Draytek 2926-k Series Ethernet Router Firewall & Load-Balancer
Draytek 2926-k Series Ethernet Router Firewall & Load-Balancer
The Vigor 2926 series is our dual-Ethernet WAN firewall for load-balancing or failover. It’s also a fully featured firewall, VPN concentrator and content filtering device.
This latest router series includes support for professional features such as VLAN tagging, Gigabit Ethernet, built-in wireless LAN (Vigor 2926n or Vigor 2926ac). An alternative WAN connectivity is by a USB 3G/4G/LTE cellular modem which can be your primary WAN feed, backup or load-balanced with your fixed line.
echnical Specification (UK Hardware Spec.) Physical Interfaces LAN Ports (Switch) 5 X Gigabit Ethernet (1000Mb/s) Ports (Configurable Physical DMZ on Port4) LAN Port 5 Switchable with WAN2 (req. f/w 3.8.8 or later) WAN Ports: WAN1 : Gigabit Ethernet (1000Mb/s) Ethernet WAN2 : Gigabit Ethernet (1000Mb/s) Ethernet for load balance and WAN failover Switchable with LAN Port 5 WAN3 : USB 2.0 Port for 3G/4G Modem, thermometer or Printer WAN4 : USB 2.0 Port for 3G/4G Modem or Printer Wireless WAN – Wireless interface can provide WAN connectivity Performance Firewall: Up to 400Mb/s max IPSec VPN: Up to 60Mb/s max Load Balance/Failover Features Outbound Policy-Based Load-Balance to direct traffic via: NAT or Routing WAN Interface LAN Interface Specific LAN Gateway VPN Tunnel IP-Based or Session-Based Load Balance modes NEW! WAN Connection Fail-over BoD (Bandwidth on Demand) Configurable Load-Balance pool, specify WAN interfaces to load balance WAN Budget Wireless LAN Features ('n' and 'ac' Models Only) 2.4GHz 802.11n and 5GHz 802.11ac (Vigor 2926ac only) 2.4GHz 802.11n (Vigor 2926 'n' models) Backward Compatibility for 802.11b/g (Vigor 2926 'n' models) Backward Compatibility for 802.11a/b/g/n (Vigor 2926ac only) Wireless Features on Vigor 2926ac: 802.11ac (5Ghz) 4×4 MU-Mimo (5Ghz) Up to 4 Spatial Streams TX Beam Forming 1733Mb/s (5Ghz) + 300Mb/s (2.4Ghz) Total Link Rate Dual-band (2.4/5Ghz) simultaneous wireless 256QAM Extended DFS frequency range TX Beam Forming Multiple SSID : Create up to 4 virtual wireless LANs (independent or joined) Packet Aggregation and Channel Bonding Optional Higher Gain or directional aerials available – Click Here. Active Client list in Web Interface Wireless LAN Isolation (from VLAN groups and wired Ethernet interfaces) 64/128-bit WEP Encryption WPA/WPA2 Encryption Switchable Hidden SSID Restricted access list for clients (by MAC address) Time Scheduling (WLAN radio can be disabled at certain times of day) Time Scheduling for individual SSIDs Access Point Discovery WDS (Wireless Distribution system) for WLAN Bridging and Repeating 802.1x Radius Authentication Wireless VLAN Wireless Rate-Control Automatic Power Management 802.11e WMM (Wi-Fi Multimedia) Station Control, limit wireless client access time per day Airtime Fairness NEW! Band Steering NEW! Wireless WAN mode for WAN2, switchable with Ethernet (Wireless models only) NEW! WAN Protocols (Ethernet) DHCP Client Static IP PPPoE PPTP BPA Firewall & Security Features CSM (Content Security Management): URL Keyword Filtering – Whitelist or Blacklist specific sites or keywords in URLs Block Web sites by category (e.g. Adult, Gambling etc. Subject to subscription) Prevent accessing of web sites by using their direct IP address (thus URLs only) Blocking automatic download of Java applets and ActiveX controls Blocking of web site cookies Block http downloads of file types : Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU Time Schedules for enabling/disabling the restrictions Block popular P2P (Peer-to-Peer) file sharing programs Block Instant Messaging programs (e.g. IRC, Skype/Yahoo Messenger etc.) DNS Filter: Use DNS to enforce categorisation Web