Multi WAN Gigabit VPN Gateway

CERIO DR-4000 is a high-performance, multi-functional Multi WAN Gigabit VPN Gateway. The features including network security, SPI(Stateful Packet Inspection)firewall protection, policy auditing (such as content filtering, VPN tunnel and MAC/IP filtering), captive portal login authentication and RADIUS authentication capabilities. Moreover, it supports multiple WAN ports, allowing users to perform load balancing or failover for enhanced network efficiency. It is designed specifically for organizations with multifunctional, high-efficiency, and comprehensive networking needs. Whether the company’s network architecture involves on-premises servers or outsourced cloud-based servers, the CERIO DR-4000 is an ideal VPN security gateway device solution for small to medium-sized enterprises seeking robust networking capabilities.

The CERIO VPN Gateway is highly suitable for deployment in environments that require high reliability, efficiency, security, and throughput, such as corporate offices, government agencies, and public venues. It features IP gateway routing functionality, authentication gateway, high availability (HA) redundancy, VPN functionality, multiple WAN ports, QoS bandwidth management, an integrated functional Radius server for authentication and firewall capabilities. Hotspot technology allows Internet providers to offer Internet access to customers, while applying certain Internet use rules and limitation. Whether for offices, hotels, airports, schools, or other commercial establishments, it allows real-time monitoring of each user’s online activity, including usage time, data sent/received, real-time accounting and more enabling administrators to conduct audits efficiently.

Strong hardware VPN engine
CERIO’s DR-4000 Multifunction VPN Gateway is an easy-to-use, flexible, high-performance device well suited for small businesses. It provides comprehensive data security and privacy for accessing and exchanging sensitive and confidential information, supporting multiple VPN protocols including IPSec, PPTP, L2TP over IPSec, and VPN P2P. With website filtering functionality, it offers safer, more flexible, and more robust network connectivity for small to medium-sized offices, branch offices, and remote employees. It is particularly well-suited for deployment in small to medium-sized enterprise network environments.

Multi-WAN Supported
It supports up to 3 WAN ports, providing automatic traffic balancing, bandwidth optimization, automatic failover mechanisms, and increased bandwidth capacity. Through multiple WAN ports, it offers real-time load balancing and optimal routing algorithms. For companies hosting their own web servers, one WAN port can handle external HTTP port 80, while the internal network uses a second WAN port. This setup provides a simple and secure network segregation. With real-time load balancing and Optimum Route algorithm, DR-4000 intelligent router engine directs each session or connection to the best available link. It also supports policy-based routing, persistent routing, and traffic scheduling to effectively adapt your business policy into your network policy.

Bandwidth Allocation and Management Mechanism
As broadband usage proliferates coupled with the alarming rise of file sharing trend, in certain cases, it is important to assign quota for user bandwidth consumption, particularly in the education institutions, hot spots, or in a community with shared Internet access provider subsystem. DR-4000 supports two different quota mechanisms: prepaid and periodical, in order to meet different real-life business needs. The quota system can also be integrated with external accounting and billing systems. By traffic setting size and filtering mechanism, DR-4000 optimizes bandwidth utilization and ensures the best transmission quality for the transfer of mission-critical data. The bandwidth management mechanism includes limiting allocation based on IP sessions, as well as providing individual and specific IP range-based controls. It encompasses appropriate upstream and downstream bandwidth control for SIP/RSTP/RTP/Web modes, ensuring smooth network performance overall.

Excellent Protective Capability
The DR-4000 has a built-in SPI (Stateful Packet Inspection) firewall and supports specific Layer-7 protocols such as VoIP protocols (H.323 and SIP), video conferencing, and various IM protocols. In terms of content filtering, it supports IP/MAC filtering and can filter or scan through Layer-7 application layers. It has a built-in policy-based DoS/DDoS firewall protection, offering efficient and comprehensive protection against hacker attacks, thus enhancing network security.

Multiple Authentication Methods
It offers multiple authentication methods to meet the needs of various enterprises. The web authentication feature supports remote RADIUS servers, local accounts, third-party OAuth 2.0 (ex. Google, Facebook login), POP3 servers, LDAP (AD) account authentication, remote MAC batch authentication, and guest access. It also supports web authentication Captive Portal, providing diverse authentication methods to meet the requirements of numerous users.

Account and Password Voucher Control Output Functionality.
By purchasing the SP-800-PRINTER (optional) account voucher printer POS system (network control server + thermal printer), you can quickly select and print account and password vouchers for authenticated personnel using a controller. This feature is a great benefit for both the image and network security of the company, especially for one-time visitors.

Time Scheduling
The built-in time policy supports daily scheduling with up to 300 detailed time slot rules. These rules can be applied to advanced features, including timed activation of IP/MAC filtering and virtual server access control based on open ports, enabling time-based restrictions for allowing or disallowing access. For example, if the mail server’s port 25 is targeted by bots resulting in prolonged IP lockouts and continuous malicious attempts to log in. Therefore, use this function to make necessary port arrangements and allow multiple changes in the access interval to reduce daily malicious attacks and the possibility of IP paralysis

Ping Watchdog
Supports Ping Watchdog for automatic monitoring and can be configured for repeated reboots to ensure operation. Administrators don’t need to worry about network crashes, and it also supports Auto Reboot by scheduling. Administrators can set to automatically reboot daily, weekly, or monthly as per their requirements.

