DrayTek Vigor 2955 review

UTM Lab/review?

I've used Draytek for a number of years now and always recommend them for home use. However, I wouldn't consider them suitable for the smb. How about a comprehensive UTM device lab for this market (Sonicwall, Watchguard, Fortigates, Barracuda, Juniper etc)?

By mike916 on 10 May 2010

Promising

I've yet to get the Java SSL tunnel working from Firefox on linux where as IE ActiveX works fine on Windows. If you don't actually need the SSL VPN the Vigors work well for IPSEC and PPTP but I feel the SSL is less than perfect on the Java-Linux side. That said the connection speed of the VPN (other than SSL) seems very good and I've only scratched the surface of the numerous firewall filtering options.

The ability to watch net traffic with the free SmartMonitor may appeal to schools etc.

By Powernumpty on 13 May 2010

SSL - possibly overrated

We've played with various hardware gateways of this kind, but always found the Java clients to be surprisingly slow and clunky. We then discovered SSH, which is most closely associated with remote terminal access by sysops, but which can also be used for tunneling. Since moving over to a software-only solution (WinSSH, for those who are interested) our always-on VPN has been much, much faster and more responsive and frankly, more reliable. As it happens we do use DrayTek routers, which are amazingly reliable (our secondary router is coming up to 10 years old, in fact!). But the VPN is managed on a server, with minimal resource overhead. I now have major doubts about the wisdom of committing your VPN management to an appliance: they're usually costly, and pile on the additional subscription charges at the drop of a hat. I agree with mike916 that such devices are not necessarily suitable for SMBs.

By MadaboutDana on 13 May 2010

But can you kick it

There may be some advantage to a "Box you can point at" for SOX auditors.
We tried SSH tunnelling and OpenVPN (brilliant) but it's harder to quantify and assess security if the VPN endpoint is on a server with other software.

By Powernumpty on 13 May 2010

incoming load balancing granularity?

because of bandwidth capping, I have two separate cable internet accounts, so two cable modems in my house.

I bought a netgear FVS336Gv2 dual wan router/firewall, but its incoming load balancing is all manual, it seems, which is a pain.

My ideal situation is to have the dual wan router just sip equally from both cable modems, ideally at a fine granularity (per-connection balancing would be awesome).

Can anyone say how the 2955 performs with respect to incoming load balancing across the wan ports?

Thanks in advance!

By godofbiscuits on 7 Sep 2010

Incoming load balancing

I passed your query to Draytek and it came back with this response:

"If no rules are set up then the router will allocate new connections alternately between the two WAN feeds. Obviously, the router cannot tell in advance what the data volume will be for any given connection so the actual volume of data cannot be perfectly balanced between the two connections. One PC can have many connections at once so even if there's just one active PC, each of its connections (say an FTP download and a web browsing session) can use different WAN links.”

Hope this helps.

By DaveMitchell on 8 Sep 2010

Thanks, Dave!

That's exactly the info I was looking for.

That also *appears* to be the behavior of the netgear FVS336Gv2. From its user manual:

"To use multiple ISP links simultaneously, select Load Balancing. In Load Balancing mode, either WAN port will carry any outbound protocol unless protocol binding is configured."

That sounds to me like the identical behavior to what the Draytek folks described, doesn't it?

By godofbiscuits on 9 Sep 2010