IT Pro Verdict
Pros
- +
Combines UTM and router functions
- +
Heaps of failover options
- +
Highly configurable
Cons
- -
Default URL filtering is disappointing
DrayTek’s security routers feature all the key UTM functions, but one thing that distinguishes them is their keen focus on WAN redundancy. The idea is to ensure that your office can carry on working even if the main internet link goes down, and to that end, the Vigor 2927Lac sports two separate Gigabit WAN connectors, an integrated 4G LTE modem with dual SIM slots and a USB 2 port that will take an additional 4G modem as a further fallback.
You can even safeguard against the possibility of the hardware itself failing by deploying a pair of units in high-availability mode. In this configuration, the routers share a virtual IP address and can be set to hot-standby mode when sharing an internet connection, or active-standby if each has its own link.
On the client side, you get five Gigabit Ethernet connectors (with the second WAN connector optionally serving as a sixth LAN port) and dual-band 802.11ac wireless, rated at 866Mbits/sec on the 5GHz band and 400Mbits/sec over 2.4GHz. Four SSIDs are supported per radio, each with its own security scheme and availability schedule. As the Vigor 2927Lac runs the Central AP Management (CAM) service, it can discover and provision up to 20 DrayTek wireless APs, and a future firmware upgrade promises to let the router act as the root node in a mesh Wi-Fi network.
For remote users, the price also includes support for 50 IPsec VPN tunnels, plus 25 SSL VPNs – and a new feature is the option to create up to 16 hardware-accelerated IPsec VPNs.
Installation is a piece of cake. The web console provides a quick-start wizard to walk you through changing the default administrative password and configuring basic internet access. Redundancy settings are almost as easy to configure: any number of the various WAN connections can be set to backup mode, which means they will be automatically brought online when the primary link fails or if its traffic exceeds specific thresholds. Or you can set all links as active and let the router’s load-balancing function automatically distribute traffic across them.
The firewall is enabled by default, with a strict security policy that can be customised with rules and filters that specify connection directions, source and destination addresses, protocols and block or pass actions. Similar rules can also be used to enforce application controls, URL filtering and web-content filtering.
IT Pro 20/20: Meet the companies leaving the office for good
The 15th issue of IT Pro 20/20 looks at the nature of operating a business in 2021
Application controls are enabled once you register your MyVigor account and DrayTek provides a list of 154 apps and protocols that can be controlled. Supported services include Facebook, WhatsApp and LinkedIn, but Twitter is missing.
When it comes to wireless, it’s good to see that the router arrives in a secure state, with the default networks using a strong password that’s printed on the base of the unit. Wizards are provided to help you set up your own SSIDs, provision guest access and present a hotspot web portal that supports a range of login methods, including social network providers and a unique PIN sent via email or SMS.
One thing that might initially turn you off the Vigor 2927Lac is its built-in URL-filtering feature, which relies on simple keywords and is frankly far too basic for business use. However, for around £21 a year you can add the far superior Cyren GlobalView service, which supports up to eight profiles and recognises 65 categories of site.
The Vigor 2927Lac isn’t the most feature-packed security appliance, but it has the fundamentals sewn up along with convenient Wi-Fi support for an affordable price – and if you’re looking for WAN redundancy, you won’t do better.
DrayTek Vigor 2927Lac specifications
Band support | Dual-band 802.11ac Wi-Fi |
Radios | 2 x LTE aerials, 2 x wireless aerials |
Ports | 7 x Gigabit Ethernet (WAN, WAN2/LAN, 5 x LAN), USB 2 |
Additional features | Dual-slot 4G LTE modem |
Dimensions (WDH) | 241 x 165 x 33mm |
Weight | 440g |
Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.
Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.