Product Roadmap and Feature Update
Download
Report
Transcript Product Roadmap and Feature Update
Product Roadmap and
Feature Update
Tom Chen
Marketing Department
Agenda
Triple-Play Application
DrayTek ADSL2+ Products
DrayTek SDSL Products
DrayTek Dual-WAN Products
RoHS
New Features Update
Centralized System Manager - VigorView
UTM Solutions – VigorPro101 / VigorPro200
Triple-Play Application
Port / VLAN and PVC Mapping
Multi-PVC Setting
Multi-PVC Setting
VLAN Setting
Enable the VLAN setting if you want to
isolate the traffic
VLAN ID and PVC Mapping
Integration with Data and Voice
IGMP & Multicast
IGMP
(Internet Group Manage Protocol)
Host/router membership signalling protocol
Hosts use IGMP to join/leave groups
Routers use IGMP to build forwarding state
IGMP Proxy
Learn and proxy group membership information
Forward multicast packets based upon that
information
IGMP Snooping
Snoop on the IGMP negotiation between host and
server
Determine which Ethernet ports want what traffic
– IGMP membership reports
– IGMP leave messages
Avoid the flooding of multicast traffics on all
Ethernet ports
IGMP Proxy/Snooping Setting
Agenda
Triple-Play Application
DrayTek ADSL2+ Products
DrayTek SDSL Products
DrayTek Dual-WAN Products
RoHS
New Features Update
Centralized System Manager - VigorView
UTM Solutions – VigorPro101 / VigorPro200
Vigor2700e/Ge
Cost competivity ADSL2/2+ security router
Integrated with 802.11g WLAN
Wireless Security
– WEP/WPA/WPA2 Encryption, MAC Address Control and
Wireless LAN Isolation
IGMP Proxy & Snooping for video streaming
Firewall supports IP Filter, MAC Address Control,
DoS/DDoS Protection and URL Content Filter
Vigor2700 Series
High-integration with ADSL2+, 802.11g, VoIP and
ISDN
Wireless Security
– WEP/WPA/WPA2 Encryption, MAC Address Control,
Wireless LAN Isolation and Wireless VLAN
WDS (Wireless Distribution System) and Wireless
AP Discovery
IGMP Proxy & Snooping for video streaming
Multiple PVCs for triple-play application
Vigor2700 Series
Two FXS ports with six SIP registrars support
One PSTN/ISDN Loop-through
Supplementary services support Call Hold, Call
Waiting, Call Transfer, Call Forwarding, DND (Do
Not Disturb), Hotline and T.38
QoS
– Class-based bandwidth guarantee by user-defined
traffic categories
– 4-level priority for each direction (Inbound/Outbound)
– Assure bandwidth for own VoIP service
Vigor2700 Series
Firewall supports IP Filter, MAC Address Control,
DoS/DDoS Protection, Web/URL Content Filter and
IM/P2P Blocking
HTTPS and SSH secure management
Two VPN tunnels for teleworker and LAN-to-LAN
Automatic ISDN backup when ADSL2+ fails
Vigor2700 Product Line
2700
2700G
2700Gi
2700V
(2S)
2700VG
(2S)
2700V
(2S1L)
Annex Type
Wireless
A/B
-
A/B
802.11g
B only
802.11g
A/B
-
A/B
802.11g
A/B
-
A/B
802.11g
B only
802.11g
ISDN
-
-
V
-
-
-
2
2
2
V
FXS
2
PSTN
Loop-through
-
-
-
-
-
1
1
-
ISDN
Loop-through
-
-
-
-
-
-
-
V
2700VG
2700VGi
(2S1L)
2
Vigor2800 Series
High-integration with ADSL2+, 802.11g, VoIP and
ISDN
2nd WAN provides fail-over and policy-based load
balancing
SuperGTM provides up to 108Mbps data rate
Wireless Security
– WEP/WPA/WPA2 Encryption, MAC Address Control,
Wireless LAN Isolation, Wireless VLAN and 802.1x
Authentication
WDS (Wireless Distribution System), Wireless AP
Discovery and Rate Control support
Vigor2800 Series
Two FXS ports with six SIP registrars support
ISDN BRI interface for VoIP on-net/off-net calls
Supplementary services
– Call Hold, Call Waiting, Call Transfer, Call Forwarding,
DND (Do Not Disturb), Hotline and T.38
QoS
– Class-based bandwidth guarantee by user-defined
traffic categories
– 4-level priority for each direction (Inbound/Outbound)
– Assure bandwidth for own VoIP service
Vigor2800 Series
