Vigor 2952 Dual-WAN High Performance Router/Firewall

MPN: V2952-K

Vigor 2952 Dual-WAN Router Firewall & Load Balancer

Vigor 2952 Dual-WAN Router Firewall & Load Balancer


The Vigor 2952 is a router/firewall with two Gigabit Ethernet WAN ports, providing load balancing or failover for two Ethernet WAN connections. WAN1 can be selected as either RJ-45 or SFP format (SFP is for fibre modules). There are four LAN RJ-45 ports (Gigabit), with optional Power over Ethernet output in the Vigor 2952P model.

The Vigor 2952 runs DrayTek's own DrayOS operating system, providing familiarity for users of other existing DrayTek products.

Vigor 2952 Front

The Vigor 2952 series supports many professional features such as VLAN tagging, QoS (Quality of Service Assurance), High Availability, DNS Filter, Policy Based Routing, and User Access Control. Wired and Wireless models also include our new Hotspot features. If you deploy DrayTek Wireless Access Points, the Vigor 2952 can act as the Central Management Controller (click on any of those links for an explanation of each feature).

Vigor 2952P - Integrated Power-over-Ethernet

The Vigor 2952 'P' model adds Power-over-Ethernet to the router's four Gigabit LAN ports, to power Wireless APs, IP cameras and IP phones without the need for a separate PoE switch.

  • For IP phones, wireless access points, IP Cameras etc.
  • 60W total Power budget, up to 30W per port
  • 4-ports 802.3af (PoE) and 802.3at (High Power PoE+)
  • Supports PoE Scheduling, Device check

See the 'Features' tab for more information on the Vigor 2952P's PoE features and capabilities.

Robust & Comprehensive Firewall

Security is always taken seriously with DrayTek routers. The firewall protects against attacks including DoS (Denial of Service) attacks, IP-based attacks and access by unauthorised remote systems. Wireless, Ethernet and VPN are protected by various protection systems.

The DrayTek object-based firewall allows even more setup flexibility than ever, enabling you to create combinations of users, rules and restrictions to suit multi-departmental organisations. The Vigor 2952 allows selective direction firewall rules of LAN to WAN, WAN to LAN or LAN to VPN. In addition, QoS (Quality of Service Assurance) can be selectively applied to specific users.

Central Management with VigorACS

The Vigor 2952 series (along with most other DrayTek routers, Access points and switches) can be centrally managed by our VigorACS central management platform.

This scalable solution provides visibility, control and reporting of your entire DrayTek product estate, ideal for dealers/SIs manageing customers' devices or any user who wants to know what's going on with their devices. VigorACS also provides features like automated/bulk firmware updates, VPN management and alarms for connectivity or other issues.

For full details of VigorACS, click here.

High Availability

For mission critical applications, a pair of Vigor 2952's can be set up in high-availability mode - also known as 'hardware failover'.

This removes the Vigor 2952 as a single point of failure if it ceases operation or is damaged - the standby router takes over operations.

See more details on High Availability here.

WAN Load Balancing & Backup

The Vigor 2952 features WAN connectivity via its two WAN Ethernet ports, one of which can connect to either SFP or Ethernet WAN links. The two USB ports allow for connection of up to 2 compatible 3G/4G modems for additional connectivity.

The ethernet ports can connect to DSL modems (e.g. Vigor 130), a cable modem or any other Ethernet-based Internet feed. The multiple WAN interfaces can be used either for WAN-Backup or Load Balancing. Load-balancing or failover supports IPv4 only currently (not IPv6).

WAN-Backup provides contingency (redundancy) in case of your primary Internet connection or ISP suffering temporary outage). Internet Traffic will be temporarily routed via the secondary Internet access. When normal services is restored to your primary Internet line, all traffic is switched back to that.

