Review: Draytek Vigor 2955 SSL VPN firewall

The rise in popularity of teleworking and other remote access applications makes it hardly surprising that SSL VPNs have proved a godsend to many companies with a distributed workforce.

Aimed at SMEs needing an all-in-one remote access and internet connectivity solution, the Draytek Vigor 2955 is a combination dual-WAN router, advanced firewall and hardware-accelerated SSL VPN appliance supporting up to 200 concurrent VPN tunnels.

Physically, the Vigor 2955 is solidly built and is housed in an all-metal case. All network ports - five Gigabit Ethernet LAN ports and two 10/100Mbit/s WAN ports - are at the front. Rack-mounting brackets are included in the box.

A single USB port allows use of a 3G dongle for additional WAN redundancy, or alternatively it can be used for attaching hard drives or printers. Any two of the three WAN ports can be enabled at once, and can work in failover/failback mode (which it does very smoothly) or using automatic or rules-based load balancing to route different types of traffic down different WAN interfaces.

Help and support
As usual with Draytek, support documentation is not lacking, although it does sometimes suffer from clunky English. Detailed application notes, FAQs and guides are freely available on the Draytek web site. With lots of practical examples and tips, these are an invaluable resource for those just getting to grips with VPN technology.

Setting up VPN users (up to 200 can be created) is simple using the web management interface. For SSL VPNs you can configure three built-in services: VNC or RDP remote desktops and Samba file sharing.

Once you've configured an application, adding it to a user's profile is a simple check-box process. Users can be authenticated locally, or using Radius or LDAP. Mobile One-Time Passwords are also supported using a free application for Java-enabled phones.

Allowed applications are visible as links on the simple client web portal, along with an ActiveX or Java SSL Tunnel applet that gives full VPN tunnel access, just like a standard VPN client.

This works well, although in Vista and Windows 7 the browser needs to be run with administrator privileges. If this is not practical, the SmartVPN client software can be used instead to establish the SSL tunnel, a workaround that negates some of the benefits of SSL VPNs.

SSL proxies (to allow remote access to web servers behind the firewall) and standard VPN tunnels of all flavours are also supported, and there are built-in wizards to help you through the intricacies of setting up LAN-to-LAN or teleworker-to-LAN connections.

VPN throughput
Total VPN throughput is quoted as 50Mbit/s and LAN-to-LAN connections can use VPN bonding, meaning that you can join two separate tunnels together for better performance or to add redundancy.

The Vigor 2955 supports Draytek's free Smart Monitor software, which allows full traffic analysis and logging when run on a PC connected to the dedicated LAN monitor port. Even if you don't need this, there's also useful real-time data traffic monitoring available within the management interface.

The breadth of the Vigor 2955's capabilities are very impressive for the price. There's a full policy-based firewall and free category-based web filtering (this was the free SurfControl version in our review unit, but this will shortly be replaced by a more powerful Globalview service costing £49+VAT per year), plus comprehensive bandwidth management and quality of service settings.

2 x 10/100Mbit/s Ethernet WAN ports, 1 x USB WAN port for 3G HSPA dongle, 5 x 10/100/1000Mbit/s LAN ports, 90Mbit/s total WAN throughput, 50Mbit/s total VPN throughput, USB NAS and print server, Dimensions (DxWxH) 16.6 x 27.3 x 4.5cm, power consumption 22W (max)