Firewall supports IP Filter, MAC Address Control,
DoS/DDoS Protection, Web/URL Content Filter
and IM/P2P Blocking
HTTPS and SSH secure management
32 VPN tunnels with hardware-based DES/3DES
encryption
One USB 1.1 host for USB printer
Automatic ISDN backup when ADSL2+ fails
Vigor2800 Product Line
2nd WAN
Wireless
ISDN
FXS
ISDN Onnet/Off-net
2800
2800G
2800i
2800Gi
2800V
2800VG 2800VGi
V
-
V
Super G
-
V
V
V
Super G
V
V
-
V
V
Super G Super G
V
-
-
-
-
2
-
-
-
-
2
2
V
Comparison of ADSL2+ CPEs
2700e
2700
2800
No G.lite,
G.lite.bis
No G.lite,
G.lite.bis
V
-
-
V
802.11g
802.11g
Super G
ISDN
-
Annex B Only
V
VPN Tunnels
0
2
32
FXS
-
2
2
ISDN On-net/Off-net
-
-
V
PSTN Loop-through
-
V
-
ISDN Loop-through
-
V
-
USB printer port
-
-
V
T1.413 Issue 2,
G.dmt, G.lite,
G.dmt.bis, G.lite.bis,
ADSL2+
2nd WAN
Wireless
MP Schedule
Products
Vigor2700e/Ge
Vigor2700/G
Vigor2700V/VG (2S)
Vigor2700V/VG (2S1L)
Vigor2700Gi/VGi (Annex B)
Vigor2800/G
Vigor2800V/VG
Vigor2800i/Gi
Vigor2800VGi
MP
Ready
Beginning of April
Beginning of April
Middle of April
End of April
Ready
Ready
Middle of March
Beginning of April
ADSL2+ CPE Roadmap
Vigor2800VGi
Vigor 2800i/Gi
Vigor 2800V/VG
Vigor 2800/G
Vigor 2700V/VG
(2S)
Vigor 2700Gi/VGi
(Annex B only)
Vigor 2700V/VG
(2S1L)
Vigor 2700/G
Vigor 2700e/Ge
Q4 ‘05
Q1 ‘06
Q2 ‘06
Agenda
Triple-Play Application
DrayTek ADSL2+ Products
DrayTek SDSL Products
DrayTek Dual-WAN Products
RoHS
New Features Update
Centralized System Manager - VigorView
UTM Solutions – VigorPro101 / VigorPro200
G.SHDSL
Symmetrical high-data-rate DSL
G.SHDSL will be a significant factor in the rapidly
growing worldwide marketplace for businessclass and residential SDSL.
Offers data at 192Kbps to 2.3Mbps over a single
pair
G.SHDSL - Application
Replace old leased-line (E1/T1) solution
G.SHDSL - Application
Enterprise Campus
Building
Vigor3100 Series
G.SHDSL security router
Symmetrical data rates up-to 2.3 Mbps ( Vigor3100
with one pair ) and 4.6 Mbps ( Vigor3120 with two
pairs )
Configurable CPE/CO for Back-to-Back
Application
QoS
– Class-based bandwidth guarantee by user-defined
traffic categories
– 4-level priority for each direction (Inbound/Outbound)
Vigor3100 Series
Firewall supports IP Filter, MAC Address Control,
DoS/DDoS Protection, Web/URL Content Filter and
IM/P2P Blocking
HTTPS and SSH secure management
32 VPN tunnels with hardware-based DES/3DES
encryption
One USB 1.1 host for USB printer
Vigor3100 Product Line
SDSL
Wireless
Availability
Vigor3100
Vigor3120
1 pair (2.3M)
2 pairs (4.6M)
Ready
TBD
Agenda
Triple-Play Application
DrayTek ADSL2+ Products
DrayTek SDSL Products
DrayTek Dual-WAN Products
RoHS
New Features Update
Centralized System Manager - VigorView
UTM Solutions – VigorPro101 / VigorPro200
Dual-WAN
Policy-Based Load-Balancing
Dynamic / Static weighted round robin
Fail-over
Bandwidth On Demand (BOD)
Will be available on Vigor2920 and
Vigor2800 (2nd WAN)
Load-balance Policy
Structurally similar to routing table but more
complete
Weight Setting for Dual-WAN
Vigor2920 Series
High-integration with 802.11g, VoIP and ISDN
Dual-WAN provides fail-over and policy-based
load balancing
SuperGTM provides up to 108Mbps data rate
Wireless Security
– WEP/WPA/WPA2 Encryption, MAC Address Control,
Wireless LAN Isolation, Wireless VLAN and 802.1x
Authentication
WDS (Wireless Distribution System), Wireless AP
Discovery and Rate Control
Vigor2920 Series
Two FXS ports with six SIP registrars
ISDN BRI interface for VoIP on-net/off-net calls
Supplementary services
– Call Hold, Call Waiting, Call Transfer, Call Forwarding,
DND (Do Not Disturb), Hotline and T.38
QoS
– Class-based bandwidth guarantee by user-defined
traffic categories
– 4-level priority for each direction (Inbound/Outbound)
– Assure bandwidth for own VoIP service
