High Performance Multi-WAN VPN Appliance
The Vigor 3900 is a high-performance quad-Gigabit WAN router for high-performance applications including remote access, firewalling, load-balancing and failover. Its WAN throughput runs at up to 1Gb/s, adequate for the most demanding SME applications. The WAN ports on the Vigor 3900 can provide load balancing or WAN failover. Based on a new DrayTek OS platform, the Vigor 3900 combines high performance and capacity with DrayTek's traditional ease of use and comprehensive features set.
For multi-tenant or departmental flexibility, the Vigor3900 will support multiple LAN IP subnets, together with VLAN capabilities and user management, providing access to WAN resources only to the appropriate users or departments, as well as maintaining infrastructure effciency.
Four WAN ports for load-balancing or failover
Four Gigabit Ethernet WAN ports and one SFP slot (for fibre modules or an additional Ethernet module) provide 5 independent WAN ports for either load-balancing or failover applications. Gigabit Ethernet and SFP LAN Interfaces provide high speed connectivity to your LAN. Fibre is of particular use for longer distance deliveries, beyond the range of standard Ethernet, or where copper connections cannot be used. WAN Load-balancing weight or traffic-type rules can be set or on an automatic basis to spread WAN traffic evenly across all interfaces on a best-endeavour basis.
The Vigor 3900's firewall is fully stateful, with a flowtrack mechanism and comprehensive WAN defences, including DoS/DDoS protection and flexible IP packet filtering. On the content side, the Vigor 3900 has several methods of content filtering to control user access to the web to keep their access appropriate, safe and productive. That helps keep your network efficient, your data secure and your online productivity high.
Extensive QoS facilities allow for efficient local traffic handling, ensuring that critical traffic is given the appropriate priority and that your network topology handles data in the most efficient way to help avoid congestion and bottlenecks. WAN traffic can be assigned one of 7 different priority levels for egress and 2 levels for ingress. Bandwidth can be reserved for critical applications.. Rules can be based on service type, users or IP source/desintations.
In this example, VoIP traffic identified and given highest priority
and given a priority of 3:1 over email.
As a VPN endpoint/concentrator, the Vigor 3900 will support up to 500 simultaneous teleworker or LAN-to-LAN VPNs with a VPN throughput of up to 700Mb/s, thanks to its hardware-based VPN co-processor. VPN security includes certificate, MOTP or token/PSK based access and key-hash authentication to ensure maximum security.
By the use of multiple WAN connections, the Vigor 3900's VPN-Trunking features can increase the bandwidth/capacity of your VPN connections, creating a single virtual tunnel between locations using 2, 3 or all 4 WAN connections.
VPN Trunking is the facility to create more than one VPN tunnel, over a second Wan connection, to the same remote location in order to provide either increased bandwidth between the two sites (load balancing) or resilience (failover) in the event that one tunnel/connection is interrupted. The Vigor 3900 supports both Failover and Load Balancing modes for VPN Trunks.
The Vigor 3900 already supports load balancing to the Internet using its four-WAN ports. What VPN trunking does is enables a single virtual tunnel to be created across two or more WAN connections to the same remote location creating a single virtual tunnel, recombining the tunnel at the other end. As far as the traffic and LAN devices/clients are concerned, there is just a single tunnel, with increased bandwidth.
In the diagram above, you can see a single virtual tunnel as far as the LAN at each end is concerned. Within the router, two WAN connections are being used with each router, across which the VPN tunnel can be spread, increasing total capacity and/or redundancy (for failover).
For ease of remote access, the Vigor 3900 can provide up to 50 simultaneous SSL VPN tunnels or web-proxy links. SSL Web-Proxy makes remote access to your network possible from virtually anywhere without the inconvenience or compatibility issues of installing a VPN client. As SSL is a standard Internet protocol (used for web sites) SSL VPNs are also resilient to difficulties in creating tunnels through guest networks (web cafes, hotels etc.) where traditional IPSec/PPTP tunnels can often have difficulties. SSL encryption is strong too, using 128bit DES/3DES or AES. Using MoTP, your teleworker passwords are strong and realtime; a password is generated in real-time by your mobile phone (iphone, Android etc.) which can be used once only, and only at the time its generated. You can read more about SSL VPNs and MoTP here. In addition to Web-proxy mode, full SSL VPN tunnelling is supported for Windows OS, macOS, iOS / iPhone / iPad and Android, with the Smart VPN Client freely available on the UK downloads page.
For even greater resilience, the Vigor 3900 provides High Availability (HA). The CARP protocol (equivalent to VRRP or HSRP) lets you set up a master and secondary Vigor 3900 whereby in the event of the master unit failing, the secondary unit can seamlessly and automatically switch over. This can remove the possibility of a single point of failure within your routers. Additionally, multiple active Vigor3900's can provide reciprocal routing backup to other active Vigor3900s.