Vigor 3912S VPN Enterprise Router with 256GB SSD for hosting docker Linux applications
- Multi-WAN Router with over 12Gbps NAT Throughput
- Suricata-based Intrusion Detection System – New!
- 8x WAN/LAN Switchable Ports & 4x fixed Ethernet LAN Ports
- 256GB SSD and 8GB DDR4 for hosting Docker Linux applications – New!
- 2x 10GbE SFP+ and 2x 2.5GbE for WAN/LAN
Additional SSD Storage for Docker Linux Applications
Make use of the additional disk space available on Vigor 3912S routers, where some applications such as Ubuntu, Suricata, and VigorConnect are pre-installed.
The Docker container system is also present, coupled with Portainer graphic interface that makes installation of additional Docker applications quick and easy. Additional functionality such as a web server and many other containers can be run simultaneously on this quad-core router.
Suricata Intrusion Detection System
The well-known open-source IDS system by Suricata can help with network safety. With over 60k rules, including 6k+ CVE definitions, this platform can alert the network administrator about threats, including malware, network intrusions, DoS attacks, and data breaches.
Simply, activate the Suricata protection application from the WUI of the router with the matter of a few clicks to enable advanced security options.
Powerful 12Gb Capable Internet Gateway
The Vigor 3912S is specially designed to cope with the throughput demands of large networks and as a VPN concentrator, has suitable processing power to meet the demands of hundreds of active VPN tunnels.
Firewall and NAT throughput of the router can reach over 12 Gigabits per second when connected via multiple interfaces including the 10 Gigabit SFP+ ports which help to spread over multiple Internet connections with Load Balancing.
The Vigor 3912S accelerates LAN-to-LAN IPsec VPN throughput up to 5 Gigabits per second, with up to 500 active VPN tunnels it can provide enough throughput to each tunnel, without becoming a bottleneck to the user experience.
The SSL VPN capabilities of the Vigor 3912 series are also increased, with over 3 Gigabit per second of total SSL VPN throughput, suitable to cater to the bandwidth requirements of up to 200 active SSL VPN users.
High-Performance VPN Concentrator
A feature central to DrayTek routers is its VPN (Virtual Private Networking) capabilities. A VPN enables you to link remote offices and branch offices back to HQ, or home-based/mobile teleworkers back to your office.
Once connected, they have access to your office/remote resources through a secure encrypted tunnel allowing remote desktop, file sharing and seamless access to other resources and devices.
The Vigor 3912S allows you to have up to 500 simultaneous VPN tunnels to remote offices or teleworkers, with up to 5Gbps of VPN throughput.
It supports all common industry standard protocols, encryption types and authentication methods (see specification tab for full support list). Teleworkers can authenticate directly with your LDAP server if preferred.
The Vigor 3912S supports VPN trunking; this allows you to create tunnels down multiple WAN connections to a remote site in order to increase bandwidth. VPN trunking also provides failover (backup) of your VPN route down a secondary WAN connection.
You can learn more about DrayTek VPN here. Teleworkers can also use 2FA (Two factor authentication) such as Mobile One-Time Passwords (MOTP) or Time-based One-time Password (TOTP).
Load Balancing - Ultimate Resiliency & Reliability
The Vigor 3912S features Multi-WAN connectivity with up to 8 WAN interfaces:
- 4 RJ-45 1GbE ports
- 2 RJ-45 2.5GBase-T (backwards compatible with 1GbE) ports
- 2 SFP+ module slots
The Ethernet and 2.5GBase-T ports can be connected to:
- Leased Lines
- DSL modems (e.g. Vigor 166) for ADSL 2+, VDSL and G.Fast connectivity
- 4G and LTE through the Vigor 2620Ln in LTE bridge mode
- Cable modems
- Any other Ethernet-based Internet feed
The SFP+ ports, when fitted with an optional SFP+ or SFP module, can be linked to 1GbE or 10GbE uplinks, through Fibre or any other link type with a suitable transceiver.
Fibre is of particular use for longer distance deliveries, beyond the range of standard Ethernet, or where copper connections cannot be used.
These multiple WAN interfaces can be used either for WAN-Backup or Load Balancing with Policy-based Routing giving you full control of where and how traffic is routed. Load-balancing or failover supports IPv4 only currently (not IPv6).
