Call us on 03333 11 00 66
DRAYTEK Vigor 3900
Manufacturer Part Code: V3900-K
Order Code: NPDRA-V3900
Category: Wired VPN Firewalls
Vigor 3900 High Performance Firewall + VPN Concentrator
Please note: For next business day delivery, this item must be ordered before 2:00pm
High Performance Multi-WAN VPN Appliance
The Vigor 3900 is a high-performance quad-Gigabit WAN firewall for high-performance applications. The 5 WAN ports on the Vigor 3900 can provide load balancing, WAN failover or bandwidth aggregation (increasing total bandwidth onto the Internet). Based on a new DrayTek OS platform, the Vigor 3900 combines high performance and capacity with DrayTek's traditional ease of use and comprehensive features set.
For multi-tenant or departmental flexibility, the Vigor3900 will support multiple LAN IP subnets, together with VLAN capbilities and user management, providing access to WAN resources only to the appropriate users or departments, as well as maintaining infrastructure effciency.
Four WAN ports for load-balancing or failover
Four Gigabit Ethernet WAN ports and one SFP slot (for fibre modules or an additional Ethernet module) provide 5 independent WAN ports for either load-balancing or failover applications. Gigabit Ethernet and SFP LAN Interfaces provide high speed connectivity to your LAN. Fibre is of particular use for longer distance deliveries, beyond the range of standard Ethernet, or where copper connections cannot be used. WAN Load-balancing weight or traffic-type rules can be set or on an automatic basis to spread WAN traffic evenly across all interfaces on a best-endeavour basis.
The Vigor 3900's firewall is fully stateful, with a flowtrack mechanism and comprehensive WAN defences, including DoS/DDoS protection and flexible IP packet filtering. On the content side, the Vigor 3900 has several methods of content filtering to control user access to the web to keep their access appropriate, safe and productive. That helps keep your network efficient, your data secure and your online productivity high.
Extensive QoS facilities allow for efficient local traffic handling, ensuring that critical traffic is given the appropriate priority and that your network topology handles data in the most efficient way to help avoid congestion and bottlenecks. WAN traffic can be assigned one of 8 different priority levels based on egress or ingress. Bandwidth can be reserved for critical applications.. Rules can be based on traffic type, users or IP source/desintations.
As a VPN endpoint/concentrator, the Vigor 3900 will support up to 500 simultaneous teleworker or LAN-to-LAN VPNs with a VPN throughput of up to 500Mb/s, thanks to its hardware-based VPN co-processor. VPN security includes certificate, MOTP or token/PSK based access and key-hash authentication to ensure maximum security.
By the use of multiple WAN connections, the Vigor 3900's VPN-Trunking features can increase the bandwidth/capacity of your VPN connections, creating a single virtual tunnel between locations using 2, 3 or all 4 WAN connections.
VPN Trunking is the facility to create more than one VPN tunnel, over a second Wan CONNECTION, to the same remote location in order to provide either increased bandwidth between the two sites (load balancing) or resilience (failover) in the event that one tunnel/connection is interrupted. The Vigor 3900 supports both Failover and Load Balancing modes for VPN Trunks.
The Vigor 3900 already supports load balancing to the Internet using its four-WAN ports. What VPN trunking does is enables a single virtual tunnel to be created across two or more WAN connections to the same remote location creating a single virtual tunnel, recombining the tunnel at the other end. As far as the traffic and LAN devices/clients are concerned, there is just a single tunnel, with increased bandwidth.
In the diagram above, you can see a single virtual tunnel as far as the LAN at each end is concerned. Within the router, two WAN connections are being used with each router, across which the VPN tunnel can be spread, increasing total capacity and/or redundancy (for failover).
The Vigor 3900's 'Virtual System' feature allows you to have VPN tunnels from remote networks which have the same subnet IP address as each other. For example, if two remote networks are both on 192.168.1.0/24, the vigor 3900 can access vPN tunnels from both remote sites and still allow full connectivity to the host LAN.
Feature due Q3/2012
For ease of remote access, the Vigor 3900 can provide up to 200 simultaneous SSL VPN web-proxy tunnels, remote access to your network possible from virtually anywhere with both security and ease and without the inconvenience or compatibility issues of installing a VPN client. As SSL is a standard Internet protocol (used for web sites) )SSL VPNs are also resilient to difficulties in creating tunnels through guest networks (web cafes, hotels etc.) where traditional IPSec/PPTP tunnels can often have difficulties. SSL encryption is strong too, using 128bit DES/3DES, RC4 or AES. Using MoTP, your teleworker passwords are strong and realtime; a password is generated in real-time by your mobile phone (iphone, Android etc.) which can be used once only, and only at the time its generated. You can read more about SSL VPNs and MoTP here.
For even greater resilience, the Vigor 3900 provides High Availability (HA). The CARP protocol (equivalent to VRRP or HSRP) lets you set up a master and secondary Vigor 3900 whereby in the event of the master unit failing, the secondary unit can seamlessly and automatically switch over. This can remove the possibility of a single point of failure within your routers. Additionally, multiple active Vigor3900's can provide reciprocal routing backup to other active Vigor3900s.