DrayTek DV2767 UFB/VDSL Router, 1x 2.5GbE WAN/LAN port, 3x GbE LAN ports, Firewall, CSM, QoS, 16 x VPN tunnels, Supports VigorACS 3 and Sentry

The Vigor2767 series supports VDSL2 35b (Supervectoring) connections, and one of its four Gigabit Ethernet LAN ports can be configured as a 2.5GbE WAN/LAN interface, enabling connectivity to any Ethernet-based broadband service.

With both integrated xDSL and a high-speed 2.5GbE Ethernet WAN port, the Vigor2767 series is compatible with all major internet technologies, including FTTP, FTTC, FTTB/N, HFC, Satellite, and Fixed Wireless services deployed by nbn™ in Australia and UFB in New Zealand.

Designed for both domestic and SMB environments, the router incorporates advanced security and networking features such as an object-oriented SPI Firewall, Content Security Management (CSM), URL/IP Reputation filtering, Port Knocking, support for up to 16 VPN tunnels, and dual USB ports for 4G LTE mobile broadband backup, printer sharing, or network storage.

• Ready to connect to UFB NTD (Network Termination Device)
• 1 x configurable 2.5 GbE WAN/LAN port (P1)
• 3 x Gigabit LAN ports with 50,000 NAT sessions
• 1 x VDSL2 35b/ADSL2+ WAN port
• 35b Supervectoring VDSL2
• NAT throughput with Hardware Acceleration over 2.3 Gbps
• IPsec VPN throughput up to 390 Mbps (AES 256 bits)
• Object-based SPI Firewall, Content Security Management (CSM), URL/IP Reputation and Port Knocking
• IAM (Identity and Access Management) to enhance security management and user experience
• IPv6 & IPv4
• 16 x VPN tunnels, including IPsec, OpenVPN, and WireGuard, with EasyVPN features that simplify VPN setup for effortless connectivity
• 2 x USB ports for 4G Backup, FTP server, network printer or thermometer
• Virtual Switch Controller to manage up to 5 VigorSwitches
• Supports VigorACS 3 Central Management Software for remote management

Key Features

2.5GbE
Provides higher performance to Wi-Fi 6 AP and other Ethernet devices.

35b Supervectoring Modem
Integrated VDSL modem with 35b Supervectoring compatibility and VDSL2/ADSL2+ fallback.

Bandwidth Management
Prevent one device using all the bandwidth by bandwidth limit policy, session limit policy, and QoS settings.

DrayDDNS
Free DDNS service to access the router using a fixed hostname of your choice. 

VPN (Virtual Private Network)
Build a secure and private tunnel from the LAN of the Vigor2767 Series to remote offices and teleworkers over the Internet. 

EasyVPN
Secure VPN in Seconds: No Keys, No Configs, Just Login.

Port Knocking
Add a stealth security layer to protect ports from unauthorized access.

Firewall & Content Filter
Filter web pages by URL keywords or web category to block access to insecure or inappropriate content.

URL/IP Reputation
Improve network security by classifying URLs and IPs to control web access and protect against online threats. 

IAM
A solution that manages digital identities, authentication, and access control to ensure the right users or groups have appropriate access to critical resources. 

Virtual AP/Switch controller
All-in-one management platform for Vigor2767 Series to maintain and monitor the VigorAPs and VigorSwitches.

NAT & Routing Performance
With hardware acceleration, Vigor2767 Series delivers up to 2.3 Gbps aggregate NAT throughput, meeting the demands of business-critical applications while keeping VoIP traffic as the top priority. Additionally, a single 1GbE client can reach up to 950 Mbps, and VDSL2 35b provides up to 300 Mbps to LAN.

Effortless and Secure VPN Access with EasyVPN
Setting up a VPN can often be complex, involving protocol selection, manual configurations, and troubleshooting, especially for non-technical users. While Vigor routers support advanced VPN protocols such as IPsec, WireGuard, and OpenVPN, traditional setup methods can be time-consuming and daunting.

EasyVPN simplifies this process by offering a streamlined, hassle-free solution for secure remote connectivity. With EasyVPN, users can quickly establish encrypted connections without the need to:

• Manually generate WireGuard keys
• Import OpenVPN configuration files
• Upload certificates

By automating these steps, EasyVPN delivers a fast, secure, and intuitive VPN experience, perfect for businesses and users who want robust protection without the technical complexity.

Stealth Security Protection with Port Knocking
DrayTek’s Port Knocking technology adds an advanced stealth security layer by keeping critical network services completely invisible to unauthorised users. Instead of exposing management ports or VPN services to the public internet, Port Knocking requires a predefined “knock” sequence before access is granted, ensuring that only trusted users can discover and use these services.

By integrating three powerful functions, Port Knocking provides robust protection against port scanning, brute-force attacks, and unauthorised access.

