The world is flooded with decent-looking ADSL firewall routers, but look again – not all are made equal. The £100 ($200) unit that suits a single user is not likely to have the features required for a remote office, secure home user, or small office, no matter what the features table on the box claims.
The latter require a unit that will remain current for at least three to four years, come with remote configuration capability, logging, some redundancy perhaps, excellent and stable performance, and convincing security. It will also need a simple on/off switch should an inexpert user be asked by a remote engineer to reset the damn thing in the event of troubleshooting.
DrayTek’s take on this concept is the Vigor 2820vn, where the ‘Vn’ stands for a combination of ‘VoIP’ and the ability to make 802.11n Draft 2.0 connections, but this is only the start of its impressive paper specification.
The 2820 has no fewer than four connectivity options, starting with most obvious, that of an ADSL 2+ port. However, most buyers will be interested in the second, that of the WAN port, which can be used to connect a second ADSL modem or separate connection through a router for dual-ISP link-up, a boon if your ISP is less than reliable.
Two connections means the ability to use one for WAN backup, or, in theory, load balancing. The exact parameters of this (which we didn’t test) will depend on the line speed of each connection, and the loads being shunted on to the links, but this is major attraction of the box. There is a separate model that comes with ISDN.
The core feature of this box is probably the one that this box will be bought for – as far as we could see you can failover from whatever primary line you set (ADSL, WAN, 3G) to either of the other two as long as you set the primary and backup lines in advance. So failover can go in any direction, but while you have three interfaces, failover can only choose one as the backup at a time – you can’t fail from one, and then fail again to a third if the second is also down. A small hardship.
The third connectivity mode is through a USB port, and lets the 2820 connect to a UK 3G network, supporting a wide range of modems and phones (alternatively a printer can be attached). This can be set up either as the primary Internet link or, as would be more likely given its lower throughput, as a backup. However, you can see situations where having 3G access might be convenient, such as when using the 2820 in a temporary location such as a show, or areas too far away to get conventional broadband.
Last, and probably least, the box can be bridged to another 2820, to use a remote link, using the WDS (wireless distribution system) feature, or used to set the unit as a repeater for the remote box to extend its range. What you can’t do is use all of the primary interfaces at once. The ADSL interface can only be used with either the WAN port or the 3G feature, not both at once.
As if all this isn’t enough, the 2820 is also a firewalled switch/router, including one Gigabit port, and comes with the aforementioned 802.11n support (as long as you use the separate Vigor N61 USB adaptor on the laptop or PC), and twin VoIP ports. It’s as if the designers sat down and wondered whether they could put every conceivable feature into one box without charging the earth. On that basis, they have succeeded.
The VoIP SIP interface supports two conventional handsets through an adaptor, which can be used simultaneously. For added convenience, a separate phone port passes through to the PSTN, allowing these handsets to access conventional phone lines, which might be desirable where, for instance, a local call plan works out cheaper or more stable than only using the VoIP connectivity.
Rapid boot, and achieved very good long-range connections using an 802.11g client. Very stable ADSL link with marginally lower latency than a 54G SRX 200 Linksys router used for comparison. The 802.11n throughput tests were not complete at review time. Failover and load balancing tests (using 3G), not complete at review time – these will be published at a future date.
In addition to conventional firewall rules, content filtering can be setup as either whitelisting or blacklisting certain sites, with the ability to restrict certain types of web object such as Java and ActiveX applets, proxies, cookies, and so on. Web filtering works by checking one or more from a long list of categories, tied to SurfControl’s Content Portal Authority. A range of DoS attacks can be blocked. Comprehensive VPNing through the usual PPTP, IPSec, L2TP, or ISDN dial-in, with very clear setup for what can often be a tricky element of a router’s make-up.
This is probably the most featured wireless router Techworld has ever tested and it sets a high standard for others to match. Its major selling point is that should the primary link go down, it can fall back to a second, an unusual feature in a box costing well under £200. The most likely setup for this would be the WAN or ADSL line going down and the 3G stepping in. There has been a trickle of other cheap routers that can do this, but none that manage it without compromising on other features and adding VoIP/PSTN integration to boot.
The bottom line for remote offices is remote access, logging, rock-solid security with plenty of fiddly parameters to cover every eventuality and decent VPN support. A new generation of routers is adding to this WAN failover, a real boon because this would not long ago have been an expensive feature. Gigabit is nice to have but 802.11n is probably optional because it involves upgrading the client adaptors.