Teleworkers need VPN through DrayTek’s 2860 and 2860n routers
With companies striving to offer a work life balance for employees wherever possible, there is an increasing demand from staff requesting that they can work from home permanently or just from time to time. This means that they need to access the work systems just as they would if they were in the office. Similarly, sales staff and consultants also need to be able to access the systems in this way.
This can present a number of potential issues that need addressing before this becomes a feasible proposition for the employer.
Requirements
- a means of providing systems access to remote staff via the Internet;
- the Internet access must be highly secure in order to protect the company’s confidential data;
- the router must be able to connect via ADSL, VDSL (fibre) or Cable for future-proofing;
- the ability to prevent crippling viruses from entering the network and its systems;
- the ability to restrict access to sites by category and certain trigger words, stipulated by the head office;
- to be able to provide secure WiFi and Internet access to homeworkers’ family members, walling off the office systems;
- to be able to access the Internet for emailing purposes between colleagues;
- for home workers to be able to print out documents to their own printer and to the main office for colleagues’ use
All of the above needs can easily be met using DrayTek’s routers, deploying a 2860 firewall router at the head office and 2860n Triple WAN wireless routers in the staff’s homes. For the field workers who spend the majority of their time out on the road and at customers’ premises, a VPN software solution is available. The simplified set up would look like this:
There are many advantages of putting in place the solution depicted above with the Vigor 2860 and the Vigor 2860n wireless routers:
Excellent speed
No one wants the frustration of slow Internet use. With the 200Mbps firewall on board the Vigor 2860 and the wireless n version, together with six Gigabit Local Area Network (LAN) ports for fast internal data transfer, these routers won’t be lagging behind. They’ll cope very well with the demands of the day when your staff are sending/receiving various data across the Internet.
Head office link
The DrayTek 2860n features Virtual Private Networking (VPN) functionality. This is basically a secure way of ‘tunneling’ between the tele/field workers’ and the head office’s systems in a secure manner i.e without risk of external sources intercepting the confidential data – hence the term ‘Private’ network. This VPN functionality is core to the business, offering encryption and authentication between the VPN links for true peace of mind.
Once connected through this secure, encrypted, virtual tunnel, staff will be able to carry out file sharing and have seamless access to other resources and devices. For example, remote workers would even be able to print an updated document out at the head office for a colleague based there who needs it urgently for a meeting.
The Vigor 2860 allows you to set up as many as 32 simultaneous VPN tunnels to remote offices or teleworkers. The Vigor2860 supports all industry standard protocols, including encryption and authentication methods. Teleworkers can authenticate directly with your LDAP server if preferred.
Future-proofed
The DrayTek Vigor 2860 and the 2860n wireless routers have multiple ports for different connection types to the Wide Area Network, or ‘Internet’. It’s a ‘Triple WAN’ router. Having this functionality means that no matter where your staff currently live or move to in the future, you will be able to ship out and set up the very same router in any location, regardless of whether the Internet connection coming into the house is ADSL, VDSL (Fibre) or Cable. In effect, you’re future-proofing the staff’s connection into the office.
Failsafe connectivity
An added benefit of the DrayTek 2860 to this kind of business with external staff, is the automatic 3G/4G failover via its USB port. DrayTek provides a list of compatible USB dongles, so if you can receive a 3 or 4G signal in your area, plugging a dongle into the port and carrying out some minimal settings on the router’s configuration page, will enable the 3G/4G connectivity to come into play and take over from your normal ISP service in the event that it ever fails.
Failover is a priceless feature for businesses. You’ll want to be spending your time getting on with all the tasks you have to juggle that day, not worrying about Internet connectivity and having to get it fixed quickly if it goes down. We suggest that you check the DrayTek website or contact DrayTek support for a current up-to-date list of 3G/4G compatible dongles. Hopefully, your teleworkers broadband services are reliable most of the time. Even if you’ve never had a problem, allowing for one gives you and your staff the ability to rest assured that you will be able to cope seamlessly, should any connections drop.
Security
The firewall on board the DrayTek 2860 and the 2860n wireless routers protect against attacks including Denial of Service (DoS) attacks, IP-based attacks and access by unauthorized remote systems. Wireless, Ethernet and VPN are also protected by various protection systems. You may want certain grades of staff to have greater access to certain areas of the network and of course, to restrict the access to other staff members. The DrayTek Vigor 2860 now also allows selective direction firewall rules of LAN to WAN, WAN to LAN or LAN to VPN. In addition, QoS (Quality of Service Assurance) can now be selectively applied to specific users.
Wireless Security
The DrayTek Vigor 2860n provides several independent levels of security including encryption (up to WPA2), authentication (802.11x) and methods such as MAC address locking and DHCP fixing to restrict access to authorized users only. The Web interface lets you see how many and which clients are currently connected as well as their current bandwidth usage. An ‘instant’ block lets you disconnect a wireless user temporarily in case of query. The Wireless VLAN facility allows you to isolate wireless clients from each other or from the ‘wired’ LAN.
This DrayTek Vigor 2860n also allows guest access with password protection so that visitors can use your WiFi access, but only with a preset password which you set for them. When the user connects to your wireless LAN, they are firstly presented with your login screen before any Internet access is permitted. This is in addition to any encryption system you have running.
The Multiple SSID features enables you to have up to four distinct or common virtual wireless access points. For example, you could have one for company usage, with access to your company LAN and another for public access which allows internet surfing only. Setting up wireless security is made easier thanks to the WPS feature (WiFi protected setup) whereby your client PC can get it’s security keys by pressing a button on the front of the router.
Content filtering
The Content control features of the DrayTek Vigor 2860 and 2860n allow you to set restrictions on web site access, blocking download of certain file or data types, blocking specific web sites with whitelists or blacklists, blocking IM/P2P applications or other potentially harmful or wasteful content. Restrictions can be per user, per PC or universal. Using DrayTek’s GlobalView service, you can block whole categories of web sites (e.g. gambling, adult sites etc.), subject to an annual subscription to the Globalview service, which is continuously updated with new or changed site categorisations or sites which have become compromised (such as infected with Malware). A free 30-day trial is included with your new router.
Content filtering is a great asset to ensure that staff are neither able to put the company at risk through accidentally downloaded viruses, nor wasting company time by surfing online. There are lots of very practical variants of Content filtering and you can learn more about them by reading about the GlobalView license.