The USB port provides Internet connectivity (main, backup or load balanced) by connecting to a compatible USB modem (or cellphone) for access to the high speed 3G/4G/LTE cellular networks from UK providers such as Vodafone, O2, 3 and EE. If you don't have a wired Internet connection at all, the USB/3G/4G access method can be used as your primary/only Internet connection, ideal for temporary locations, mobile applications or where broadband access is not available.

Alternatively, if you will be making more regular use of 3G/4G/LTE, consider the Vigor 2862Ln model with its built-in cellular modem & SIM slot.


IPv6 - Next Generation Internet Routing

The Vigor 2952 supports IPv6 - the successor to the current IPv4 addressing system that has been used since the Internet was first created. IPv4 address space is full up and IPv6 allows for much more efficient routing and a larger address space. IPv6 is supported both from your own ISP, but if your ISP does not (yet) support IPv6, the Vigor 2952 also supports IPv6 broker/tunnel services to provide IPv6 access using either TSPC or AICCU via 3rd party IPv6 providers.

To learn all about IPv6, you can get our detailed guide to IPv6 here and you can view the IPv6 detailed support in the product specification tab.

Web Content Filtering

The content control features of the Vigor 2952 series allow you to set restrictions on web site access, blocking download of certain file or data types, blocking specific web sites with whitelists or blacklists, blocking IM/P2P applications or other potentially harmful or wasteful content. Restrictions can be per user, per PC or universal and according to time schedules.

Content filtering can also block sites using HTTPS/SSL where URLs are encrypted (and normal routers cannot block).

Using the GlobalView service, you can block whole categories of web sites (e.g. gambling, adult sites etc.), subject to an annual subscription, which is continuously updated with new or changed site categorisations or sites which have become compromised (such as infected with Malware). A free 30-day trial is included with your new router.

GlobalView Categories


User Management/Authentication

The Vigor 2952 has built-in user management which allows you to provide conditional internet access to individual users.

Apply Time and Data usage quotas to different users, based on their own unique login, which is stored in the router, or on an external Radius server.

For full details of this feature, click here.

USB Port for Ad-Hoc Storage / Logging

The Vigor 2952's USB port can also be used to add storage memory to the unit in the form of a USB memory key (as shown right).

The Vigor 2952 then provides FTP access file uploading/downloading which can be from the local LAN or from anywhere on the Internet - ideal for a simple to deploy file depository.

If you do have a USB memory key connected, you can also have the router save it's system logs (syslog) to that memory instead of to a connecting computer; useful for technical personnel (SysAdmins).

USB Memory

More Information
mpn V2952-K


Vigor 2952 Series


Product Code/EAN EAN Product Description Notes
V2952-K 4716779079227 Vigor 2952 (UK/IE)  
V2952P-K 4712909120814 Vigor 2952P (UK/IE) Power-over-Ethernet




Technical Specification (UK Hardware Spec.)

Vigor 2952 Datasheet

  • Physical Interfaces

    • WAN Ports:
      • WAN1 : Selectable:
        • RJ-45 Gigabit Ethernet (1000Mb/s) or
        • SFP Gigabit Slot for Fibre or other module (1000Mb/s)
      • WAN2 : RJ-45 Gigabit Ethernet (1000Mb/s)
      • WAN3 : USB 2.0 Port for 3G/4G Cellular Modem or NAS feature
      • WAN4 : USB 3.0 Port for 3G/4G Cellular Modem or NAS feature
    • LAN Ports:
      • 4 X RJ-45 Gigabit Ethernet (1000Mb/s) - LAN
  • Performance

    • Firewall: Up to 500Mb/s
    • IPSec VPN: Up to 200Mb/s
    • NAT Sessions : 60,000
  • PoE Specification ('P' Model Only)

    • 4-ports 802.3af (15 & 802.3at (High Power) PoE PSE
    • 60 Watts Total Power Budget for PoE
    • Auto Detection of Powered Device (PD) and Consumption Levels
    • Supports per Port Power Consumption Monitoring
    • PoE PD Scheduling (per port)
    • PoE PD Status / Ping monitoring - restart PoE PD port on no connectivity (per port)
  • Load Balance/Failover Features

