DrayTek Vigor 2955 review

DrayTek has garnered quite a reputation for delivering affordable UTM security appliances, but the latest Vigor 2955 shows a new direction since it focuses on providing firewalling, WAN failover plus load balancing, web category filtering and support for both IPsec and SSL VPNs.

With the 2955, DrayTek doesn’t levy extra charges for VPN licences. The base price includes unlimited user support, so you can employ the maximum of 200 simultaneous VPN tunnels out of the box. Web filtering is currently handled by SurfControl, but this is being discontinued so DrayTek plans to switch to GlobalView, which can also block compromised websites and will cost £49 per year for unlimited users.

This compact desktop box offers five Gigabit ports for the LAN and a pair of Fast Ethernet WAN ports for which it can perform policy-based load balancing or failover. The 2955 can use the second WAN port as an on-demand link that only comes up when internet traffic reaches a predefined threshold. You can also connect a 3G modem to the USB port at the front and use this as a standby internet connection, or plug in a printer and share it over the network.

The appliance’s web interface is simple to use and a quick-start wizard helps configure the primary WAN port for internet access. It’s worth setting up network objects at this stage since these are used to represent hosts, IP address ranges, services and so on, and will simplify firewall rule creation.

DrayTek’s IM and P2P controls are excellent: not only can you create objects for selected nuisance apps, you can control precisely what can be done with them. For example, we allowed our users to login with Live Messenger but were able to block activities such as file transfers, video or audio calls and game playing. We could also easily block all our LAN client’s BitTorrent activities.

For SSL VPNs, choose from three encryption strengths and you can create up to ten web proxy profiles to define your internal servers. Only RDP, VNC and Samba services can be defined for external browser access to network resources, but DrayTek also offers an SSL Tunnel Client.

Downloaded on demand from the appliance as an ActiveX or Java app, the client creates a virtual adapter on the remote user’s system, which gives them full access to the main network as determined by their credentials. When the connection is closed, the client shuts down and closes the tunnel. However, no cache cleanup is included in the log-off process, so the client’s browser history isn’t removed at the end of each session.

Basic web browsing controls come as standard, where you implement black or white URL keyword lists. Although not available when we tested the 2955, we’ve already seen the GlobalView category filtering when we looked at Netgear’s ProSecure STM150. This uses the same service and delivered top performance during our filtering tests.

Traditionally, SSL VPNs have been far easier to use but more costly than IPsec VPNs. The Vigor 2955 gives you the best of both worlds, making this appliance particularly good value.