WAN-Backup provides contingency (redundancy) in case of your primary Internet connection or ISP suffering temporary outage. Internet Traffic will be temporarily routed via the secondary Internet access. When normal services are restored to your primary Internet line, all traffic is switched back to that.
Flexible WAN & LAN Ports
The Vigor 3912S features 12 physical ports in total, with 8 ports that can be switched between LAN and WAN usage to fit your network requirements, with many combinations being possible, including:
- 8 WAN interfaces with 4 LAN ports
- 1 WAN interface with 11 LAN ports
These configurable LAN or WAN interfaces consist of:
High Availability
For even greater resilience, the Vigor 3912S provides High Availability (HA), with both a primary and secondary router able to provide connectivity to your network and subnets.
In the event of the primary unit failing, the secondary unit will take its place on the network, automatically switching over to resume Internet, routing and VPN connectivity with no intervention required. This can remove the possibility of a single point of failure within your routers.
With Config Sync, the two routers are managed as a single unit, so that any changes made to the primary router will automatically propagate to the secondary router, ensuring it’s ready to take over at any time.
Read more about DrayTek High Available here.
Manage Multiple Networks
The Vigor 3912S features a hugely flexible local network interface, with the router managing up to 100 separate Local Networks (or Subnets) through the use of 802.1Q VLAN Tags. Each network can be used in NAT or Routing modes, containing anywhere from 253 to 4093 devices each, with larger subnet support.
Each of the 100 VLAN subnets can be isolated from each other, for example to feed different companies or departments but keeping their local traffic completely separated. With Inter-LAN routing, specified networks can be allowed to communicate with each other or share resources, with the router’s Firewall controlling access.
To take full advantage of VLAN tagging, the Vigor 3912 series can be connected to any one of the switches from the DrayTek VigorSwitch range such as the VigorSwitch PQ2200xb.
For more detailed explanation about VLANs click here.
Robust & Comprehensive IPv4 / IPv6 Firewall
Security is always taken seriously with DrayTek routers. The firewall protects against attacks including DoS (Denial of Service) attacks, IP-based attacks and access by unauthorised remote systems.
The DrayTek object-based firewall allows even more setup flexibility than ever, enabling you to create combinations of Firewall rules and Content Filtering to suit a large office environment, applying Content Filtering to the whole network, only specified devices or just the network that guests can connect to.
The Vigor 3912S supports IPv6 - the successor to the current IPv4 addressing system that has been used since the Internet was first created. IPv6 can be provided directly by your ISP, but if your WAN interfaces do not (yet) support IPv6, the Vigor 3912S also supports IPv6 broker/tunnel services to provide IPv6 access using either TSPC or AICCU via 3rd party IPv6 providers over each of its interfaces.
The advanced networking features of the Vigor 3912 series, such as the object-based Firewall, Quality of Service, Content Filtering and VLANs support both IPv4 and IPv6 networks.
10GbE SFP+ and 2.5GbE Ports
The Vigor 3912S goes beyond 1 Gigabit throughput per port, with both 2.5GbE RJ-45 (copper) ports and 10GbE SFP+ ports.
The faster 10 Gigabit uplink capability allows you to make high bandwidth links to both WAN connections and LAN devices.
10GbE capable switches such as the VigorSwitch PQ2200xb allow you to expand the router’s ports without the risk of creating a bottleneck. Connect other 10GbE capable devices such as Network Attached Storage and Servers to provide more throughput to your network.
The SFP+ ports provide compatibility with your choice of SFP / SFP+ modules (not included) and therefore the most appropriate medium for your application.
Connect a passive Direct Attach SFP+ cable such as the DrayTek DAC-CX10-01M to the SFP+ module port of 1Gbps/10Gbps capable Switches, Network Attached Storage and Servers, for a cost effective, up to 10Gbps network link.
The 2.5GbE ports can be connected to other devices that support the 2.5GbE standard over standard Cat5e copper cabling, or as they are backwards-compatible with 1GbE, they can be used simply to expand the number of available RJ-45 ports on the router.
Web Content Filtering with DNS Filter
The content control features of Vigor routers allow you to set restrictions on web site access, blocking download of certain file or data types, blocking specific web sites with whitelists or blacklists, blocking IM/P2P applications or other potentially harmful or wasteful content. Restrictions can be per user, per PC or universal and according to time schedules.
Content filtering can also block sites using HTTPS/SSL where URLs are encrypted (and normal routers cannot block).