Vigor2920 Series
Firewall supports IP Filter, MAC Address Control,
DoS/DDoS Protection, Web/URL Content Filter and
IM/P2P Blocking
HTTPS and SSH secure management
32 VPN tunnels with hardware-based DES/3DES
encryption
One USB 1.1 host for USB printer
Automatic ISDN backup when WAN connection
fails
Vigor2920 product Line
Vigor2920 will be available in May
VoIP
Vigor2920
Vigor2920G
Vigor2920i
Vigor2920Gi
Vigor2920V
Vigor2920VG
Vigor2920VGi
Wireless
ISDN
V
V
V
V
V
V
V
V
V
V
Comparison Between
Vigor2900 & Vigor2920
Vigor2900
Vigor2920
Dual-WAN
-
V
Wireless
802.11g
Super G
X.509
-
V
SIP Registrar
2
6
ISDN On-net/Off-net
-
V
Agenda
Triple-Play Application
DrayTek ADSL2+ Products
DrayTek SDSL Products
DrayTek Dual-WAN Products
RoHS
New Features Update
Centralized System Manager – VigorView
UTM Solutions – VigorPro101 / VigorPro200
RoHS Impact
Vigor2500, Vigor2600 and Vigor2900 will be
phase-out and replaced by Vigor2700,
Vigor2800 and Vigor2920
Other products will be compliant before 1st
of July
RoHS Compliance
VigorTalk
Vigor2104
Vigor2200E-plus
Vigor2100
Vigor2200V
Vigor2500
Vigor2600
Vigor2700
Vigor2800
Vigor2900
Vigor3100
Vigor3300
Compliance
Yes
Yes
Yes
Yes
Yes
Phase-out
Phase-out
Yes
Yes
Phase-out
Yes
Yes
Note
Be replaced by Vigor2700
Be replaced by Vigor2800
Be replaced by Vigor2920
Agenda
Triple-Play Application
DrayTek ADSL2+ Products
DrayTek SDSL Products
DrayTek Dual-WAN Products
RoHS
New Features Update
Centralized System Manager – VigorView
UTM Solution – VigorPro101 / VigorPro200
New VPN Features
NAT Traversal (NAT-T)
Dead Peer Detection (DPD)
IPSec Pass-through NAT
The IPSec tunnel might be not established when a
NAT device between two peers
NAT Traversal (NAT-T)
RFC-3947 and RFC-3948 propose a solution
You could use DrayTek Smart VPN Client, but
need to update your Windows XP/2000
(http://support.microsoft.com/kb/818043/en-us)
NAT Traversal (NAT-T)
The UDP port 500 need to be opened on firewall if
VPN server behind it.
Dead Peer Detection (DPD)
RFC-3706 standard
Send HELLO/ACK message between two peers to
keep IPSec tunnel alive
Interoperability is better than old mechanism –
Ping to Keepalive
The IPSec tunnel will be re-established after six
packets failure
Bandwidth Management
Session Limitation
– Limit the clients’ NAT session for Internet access
Bandwidth Limitation
– Control the Internet access bandwidth for clients
Session Limitation
Bandwidth Limitation
Bind IP to MAC Address
A
ISDN On-net/Off-net
ISDN BRI interface for VoIP on-net/off-net calls
Support two VoIP calls in one ISDN-BRI
concurrently
ISDN On-net
Case 1
ISDN On-net
Case 2
ISDN Off-net
Case 1
ISDN Off-net
Case 2
Agenda
Triple-Play Application
DrayTek ADSL2+ Products
DrayTek SDSL Products
DrayTek Dual-WAN Products
RoHS
New Features Update
Centralized System Manager - VigorView
UTM Solutions – VigorPro101 / VigorPro200
Vigor View
A web-based centralized management tool with
hierarchical network
Router management
–
–
–
–
–
–
–
–
Firmware upgrade
Configuration backup/restore
Configuration for multiple routers
Traffic monitor
Syslog server
Secure VigorView
VPN connection wizard
Auto-provisioning Server
Log management
Requirement
Hardware
– Normal PC with Network
Device
– Vigor 2xxx, 3300 router
OS
– Linux or Windows XP/2000
Web Server
– Apache 2.X or Apache 1.X
PHP5
– Built in Sqlite support (database)
VPN Connection Wizard
Firmware Upgrade
Auto-Provisioning
Automatically download configuration and
upgrade firmware using HTTP protocol
Provisioning Server
Provide the VoIP settings and firmware for
device to provision
Syslog
Use Telnet command “sys name” or Router Name
on the Static/Dynamic IP of WUI to change router
name
WUI Configuration Windows
Modify the same setting for some routers