    • Outbound Policy-Based Load-Balance to direct traffic via:
      • NAT or Routing
      • WAN Interface
      • LAN Interface
      • Specific LAN Gateway
      • VPN Tunnel
    • IP-Based or Session-Based Load Balance modes
    • WAN Connection Fail-over
    • BoD (Bandwidth on Demand)
    • Configurable Load-Balance pool, specify WAN interfaces to load balance
    • WAN Budget
  • WAN Protocols (Ethernet)

    • DHCP Client
    • Static IP
    • IPv4 / IPv6
    • PPPoE
    • PPTP
    • L2TP
  • IPv6 Features

    • Operation on all of the WAN ports
    • Default-Deny Firewalling
    • Static IP, DHCPv6 or PPP
    • Connectivity to ISPs provided direct/native IPv6
    • Built-in tunnelling to IPv6 brokers:
      • TSPC
      • AICCU
      • 6in4
      • 6rd
    • Default stateful firewall for all IPv6 LAN Clients/Devices
    • DHCPv6 & RADVD for client configuration
    • IP Filtering Rules
    • QoS for IPv6 with DiffServ
    • Router Management over IPv6 (Telnet/HTTP) with IPv6 Access List
    • Dual-Stack (Concurrent) operation with IPv4)
  • Firewall & Security Features

    • CSM (Content Security Management):
      • URL Keyword Filtering - Whitelist or Blacklist specific sites or keywords in URLs
      • Block Web sites by category (e.g. Adult, Gambling etc. Subject to subscription)
      • Prevent accessing of web sites by using their direct IP address (thus URLs only)
      • Blocking automatic download of Java applets and ActiveX controls
      • Blocking of web site cookies
      • Block http downloads of file types :
        • Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
        • Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
        • Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
      • Time Schedules for enabling/disabling the restrictions
      • Block popular P2P (Peer-to-Peer) file sharing programs
      • Block Instant Messaging programs (e.g. IRC, MSN/Yahoo Messenger etc.)
    • DNS Filter: Use DNS to enforce categorisation
    • Hotspot Web Portal
    • Multi-NAT (32 WAN IPs per WAN1 & WAN2)
    • DMZ Host
    • DMZ Port (via LAN port P1, switchable)
    • 40 Port Redirection rules
    • 40 Open Port rules (10 port ranges per rule)
    • Policy-Based Firewall
    • MAC Address Filter
    • SPI ( Stateful Packet Inspection ) with new FlowTrack Mechanism
    • DoS / DDoS Protection
    • IP Address Anti-spoofing
    • E-Mail Alert and Logging via Syslog
    • Bind IP to MAC Address
    • User Management:
      • Up to 200 Profiles
      • Supports external authentication via LDAP or RADIUS
      • Per User Bandwidth and Time Quota
      • Schedule Control to delete or disable account automatically
  • Bandwidth Management

    • Quality of Service (QoS)
      • Guaranteed Bandwidth for VoIP
      • Class-based Bandwidth Guarantee by User-Defined Traffic Categories
      • Layer 2&3 (802.1p & TOS/DCSP)
      • DiffServ Code Point Classifying
      • 4-level Priority for each Direction (Inbound / Outbound)
      • Bandwidth Borrowed
      • App QoS: Classify traffic by Application
    • Temporary (5 minute) Quick Blocking of any LAN Client
    • Bandwidth Limit (Shared or individual limit)
    • Smart Bandwidth Limitation (Triggered by Traffic / Session)
    • Session Limit
  • Network/Router Management

