Product Roadmap and Feature Update Tom Chen Marketing Department

Agenda Triple-Play Application DrayTek ADSL2+ Products DrayTek SDSL Products DrayTek Dual-WAN Products RoHS New Features Update Centralized System Manager - VigorView UTM Solutions – VigorPro101 / VigorPro200

Triple-Play Application

Port / VLAN and PVC Mapping

Multi-PVC Setting

VLAN Setting Enable the VLAN setting if you want to isolate the traffic

VLAN ID and PVC Mapping

Integration with Data and Voice

IGMP & Multicast

IGMP (Internet Group Manage Protocol) Host/router membership signalling protocol Hosts use IGMP to join/leave groups Routers use IGMP to build forwarding state

IGMP Proxy Learn and proxy group membership information Forward multicast packets based upon that information

IGMP Snooping Snoop on the IGMP negotiation between host and server Determine which Ethernet ports want what traffic –IGMP membership reports –IGMP leave messages Avoid the flooding of multicast traffics on all Ethernet ports

IGMP Proxy/Snooping Setting

Agenda Triple-Play Application DrayTek ADSL2+ Products DrayTek ADSL2+ Products DrayTek SDSL Products DrayTek Dual-WAN Products RoHS New Features Update Centralized System Manager - VigorView UTM Solutions – VigorPro101 / VigorPro200

Vigor2700e/Ge Cost competivity ADSL2/2+ security router Integrated with g WLAN Wireless Security –WEP/WPA/WPA2 Encryption, MAC Address Control and Wireless LAN Isolation IGMP Proxy & Snooping for video streaming Firewall supports IP Filter, MAC Address Control, DoS/DDoS Protection and URL Content Filter

Vigor2700 Series High-integration with ADSL2+, g, VoIP and ISDN Wireless Security –WEP/WPA/WPA2 Encryption, MAC Address Control, Wireless LAN Isolation and Wireless VLAN WDS (Wireless Distribution System) and Wireless AP Discovery IGMP Proxy & Snooping for video streaming Multiple PVCs for triple-play application

Vigor2700 Series Two FXS ports with six SIP registrars support One PSTN/ISDN Loop-through Supplementary services support Call Hold, Call Waiting, Call Transfer, Call Forwarding, DND (Do Not Disturb), Hotline and T.38 QoS –Class-based bandwidth guarantee by user-defined traffic categories –4-level priority for each direction (Inbound/Outbound) –Assure bandwidth for own VoIP service

Vigor2700 Series Firewall supports IP Filter, MAC Address Control, DoS/DDoS Protection, Web/URL Content Filter and IM/P2P Blocking HTTPS and SSH secure management Two VPN tunnels for teleworker and LAN-to-LAN Automatic ISDN backup when ADSL2+ fails

Vigor2700 Product Line

Vigor2800 Series High-integration with ADSL2+, g, VoIP and ISDN 2nd WAN provides fail-over and policy-based load balancing SuperG TM provides up to 108Mbps data rate Wireless Security –WEP/WPA/WPA2 Encryption, MAC Address Control, Wireless LAN Isolation, Wireless VLAN and 802.1x Authentication WDS (Wireless Distribution System), Wireless AP Discovery and Rate Control support

Vigor2800 Series Two FXS ports with six SIP registrars support ISDN BRI interface for VoIP on-net/off-net calls Supplementary services –Call Hold, Call Waiting, Call Transfer, Call Forwarding, DND (Do Not Disturb), Hotline and T.38 QoS –Class-based bandwidth guarantee by user-defined traffic categories –4-level priority for each direction (Inbound/Outbound) –Assure bandwidth for own VoIP service

Vigor2800 Series Firewall supports IP Filter, MAC Address Control, DoS/DDoS Protection, Web/URL Content Filter and IM/P2P Blocking HTTPS and SSH secure management 32 VPN tunnels with hardware-based DES/3DES encryption One USB 1.1 host for USB printer Automatic ISDN backup when ADSL2+ fails

Vigor2800 Product Line

Comparison of ADSL2+ CPEs

MP Schedule

ADSL2+ CPE Roadmap Vigor 2800V/VG Vigor2800VGi Vigor 2800/G Q4 ‘05Q1 ‘06 Vigor 2800i/Gi Vigor 2700/G Vigor 2700e/Ge Q2 ‘06 Vigor 2700V/VG (2S) Vigor 2700V/VG (2S1L) Vigor 2700Gi/VGi (Annex B only)

Agenda Triple-Play Application DrayTek ADSL2+ Products DrayTek SDSL Products DrayTek SDSL Products DrayTek Dual-WAN Products RoHS New Features Update Centralized System Manager - VigorView UTM Solutions – VigorPro101 / VigorPro200