TUI Configuration Script
Apply one script file to some routers
# telnet script example
# set system name
sys name abc
# set domain name
sys domainname draytek.com
Router Status
Online Traffic
Traffic Graph
Schedule List
Secure VigorView
Secure VigorView
Management can be
via VPN tunnel if
router has VPN
capability
Command Log
System Log
Agenda
Triple-Play Application
DrayTek ADSL2+ Products
DrayTek SDSL Products
DrayTek Dual-WAN Products
RoHS
New Features Update
Centralized System Manager - VigorView
UTM Solutions – VigorPro101 / VigorPro200
UTM
Unified Threat Management
The unification of Firewall/VPN, Gateway, AntiVirus, IDP… into a single platform
Reduce Complexity
– Integrated functionality, all-in-one
Reduce management efforts
– Separate device: independent logging and multiple GUI
– Easy configuration & management
– Easy troubleshooting
What VigorPro™ Provide
All-in-one security firewall
– Unified Anti-Virus, Anti-Intrusion, Firewall, VPN, …
threat management
Network-level protection
– Block viruses at the point of network entry
– Provide protection of all hosts inside network edge
before threats intrude
Hardware-based real-time response
– CICP (Content Inspection Co-Processor)
– MSSI™ (Multi-Stack Stateful Inspection)
• Paten pending inline scanning
• No proxy: high throughput, low latency
What VigorPro™ Provide
Content-based protection
–
–
–
–
–
–
Scan all major network protocols
Scan POP3/SMTP/IMAP4
Scan own VPN tunnel
Scan FTP
Scan HTTP
Scan ZIP/GZIP/BZIP2
Lower TCO( Total cost of Ownership)
– All functionality can be managed remotely from HQ, no
IT personnel required for branch office
MSSI
MSSI™(Multi-Stack Stateful Inspection)
–
–
–
–
–
The patent-pending technology developed by DrayTek
Inline scanning
No proxy: scan on the fly, real-time response
Cross packets inspection
No file size limitation
Format Parser Stack
Decoder Stack
Decompression Stack
victim
VigorPro200
IDP Alert
Anti-Virus Alert
Dual WAN
1x 100/1000 Monitor Port
Up to 2x 100/1000 DMZ Ports
Up to 5x 100/1000 LAN Ports
Super G Wireless LAN
VigorPro101
Key Feature Comparison
Model
VigorPro101
VigorPro200e
VigorPro200
AV/IDP
v
--
v
VPN
50
200
200
LAN
4FE
5G
5G
WAN
2FE
2FE
2FE
DMZ
2
2
2
WLAN
SuperG11n
SuperG
SuperG
NAT
Session
TBD
20K
20K
Desktop Enforcement
DE is considered to be supported on
VigorPro
Force desktop/laptop inside network follow
the security policy
– AV software installation, get the most updated
virus signature
VigorPro, D-SWAT and Service
D-SWAT
The DrayTek Security Warning and Anti-attack Team
Research
–Hacking technique analysis
–Virus sample collection & analysis
–Exploit collection & analysis
Service
–Security portal website
–Virus signature update
–Security advisories
–News letter
Training
–Hacking Techniques
–Incident handling
Service Flow: AV/IDP
Step 3
DrayTek
Service portal
•Step 1. End user
purchases VigorPro100
From DrayTek’s reseller
Step 2
Internet
Distributor/
reseller
Step 1
•Step 2. Log on www.vigorpro.com for
registration
•Step 3. Activate or extend AV/IDP
services
Residential
SOHO
SMB users
Member of Vigor Protection
www.vigorpro.com
visitor
D-SWAT online
advisory
New signature
alert
User profile update
news alert subscription
Registration User
Product registration
Product maintenance
delete/reinstall/rename/transfer
Service
Activation/
Extension
Virus/IDP signature download
D-SWAT business hour tech
support
Submit virus
to DT Lab
Product Registration
Product’s nick name
Product serial number
Authentication code
(MAC address)
Product Maintenance
Service Maintenance
Product rename
Product delete
Product & service is
transferred
RMA, product is
transferred
License Key Projection
Type
A
B
IDP
Anti-Virus
DrayTek
DrayTek
-V
DrayTek
-KL
V
D-SWAT business
hour technical support
Q&A