    • Web-Based User Interface (HTTP / HTTPS)
    • CLI ( Command Line Interface ) / Telnet / SSH
    • Web Console: Access CLI through Web Interface
    • Administration Access Control
    • Configuration Backup / Restore
    • Configuration Import from Vigor 2920, Vigor 2925, Vigor 2930, Vigor 2950 & Vigor 2955
    • Built-in Diagnostic Function
    • Firmware Upgrade via Web Interface, TFTP, FTP
    • Logging via Syslog
    • Supports SmartMonitor (up to 50 IPs monitored)
    • SNMP v3 Management with MIB-II
    • TR-069
    • TR-104
    • Access Point Management: Centrally Manage up to 30 DrayTek VigorAPs
  • VPN Facilities

    • Up to 100 Concurrent VPN Tunnels (incoming or outgoing)
    • Tunnelling Protocols:
      • PPTP
      • IPSec
      • L2TP
      • L2TP over IPSec
      • DrayTek SSL
      • GRE NEW!
    • IPSec Features:
      • Internet Key Exchange : IKEv1 (Main and Aggressive mode) & IKEv2 NEW!
      • Security Protocols : AH mode, ESP mode
      • DiffieHelman (DH) Groups:
        • IKEv1 : 1,2,5,14
        • IKEv2 : 1,2,5,14,19,20,21
      • Encryption:
        • DES / 3DES (168bits)
        • AES (128/192/256bits) - Hardware-Accelerated
      • Authentication - Hardware-Accelerated:
        • MD5
        • SHA-1
        • SHA-256
      • IKE Authentication : Pre-shared Key or X.509 Digital Signature
      • DHCP over IPSec
      • NAT-Traversal (NAT-T)
      • Dead Peer Detection (DPD)
      • Port forwarding (Port Redirection, Open Ports) to remote clients connected via an IPsec LAN to LAN VPN
    • SSL VPN for teleworkers - Up to 50 simultaneous users. Proxy or tunnel
    • LAN-to-LAN & Teleworker-to-LAN connectivity
    • MOTP (Mobile One Time Password) for two factor authentication (2FA)
    • Virtual IP Mapping, map a remote IP subnet/range to another range to resolve IP subnet/range conflicts
    • VPN Pass-Through

    • Up to 50 Concurrent VPN Tunnels (incoming or outgoing)
    • SSL Application support for RDP, VNC & Samba
    • Encryption/Authentication : RC4 (128bits), AES (128bits), DES/3DES
    • X.509 Digital Signature
  • Network Features

    • Port-Based VLAN (Inclusive/Exclusive Groups)
    • 802.1q VLAN Tagging
    • Port Mirroring
    • 802.1X LAN Port Authentication
    • Multi Subnet DHCP Servers with DHCP Relay
    • Custom DHCP Option support
    • Dynamic DNS
    • DNS Transparent Proxy
    • DNS Caching
    • LAN DNS (supports CNAME)
    • NTP Client (Synchronise Router Time)
    • Call Scheduling (Enable/Trigger Internet Access by Time)
    • RADIUS Client
    • LDAP Client
    • TACACS+ Client
    • Internal RADIUS Server
    • PPPoE Server
    • Microsoft™ UPnP Support
    • High Availability
    • Routing Protocols:
      • Static Routing
      • RIP V2
  • Certificate Management

    • Trusted CA
    • Local Certificate
  • Operating Requirements

    • Rack Mountable (brackets included)
    • Operating Temperature:
      • Vigor 2952: 0 °C ~ 45 °C
      • Vigor 2952P: 0 °C ~ 40 °C
    • Storage : -25 °C ~ 70 °C
    • Humidity 10% ~ 90% (non-condensing)
    • Silent operation (fanless)
    • Power Consumption:
      • Vigor 2952: 19 Watt Max.
      • Vigor 2952P: 100 Watt Max with full PoE budget usage.
    • Dimensions: L273 * W176 * H46 ( mm )
    • Operating Power: 220-240VAC directly to unit
    • Warranty : Two (2) Years RTB
©2022 CMS Distribution. All Rights Reserved.