Using the GlobalView service, you can block whole categories of web sites (e.g. gambling, adult sites etc.), subject to an annual subscription, which is continuously updated with new or changed site categorisations or sites which have become compromised (such as infected with Malware). A free 30-day trial is included with your new router.
DrayTek SSL VPN
The Vigor 3912S supports up to 200 DrayTek SSL VPN tunnel connections, with over 3Gbps of throughput available.
These encrypted tunnels link your teleworkers or remote DrayTek Vigor routers back to your main office using SSL/TLS technology - the same encryption that you use for secure web sites such as your bank.
Site to site VPN tunnels can connect branch offices to a main office, with DrayTek SSL VPN encryption securing the connection between the two offices, a TLS encrypted HTTPS tunnel which can be more secure than PPTP, and easier to configure than an IPsec VPN tunnel.
Teleworkers can easily create a secure DrayTek SSL VPN tunnel to the DrayTek Vigor 3912S using the DrayTek Smart VPN Client app, which is free and supports Windows OS, macOS, Apple iOS (iPad, iPhone) and Android.
SSL VPN is simple to configure, providing a more secure alternative to Point to Point Tunneling Protocol (PPTP VPN); which has known weaknesses and is no longer considered to be secure. Setup is similar to a PPTP VPN tunnel in that it authenticates with an SSL VPN Username and Password.
You can learn more about DrayTek SSL VPNs here.
Central Management with VigorACS
The Vigor 3912S (along with most other DrayTek routers, Access points and switches) can be centrally managed by our VigorACS central management platform.
This scalable solution provides visibility, control and reporting of your entire DrayTek product estate, ideal for dealers/SIs managing customers' devices or any user who wants to know what's going on with their devices. VigorACS also provides features like automated/bulk firmware updates, VPN management and alarms for connectivity or other issues.
For full details of VigorACS, click here.
DrayDDNS – Dynamic DNS with LetsEncrypt support
DrayTek provides a free Dynamic DNS address to each Vigor 3912 series router, allowing you to link the router's current IP address to a memorable "drayddns.com" hostname, such as "vigor3912.drayddns.com".
This address automatically updates whenever the Internet connection's IP changes, so if one WAN’s IP address allocation is dynamic, or the IP changes when switching from the primary WAN connection to a backup, you can easily locate and access your Vigor 3912 series router. Just use the hostname to access the router's VPN services, management and any other services you have made accessible through the router.
The Vigor 3912S can also authenticate your DrayDDNS hostname with free SSL/TLS certificates provided by LetsEncrypt, the router manages the certificate process and keeps the certificate up to date and ready for use with SSL VPN and other services.
Quality of Service & Bandwidth Control
Prioritise latency-sensitive applications on your network with Quality of Service.
Use 4 separate queues to give priority to servers & PCs (IP address), services such as VoIP or DNS, or packet tagging used by IP phones with 802.1p and DSCP support
Auto Voice VLAN allows the router to automatically prioritise VoIP calls as they pass through the router without additional configuration.
Control throughput with Bandwidth Limit, by setting speed limits for all clients individually, groups of IPs, or a shared bandwidth limit for a whole subnet, such as a Guest network.
Central AP & Switch Management
The Vigor 3912S can manage DrayTek VigorAP access points and VigorSwitch switches connected locally to the router. This enables you to centrally control, manage and administer multiple AP & Switch devices installed around your building/campus from just the one router.
Central AP Management
The DrayTek router operating as the wireless controller can provision up to 50 DrayTek VigorAP access points with Central AP Management profiles, with an option to Auto Provision - auto configuring newly installed VigorAP access points with the Auto Provisioning profile, upon initial connection to the DrayTek Vigor router's network.
Central Switch Management
DrayTek VigorSwitch switches can be provisioned and managed through the router with DrayTek’s Central Switch Management system, which allows you to:
- Easily provision VLAN configuration and other port settings directly from the router.
- Set bandwidth rate limits and schedules for individual ports.
- Log switch events for alert notifications if network problems occur
- At a glance see the devices connected on your network with a virtual topology.
VigorConnect
The extra disk space on Vigor 3912S routers supports additional applications to be installed and run for monitoring or management purposes. The VigorConnect platform can be enabled from the Web User Interface of the router, enabling local management of DrayTek VigorSwitches and VigorAPs to up 100 nodes.
Provision & Manage VigorAPs with a DrayTek Vigor router
For further details of the central management feature, click here.