G.SHDSL Symmetrical high-data-rate DSL G.SHDSL will be a significant factor in the rapidly growing worldwide marketplace for business- class and residential SDSL. Offers data at 192Kbps to 2.3Mbps over a single pair

G.SHDSL - Application Replace old leased-line (E1/T1) solution

G.SHDSL - Application Enterprise Campus Building

Vigor3100 Series G.SHDSL security router Symmetrical data rates up-to 2.3 Mbps ( Vigor3100 with one pair ) and 4.6 Mbps ( Vigor3120 with two pairs ) Configurable CPE/CO for Back-to-Back Application QoS –Class-based bandwidth guarantee by user-defined traffic categories –4-level priority for each direction (Inbound/Outbound)

Vigor3100 Series Firewall supports IP Filter, MAC Address Control, DoS/DDoS Protection, Web/URL Content Filter and IM/P2P Blocking HTTPS and SSH secure management 32 VPN tunnels with hardware-based DES/3DES encryption One USB 1.1 host for USB printer

Vigor3100 Product Line

Agenda Triple-Play Application DrayTek ADSL2+ Products DrayTek SDSL Products DrayTek Dual-WAN Products DrayTek Dual-WAN Products RoHS New Features Update Centralized System Manager - VigorView UTM Solutions – VigorPro101 / VigorPro200

Dual-WAN Policy-Based Load-Balancing Dynamic / Static weighted round robin Fail-over Bandwidth On Demand (BOD) Will be available on Vigor2920 and Vigor2800 (2nd WAN)

Load-balance Policy Structurally similar to routing table but more complete

Weight Setting for Dual-WAN

Vigor2920 Series High-integration with g, VoIP and ISDN Dual-WAN provides fail-over and policy-based load balancing SuperG TM provides up to 108Mbps data rate Wireless Security –WEP/WPA/WPA2 Encryption, MAC Address Control, Wireless LAN Isolation, Wireless VLAN and 802.1x Authentication WDS (Wireless Distribution System), Wireless AP Discovery and Rate Control

Vigor2920 Series Two FXS ports with six SIP registrars ISDN BRI interface for VoIP on-net/off-net calls Supplementary services –Call Hold, Call Waiting, Call Transfer, Call Forwarding, DND (Do Not Disturb), Hotline and T.38 QoS –Class-based bandwidth guarantee by user-defined traffic categories –4-level priority for each direction (Inbound/Outbound) –Assure bandwidth for own VoIP service

Vigor2920 Series Firewall supports IP Filter, MAC Address Control, DoS/DDoS Protection, Web/URL Content Filter and IM/P2P Blocking HTTPS and SSH secure management 32 VPN tunnels with hardware-based DES/3DES encryption One USB 1.1 host for USB printer Automatic ISDN backup when WAN connection fails

Vigor2920 product Line Vigor2920 will be available in May

Comparison Between Vigor2900 & Vigor2920

Agenda Triple-Play Application DrayTek ADSL2+ Products DrayTek SDSL Products DrayTek Dual-WAN Products RoHS RoHS New Features Update Centralized System Manager – VigorView UTM Solutions – VigorPro101 / VigorPro200

RoHS Impact Vigor2500, Vigor2600 and Vigor2900 will be phase-out and replaced by Vigor2700, Vigor2800 and Vigor2920 Other products will be compliant before 1st of July

RoHS Compliance

Agenda Triple-Play Application DrayTek ADSL2+ Products DrayTek SDSL Products DrayTek Dual-WAN Products RoHS New Features Update New Features Update Centralized System Manager – VigorView UTM Solution – VigorPro101 / VigorPro200

New VPN Features NAT Traversal (NAT-T) Dead Peer Detection (DPD)

IPSec Pass-through NAT The IPSec tunnel might be not established when a NAT device between two peers

NAT Traversal (NAT-T) RFC-3947 and RFC-3948 propose a solution You could use DrayTek Smart VPN Client, but need to update your Windows XP/2000 (

NAT Traversal (NAT-T) The UDP port 500 need to be opened on firewall if VPN server behind it.

Dead Peer Detection (DPD) RFC-3706 standard Send HELLO/ACK message between two peers to keep IPSec tunnel alive Interoperability is better than old mechanism – Ping to Keepalive The IPSec tunnel will be re-established after six packets failure

Bandwidth Management Session Limitation –Limit the clients’ NAT session for Internet access Bandwidth Limitation –Control the Internet access bandwidth for clients

Session Limitation

Bandwidth Limitation

Bind IP to MAC Address A

ISDN On-net/Off-net ISDN BRI interface for VoIP on-net/off-net calls Support two VoIP calls in one ISDN-BRI concurrently

ISDN On-net Case 1

ISDN On-net Case 2

ISDN Off-net Case 1

ISDN Off-net Case 2

Agenda Triple-Play Application DrayTek ADSL2+ Products DrayTek SDSL Products DrayTek Dual-WAN Products RoHS New Features Update Centralized System Manager - VigorView Centralized System Manager - VigorView UTM Solutions – VigorPro101 / VigorPro200

