Draytek DV2927AC Dual WAN Wireless Broadband Security Firewall VPN Routers 802.11AC
DV2927AC
Dual WAN Wireless Broadband Security Firewall VPN Routers 802.11AC
OVERVIEW
The Vigor2927 Series are dual-Ethernet WAN Firewall routers providing Load-Balancing and Failover for reliable Internet accesses. Featuring VPN, QoS, Route Policy, Firewall, Content Filtering, Bandwidth Management, Captive Hotspot Portal and a lot more, these are the ultimate routers for SMBs.
1 x Gigabit Ethernet WAN port and 1 x configurable GbE WAN/LAN port for Failover, Load-Balancing and High Availability mode
Two USB 2.0 ports for connection to two 3G/4G LTE USB modems, FTP server, network printer and thermometer
5 x Gigabit LAN ports with multiple subnets and 60,000 NAT sessions
50 x VPN tunnels (including 25 x SSL-VPN tunnels) with comprehensive secure protocols
Fast VPN throughput, VPN load-balancing and backup for site-to-site applications
16 x VLANs for secure and efficient workgroup management
IPv6 & IPv4
Up to 1022 IP addresses and 8 IP subnets
Integrated IEEE 802.11ac (AC1300) wireless Access Point; dual band; up to 867 Mbps throughput (ac/Vac model)
2 x FXS VoIP ports (Vac model)
High Availability mode.
Object-based SPI Firewall and CSM (Content Security Management) for network security.
Supports VigorACS 2 and VigorACS 3 Central Management Systems for remote management.
SD WAN capability when used with VigorACS 3.
Central VPN Management for 8 remote Vigor routers.
Central AP Management for deployment of 20 VigorAP's.
Central Switch Management for 10 VigorSwitches.
SPECIFICATION
-
Brand:
Draytek -
Physical Interfaces:
WAN Ports: 1x Gigabit Ethernet (1G/100M/10M), RJ-45
WAN/LAN Switchable Ports: 1x Gigabit Ethernet (1G/100M/10M), RJ-45
LAN Ports: 5x Gigabit Ethernet (1G/100M/10M), RJ-45
2x Removable Wireless antennas
2x USB 2.0 Ports for 3G/4G Modem, thermometer or Printer
Wireless On / Off / WPS button
Recessed Factory Reset button -
NAT Performance:
950 Mb/s NAT Throughput for Single WAN with Hardware Acceleration
1.8Gb/s Total NAT Throughput for Dual WAN with Hardware Acceleration
800 Mb/s NAT Throughput per WAN
60,000 NAT Sessions
8000 Hardware Accelerated NAT Sessions -
VPN Performance:
300 Mb/s IPsec (AES256) VPN Performance
800 Mb/s Hardware Accelerated IPsec VPN Performance - New! (requires f/w 4.2.1)
120 Mb/s SSL VPN Performance
Max. 50 Concurrent VPN Tunnels
Max. 25 Concurrent SSL VPN / OpenVPN Tunnels -
WAN Interfaces:
WAN1: Gigabit Ethernet
WAN2: Gigabit Ethernet
WAN3: 2.4GHz Wireless WAN
WAN4: 5GHz Wireless WAN
WAN5: 4G/LTE USB Modem
WAN6: 4G/LTE USB Modem -
Internet Connection:
Load Balancing: IP-based, Session-based
Hardware Acceleration
802.1p/q Multi-VLAN Tagging
Multi-VLAN/PVC
2.4GHz & 5GHz Simultaneous Wireless WAN
WAN Active on Demand: Link Failure, Traffic Threshold
Connection Detection: PPP, ARP Detect, Ping Detect
WAN Data Budget
Dynamic DNS
DrayDDNS - with automated LetsEncrypt Certificates
Full Feature-set Hardware Acceleration (requires f/w 4.2.1): Hardware Accelerated Quality of Service, Multi-WAN Data Budget, Traffic Graph & Data Flow Monitor, Bandwidth Limit
IPv4 Connection Types: PPPoE, DHCP, Static IP, PPTP/L2TP
IPv6 Connection Types: Ethernet: PPP, DHCPv6, Static IPv6, TSPC, AICCU, 6rd, 6in4 Static Tunnel, 4G/LTE Modem & USB 4G/LTE Modem: TSPC, AICCU -
Wireless Features:
AC1300 - 11ac 'Wave 2' Dual Band Wireless:
- 802.11ac 2x2 wireless access point
- Compatible with 802.11a/b/g/n wireless
- Dual-band (2.4/5Ghz) simultaneous wireless
- Up to 866Mbps PHY rate at 80MHz with 5GHz
- Up to 400Mbps PHY rate at 40MHz with 2.4GHz (256-QAM)
- Channel Bandwidth: 20/40MHz for 2.4GHz, 20/40/80MHz for 5GHz
- MU-MIMO
- Tx Beamforming
Mesh Root support with DrayTek VigorAP Mesh Nodes
Up to 4 SSIDs per radio band
Extended 5Ghz Band - Channels 36-48, 52-64, 100-140
Wireless Optimisation: Airtime Fairness, AP-Assisted Mobility, Band Steering
