE and Hardware-based AES/DES/3DES
- Authentication : MD5, SHA-1
- IKE Authentication : Pre-shared Key and Digital Signature (X.509)
- LAN-to-LAN, Teleworker-to-LAN
- DHCP over IPsec
- IPsec NAT-traversal (NAT-T)
- Dead Peer Detection (DPD)
- VPN Pass-through
- VPN Wizard
- SSL VPN (Up to 25 Tunnels)
- VPN Trunk (Load-Balancing/Backup)
- Multi-NAT, DMZ Host, Port-redirection and Open Port
- Object-based Firewall, Object IPv6, Group IPv6
- MAC Address Filter
- SPI (Stateful Packet Inspection) (Flow Track)
- DoS / DDoS Prevention
- IP Address Anti-spoofing
- E-mail Alert and Logging via Syslog
- Bind IP to MAC Address
- Time Schedule Control
- 3.5G (HSDPA)/4G (LTE) as WAN
- Printer Sharing
- File System:
- Support FAT32 File System
- Support FTP Function for File Sharing
- Support Samba for File Sharing
- Bandwidth Management
- Class-based Bandwidth Guarantee by User-defined Traffic Categories
- Guarantee Bandwidth for VoIP
- DiffServ Code Point Classifying
- 4-level Priority for Each Direction (Inbound/Outbound)
- Bandwidth Borrowed
- Session Limitation
- Class-based Bandwidth Guarantee by User-defined Traffic Categories
- Bandwidth Limitation
- Default & Specific Limitation
- Auto Adjustment by Exceeding Session/Available Bandwidth
- TOS/DSCP QoS Mapping
- Smart Bandwidth Limitation (Triggered by Traffic/ Session)
- Network Management
- Web-Based User Interface (HTTP/HTTPS)
- Quick Start Wizard
- CLI (Command Line Interface, Telnet/SSH)
- Administration Access Control
- Configuration Backup/Restore
- Built-in Diagnostic Function
- Firmware Upgrade via TFTP/FTP/HTTP/TR-069
- Logging via Syslog
- SNMP Management MIB-II (v2/v3)
- Object-based SMS/ Mail Alert
- Management Session Time Out
- 2-level management (Admin/User Mode)
- User Management
- AP Management *
- External Device
- LAN Port Monitoring
- Support Smart Monitor (50)
- Content Security Management
- IM/P2P Applications
- GlobalView Web Content Filter (Powered by CYREN-90)
- URL Content Filter
- URL Keyword Blocking (Whitelist and Blacklist)
- Java Applet, Cookies, Active X, Compressed, Executable, Multimedia File Blocking
- Excepting Subnets
- TOS/DSCP QoS Mapping
- WAN Feature