Vigor View A web-based centralized management tool with hierarchical network Router management –Firmware upgrade –Configuration backup/restore –Configuration for multiple routers –Traffic monitor –Syslog server –Secure VigorView –VPN connection wizard –Auto-provisioning Server Log management

Requirement Hardware –Normal PC with Network Device –Vigor 2xxx, 3300 router OS –Linux or Windows XP/2000 Web Server –Apache 2.X or Apache 1.X PHP5 –Built in Sqlite support (database)

VPN Connection Wizard

Firmware Upgrade

Auto-Provisioning Automatically download configuration and upgrade firmware using HTTP protocol

Provisioning Server Provide the VoIP settings and firmware for device to provision

Syslog Use Telnet command “sys name” or Router Name on the Static/Dynamic IP of WUI to change router name

WUI Configuration Windows Modify the same setting for some routers

TUI Configuration Script Apply one script file to some routers # telnet script example # set system name sys name abc # set domain name sys domainname draytek.com

Router Status

Online Traffic

Traffic Graph

Schedule List

Secure VigorView

Management can be via VPN tunnel if router has VPN capability

Command Log

System Log

Agenda Triple-Play Application DrayTek ADSL2+ Products DrayTek SDSL Products DrayTek Dual-WAN Products RoHS New Features Update Centralized System Manager - VigorView UTM Solutions – VigorPro101 / VigorPro200 UTM Solutions – VigorPro101 / VigorPro200

UTM Unified Threat Management The unification of Firewall/VPN, Gateway, Anti- Virus, IDP… into a single platform Reduce Complexity –Integrated functionality, all-in-one Reduce management efforts –Separate device: independent logging and multiple GUI –Easy configuration & management –Easy troubleshooting

What VigorPro™ Provide All-in-one security firewall –Unified Anti-Virus, Anti-Intrusion, Firewall, VPN, … threat management Network-level protection –Block viruses at the point of network entry –Provide protection of all hosts inside network edge before threats intrude Hardware-based real-time response –CICP (Content Inspection Co-Processor) –MSSI™ (Multi-Stack Stateful Inspection) Paten pending inline scanning No proxy: high throughput, low latency

What VigorPro™ Provide Content-based protection –Scan all major network protocols –Scan POP3/SMTP/IMAP4 –Scan own VPN tunnel –Scan FTP –Scan HTTP –Scan ZIP/GZIP/BZIP2 Lower TCO( Total cost of Ownership) –All functionality can be managed remotely from HQ, no IT personnel required for branch office

MSSI MSSI™(Multi-Stack Stateful Inspection) –The patent-pending technology developed by DrayTek –Inline scanning –No proxy: scan on the fly, real-time response –Cross packets inspection –No file size limitation

victim Format Parser Stack Decoder Stack Decompression Stack

VigorPro200 Dual WAN Up to 2x 100/1000 DMZ Ports Up to 5x 100/1000 LAN Ports Anti-Virus Alert IDP Alert Super G Wireless LAN 1x 100/1000 Monitor Port

VigorPro101

Key Feature Comparison ModelVigorPro101VigorPro200eVigorPro200 AV/IDP v -- v VPN50200 LAN4FE5G WAN2FE DMZ222 WLANSuperG  11nSuperG NAT Session TBD20K

Desktop Enforcement DE is considered to be supported on VigorPro Force desktop/laptop inside network follow the security policy –AV software installation, get the most updated virus signature

VigorPro, D-SWAT and Service

D-SWAT The D rayTek S ecurity W arning and A nti-attack T eam Research –Hacking technique analysis –Virus sample collection & analysis –Exploit collection & analysis Service –Security portal website –Virus signature update –Security advisories –News letter  Training –Hacking Techniques –Incident handling

Step 1. End user purchases VigorPro100 From DrayTek’s reseller Step 2. Log on for registrationwww.vigorpro.com Step 3. Activate or extend AV/IDP services Service Flow: AV/IDP DrayTek Service portal Distributor/ reseller Internet Step 1 Step 2 Residential SOHO SMB users Step 3

visitor Product registration news alert subscription Service Activation/ Extension Registration User User profile update Virus/IDP signature download D-SWAT business hour tech support Product maintenance delete/reinstall/rename/transfer Submit virus to DT Lab D-SWAT online advisory New signature alert M ember of V igor P rotection

Product Registration Product serial number Product’s nick name Authentication code (MAC address)

Product Maintenance

Service Maintenance Product delete Product rename Product & service is transferred RMA, product is transferred

License Key Projection Type AB IDPDrayTek Anti-VirusDrayTek-- KL D-SWAT business hour technical support VV

Q&A