Portal Multi-NAT (32 WAN IPs per WAN1 & WAN2) DMZ Host DMZ Port (via LAN port P1, switchable) 40 Port Redirection rules 40 Open Port rules (10 port ranges per rule) Policy-Based Firewall MAC Address Filter SPI ( Stateful Packet Inspection ) with new FlowTrack Mechanism DoS / DDoS Protection IP Address Anti-spoofing E-Mail Alert and Logging via Syslog Bind IP to MAC Address User Management: Up to 200 Profiles Supports external authentication via LDAP or RADIUS Per User Bandwidth and Time Quota Schedule Control to delete or disable account automatically Bandwidth Management Quality of Service (QoS – For devices in the NAT subnets according to source or destination IP) Guaranteed Bandwidth for VoIP Class-based Bandwidth Guarantee by User-Defined Traffic Categories Layer 2&3 (802.1p & TOS/DCSP) DiffServ Code Point Classifying 4-level Priority for each Direction (Inbound / Outbound) Bandwidth Borrowed App QoS: Classify traffic by Application NEW! Temporary (5 minute) Quick Blocking of any LAN Client Bandwidth Limit (Shared or individual limit) Smart Bandwidth Limitation (Triggered by Traffic / Session) Session Limit Network/Router Management Web-Based User Interface (HTTP / HTTPS) CLI ( Command Line Interface ) / Telnet / SSH Web Console: Access CLI through Web Interface Administration Access Control Brute Force Protection Configuration Backup / Restore Configuration Import from Vigor 2920 and Vigor 2925 Built-in Diagnostic Function Firmware Upgrade via Web Interface, TFTP, FTP Logging via Syslog Supports SmartMonitor (up to 50 IPs monitored) SNMP v3 Management with MIB-II TR-069 TR-104 Access Point Management: Centrally Manage up to 20 DrayTek VigorAPs Switch Management: Centrallly Manage up to 10 DrayTek VigorSwitches NEW! VPN Facilities Up to 32 Concurrent VPN Tunnels (incoming or outgoing) Tunnelling Protocols: PPTP IPSec L2TP L2TP over IPSec DrayTek SSL GRE NEW! IPSec Features: Internet Key Exchange : IKEv1 (Main and Aggressive mode) & IKEv2 NEW! Security Protocols : AH mode, ESP mode DiffieHelman (DH) Groups: IKEv1 : 1,2,5,14 IKEv2 : 1,2,5,14,19,20,21 Encryption: DES / 3DES (168bits) AES (128/192/256bits) – Hardware-Accelerated Authentication – Hardware-Accelerated: MD5 SHA-1 SHA-256 IKE Authentication : Pre-shared Key or X.509 Digital Signature DHCP over IPSec NAT-Traversal (NAT-T) Dead Peer Detection (DPD) Port forwarding (Port Redirection, Open Ports) to remote clients connected via an IPsec LAN to LAN VPN SSL VPN for teleworkers – Up to 16 simultaneous users. Proxy or tunnel LAN-to-LAN & Teleworker-to-LAN connectivity MOTP (Mobile One Time Password) for two factor authentication (2FA) Virtual IP Mapping, map a remote IP subnet/range to another range to resolve IP subnet/range conflicts VPN Pass-Through Network Features Port-Based VLAN (Inclusive/Exclusive Groups) 802.1q VLAN Tagging Port Mirroring 802.1X Port Authentication Multi Subnet DHCP Servers with DHCP Relay LAN Clients : Up to 1022 per subnet (for subnets 1-3) Custom DHCP Option support Dynamic DNS DNSSEC support NEW! DNS Transparent Proxy DNS Caching LAN DNS (supports CNAME) NTP Client (Synchronise Router Time) Call Scheduling (Enable/Trigger Internet Access by Time) RADIUS Client LDAP Client TACACS+ Client High Availability NEW! Internal RADIUS Server NEW! Microsoft™ UPnP Support Maximum MTU 1534 Routing Protocols: Static Routing (30 routes) RIP V2 RIPng for IPv6 NEW! BGP NEW! Operating Requirements Rack Mountable (Optional Vigor RM1 mounting bracket required) Wall Mountable Temperature Operating : 0 °C ~ 45 °C Storage : -25 °C ~ 70 °C Humidity 10% ~ 90% (non-condensing) Power Consumption: 18 Watt Max. Dimensions: L240.96 * W165.07 * H43.96 ( mm ) Operating Power: DC 12V (via external PSU, supplied) Warranty : Two (2) Years RTB Power Requirements : 220-240VAC