Bandwidth Management (Per Station / Per SSID)
WMM (Wireless MultiMedia)
WPS - WiFi Protected Setup
Station Control - Time limited wireless connectivity per Station (e.g. 1 hour)
EAPOL Key Retry - Disable EAPOL Key Retry to protect unpatched WLAN clients from KRACK
Wireless Security: WPA2, WPA3, Pre-Shared Key authentication, Enterprise 802.1x authentication, WEP/WPA for Legacy Clients, Access Control - Blacklist / Whitelist client MAC addresses per SSID -
Firewall & Content Filtering: IP-based or User-based Firewall Policy
User-based Time Quota
DoS Attack Defence
Spoofing Defence
Content Filtering: Application Content Filter, URL Content Filter, DNS Keyword Filter, Web Features, Web Category Filter (requires GlobalView subscription) -
NAT Features: NAT Port Redirection
Open Ports
Port Triggering
DMZ Host
UPnP
ALG (Application Layer Gateway): SIP, RTSP, FTP, H.323
VPN Pass-Through: PPTP, L2TP, IPsec -
LAN Management:
802.1q Tag-based, Port-based VLAN
Up to 8 LAN Subnets (NAT or Routing mode selectable per LAN interface)
Up to 16 VLANs
DMZ Port
DHCP Server: Multiple IP Subnet, Custom DHCP Options, Bind-IP-to-MAC, DHCP Pool Count up to 1022 addresses for LANs 1-3, DHCP Pool Count up to 253 addresses for LANs 4-8, DHCP Relay per LAN
LAN IP Alias
Wired 802.1x Port Authentication
Port Mirroring
Local DNS Server
Conditional DNS Forwarding
Hotspot Web Portal
Hotspot Authentication: Click-Through, Social Login, SMS PIN, Voucher PIN, RADIUS, External Portal Server -
Networking Features:
Policy-based Routing: Protocol, IP Address, Port, Domain/Hostname, Country
High Availability: Active-Standby, Hot-Standby
DNS Security (DNSSEC)
Local RADIUS server
SMB File Sharing (Requires external storage)
Multicast: IGMP Proxy, IGMP Snooping & Fast Leave, Bonjour
Routing Features: IPv4 & IPv6 Static Routing, Inter-VLAN Routing, RIP v1/v2/ng, BGP -
VPN: Up to 50 active VPN tunnels - including up to 25 SSL VPN or OpenVPN Tunnels
Up to 16 Hardware Accelerated 800Mb/s IPsec tunnels - New! (requires f/w 4.2.1)
LAN-to-LAN - Dial-In VPN Server & Dial-Out VPN Client
Teleworker-to-LAN - Dial-In VPN Server
User Authentication: Local, RADIUS, LDAP, TACACS+, mOTP
IKE Authentication: Pre-Shared Key and Digital Signature (X.509)
Encryption: MPPE, DES, 3DES, AES (128/192/256)
Authentication: SHA-256, SHA-1
VPN Trunk (Redundancy): Load Balancing, Failover
Dead Peer Detection (DPD)
IPsec NAT-Traversal (NAT-T)
Virtual IP Mapping - Resolve VPN IP subnet/range conflicts
DHCP over IPsec
DrayTek VPN Matcher - Connect to a VPN router that's behind NAT/CG-NAT - New!
VPN Protocols: IPsec IKEv1, IKEv2, IKEv2 EAP, IPsec-XAuth, DrayTek SSL VPN, OpenVPN (Remote Dial-In User only), GRE over IPsec, PPTP, L2TP, L2TP over IPsec -
Bandwidth Management: IP-based Bandwidth Limit
IP-based Session Limit
User-based Data Quota -
Quality of Service (QoS): Classify via TOS, DSCP, 802.1p, IP Address, Service Type
4 Priority Queues
App QoS
VoIP Prioritization
Class-based Outbound Traffic Tagging: DSCP & IP Precedence -
Management: Local Service: HTTP, HTTPS, Telnet, SSH, FTP, TR-069
Config File Export & Import
Import Config from Vigor 2926
Auto Backup Config to USB Storage
Firmware Upgrade via TFTP, HTTP, TR-069
2-Level Administration Privilege
Access Control Features: Access List, Brute Force Protection
Syslog
SMS, E-mail Notification Alert
SNMP: v1, v2c, v3
Managed by VigorACS -
Router Central Management Features:
AP Management: Up to 20 VigorAP access points
Switch Management: Up to 10 VigorSwitch network switches
VPN Management: Up to 8 Vigor routers -
Operating Requirements: Rack Mountable (Optional Vigor RM1 mounting bracket required)
Wall Mountable
Temperature Operating: 0 oC ~ 45 oC
Storage: -25 oC ~ 70 oC
Humidity 10% ~ 90% (non-condensing)
Operating Power: DC 12V (via external PSU, supplied)
Power Requirements : 220-240VAC
Dimensions: 241mm Width, 165mm Depth, 44mm Height