Port Redirection

Conceal real service ports from the public internet
Redirect unauthorised requests to non-existent services to prevent detection

Secure Router Management Access

Allow router management access only after a successful knock sequence or through a secure internal server
Completely eliminate direct exposure of the management interface to the open internet

VPN Service Control (WAN Binding)

Keep VPN services invisible until the correct knock sequence is received
Bind VPN availability to specific WAN interfaces and authorised IP addresses

How It Works

• By default, all protected ports remain closed and undetectable
• After the correct knock sequence is received, selected ports open temporarily for authorised access
• Once the configured time window expires, services automatically return to hidden mode
• With DrayTek Port Knocking, your network operates in stealth mode, invisible to attackers yet instantly accessible to authorised administrators and remote users. It is the ideal solution for organisations that demand high-level security without compromising accessibility.

URL Reputation
URL Reputation is a cloud-based threat intelligence service that adds an extra layer of security to protect LAN clients during their online activities.

With a total of 82 content categories, including 10 security-focused ones, it provides comprehensive and up-to-date protection for both home and business networks.

These categories cover a wide range of areas—from malware, spyware, and adware, to parental controls, business productivity, and social networking—helping to create a safer online environment, enhance employee productivity, and support efficient bandwidth management.

IP Reputation
Every internet communication involves source and destination IP addresses. Cybercriminals often exploit known malicious IPs to launch attacks using various techniques, including:

• Botnets
• TOR nodes and anonymous proxies
• Command-and-Control (C2) servers
• Phishing servers
• Distributed Denial of Service (DDoS) attacks

IP Reputation helps identify and block traffic from these high-risk IP addresses, adding an essential layer of network protection against cyber threats.

Blocking communication with malicious IP addresses is critical for network security. However, relying on static blocklists is no longer effective, as they lack the real-time, predictive intelligence needed to combat evolving threats. The IP Reputation Service addresses this challenge by delivering dynamic, real-time scoring and classification of IP addresses. It enables the automatic blocking of:

• High-risk traffic
• Suspicious proxies
• Malware distributors
• IPs associated with recent malicious activity

The system evaluates IPs based on multiple factors, including infection history, protocol behaviour, and attack frequency. Each IP is assigned a reputation score, which determines whether it should be trusted, monitored, or blocked, ensuring proactive and intelligent network protection.

IAM (Identity and Access Management) 
The Vigor2767 Series, powered by the new DrayOS 5, is fully Zero Trust ready!

IAM (Identity and Access Management) is a cybersecurity system that controls user access by managing digital identities, authentication, and authorisation, to ensure correct access to network resources such as applications and devices.

With processes including identifying, authenticating, authorising users or groups, and assigning appropriate levels of access, IAM enhances both security management and the user experience and plays an important role in cloud-based services.

The IAM solution from Vigor2767 is Zero Trust Ready, and allows you to grant and categorize user privileges, create and manage access policies, and define large-scale group policies that integrate multiple filtering rules and traffic-shaping settings.

Users & Groups

•  User accounts and user groups allow flexible access level control.
•  Existing external authentication server is supported.
•  User and MFA protection can be easily configured.

Access Policies
System administrators can create access policies for the local users in this tab. The access policies can be configured based on:

• MAC address filter list
• The allowed / blocked user list
• The login sessions lifetime

Access policies can be combined to create a robust security framework for your system.

Group Policies
Group policies can be configured for predefined local resources such as employees, workstations, network printers, and local servers. Network Firewall and traffic shaping policies can be configured to enhance network security and optimise traffic flows.

Conditional Access Policy
Conditional access policies can be configured to request users to provide multiple forms of authentication before granting appropriate access to a resource.

• Specify a period for the user to re-authenticate
• Restrict access to specific source IP addresses or ranges of IP addresses
• Specify VLAN-based access level in your conditional policies
• Set up time schedules when users are allowed to log-in

Resources Tab
Configure local resources such as IP and Mac addresses for workstations, network printers, PBX systems, NVR systems, servers, etc.

Backup and Restore
Backup or restore router settings such as Users and Groups, Access and Group Policies, etc. A Password protection can be applied before backup or restore.

Central Switch Manager (SWM)
The Central Switch Manager (SWM) provides a comprehensive solution for simplifying network administration. It automatically detects and manages all compatible VigorSwitches from a single, centralised interface, eliminating the need to configure each device individually. Administrators can efficiently push configurations to multiple switches and monitor their real-time status to ensure network stability.

SWM also streamlines advanced management tasks, allowing easy implementation of VLAN segmentation and Quality of Service (QoS) policies. This consolidated approach reduces maintenance time and boosts the overall efficiency and reliability of your network infrastructure

SWM

The Vigor2767 Series can function as a master controller, managing and monitoring up to 5 switches. It also provides full visibility into powered devices (PDs) connected behind the switches, such as IP cameras and access points.

Device Management

Monitor the status, firmware version, and uptime of all managed switches in real time.

Port Profile

Create multiple port profiles to easily configure PoE, VLAN, QoS, and other settings across selected switches.

Maintenance

Easily perform configuration backups and restores, remote reboots, or factory resets.

• Software Management – VigorACS 3
• Zero Touch Deployment & Provisioning
• Auto VPN
• Interface Quality & SLA
• VoIP Optimization & Monitoring
• Application Visibility
• Application Based SD-WAN Policy
• Customized Hotspot Page with Multilingual
• Hotspot Clients Analytics
• ACS Server Load Balancing / Failover

Quick Spec