Supports Wake-on-LAN function to wake up specified network members based on their MAC addresses. Administrators can schedule automatic wake-up for these devices daily, weekly, or monthly according to their needs.

Wired and Wireless Seamless Compatibility
It supports deploying wireless access points and is compatible with any wireless access point. By utilizing the DR-4000, both wired switch users and wireless AP users can seamlessly establish a secure authentication login environment.

Supports DC In and PoE In
In addition to providing DC In power input, it also supports PoE input allowing the device to receive both network data and power signals through a UTP cable. This meets the needs of long-distance cabling, eliminating the need for traditional power outlets and simplifying the construction of your network environment.

Hardware Overview


Software Specifications

    Authentication Control Max : 250 clients per Controller.
Provide Local Account : 2000.
  Bandwidth Managermant IEEE802.11p Class of Service/Quality of Service (CoS /QoS)
IEEE802.11e Wi-Fi Multimedia (WMM).
Differv Codpoint (DSCP)
Traffic Analysis and Statistics.
IEEE 802.1Q Tag VLAN priority control.
IGMP Snooping for efficient multicast delivery.
Upload and Download Traffic Management.
IP-based Bandwidth Limit.
Session Limit Per IP
 Authentication Authentication: single sign-on (SSO) client with authentication integrated into the local authentication environment through   local/domain,      LDAP(AD), PoP3, RADIUS, 802.1x and Guest.
Authentication Type.
RFC2865 RADIUS Authentication.
RFC3579 RADIUS Support for EAP.
RFC3748 Extensible Authentication Protocol.
MAC Adress authentication.
Web-based captive portal authentication.
    Hotspot functions Provides billing plans for pre-setting / on-demand function.
Enables session expiration control for On-demand accounts by time (Hours) and data volume (MB)
Detailed per-user traffic history based on time and data volume for both local and on-demand accounts.
Support local on-demand and external RADIUS server.
Contain 10 configurable billing plans for on-demand accounts.
Provide session expiration control for on-demand accounts.
Support automatic email network traffic history
    Load Balancing WAN port bandwidth load balancing.
Outbound redundancy.
Outbound load balancing.
Bandwidth management by traffic, either individually or across different networks.
WAN connection detection.
    VPN  IPSec ( LAN to LAN and Client to LAN )
PPTP ( PPTP Server with client )
L2TP over IPSec ( L2TP Server over IPSec with client )
VPN P2P ( VPN Server with peer )
IPsec Encryption : AES128,AES192,AES256,3DES.
PPTP Encryption : MPPE40,MPPE128.
VPN P2P Encryption : Blowflash,AES,3DES and RSA certificate public key.
Ipsec Authentication: MD5,SHA1, SHA2-256.
IKE Authentication : Pre-Shared Key.
    Firewall Built-in DoS Attack Defense.
Layer 7 Protocol Blocking.
Supports packet filtering, MAC filtering and IP filtering.
Access Control List : : TCP、UDP、IMCP、Content Filter、Domain Filter、IP P2P、IM.
    Network Support static IP, Dynamic IP (DHCP Client), PPPoE and PPTP on WAN connection.
Supports a total of 16 VLANs, with each VLAN service area having its own DHCP server. It supports multiple DHCP networks. The DHCP      server includes DHCP Relay, Bind-IP-MAC, and DDNS server.
Routing protocols : Static Route、OSPF、RIP、Distribute OSPF over RIP、Distribute RIP over OSPF.
802.1q VLAN Tagging, with support for configuring up to 4096 VLAN Tags.
    System Management Support HA (High Availability) backup function.
SNMP v2c, v3 and SNMP Trap etc.
System Log: System Event Log
Supports RTC (Real Time Clock) time memory and NTP server time synchronization
Administrative Access : HTTP, HTTPS, Telnet, SSH.
Remote firmware upgrade (via Web), configuration file import and export functionality.
Supports Auto Reboot and Wake on LAN (WOL) automatic network wake-up.
    Log Local System Log.
Session Log.
Authentication Log
    Operation Mode Router Mode
Supports as a single WAN router or with multi-WAN load balancing, supporting up to 3 WANs.
Captive Portal Mode
When switching to Captive Portal mode, the authentication mechanism remains the same as for hotspot authentication. (In this mode without Router function)
Standards & Hardware Specifications
CPU Clock Speed Quad-core 1.2Ghz CPU
Ethernet Configuration 4 Gigabit Ethernet Port , support 3 type WAN Mode :
Reset Button Reset to the factory default
LED Indicators PWR*1
ETH 1 (PoE In)*1
ETH 2 (PoE In)*1
ETH 3*1
ETH 4*1
VPN & Network Specifications
Operation Mode Router Mode
Captive Portal Mode
NAT Throughput Max. 930Mbps
VPN Throughput Max. 60Mbps on IPsec
VPN Tunnels (LAN to LAN) Max. 20
VPN Tunnels (LAN to Client) Max. 60
NAT Session Max.100,000
Routing Protocol Static Route / Open Shortest Path First (OSPF) &
Routing Information Protocol (RIP)
Load Balancing IP based, Session based
Environmental & Mechanical Characteristics
Operating Temperature 0 °C ~ 40 °C
Storage Temperature -40 °C ~ 75°C
Operating Humidity 10% – 90% Non-Condensing
Storage Humidity 5% – 90% Non-Condensing
Form Factor Desktop, 19-inch rack installation
Power Consumption 14Watt (Standby)
Power Requirement 802.3at 52~57V PoE In or DC Jack 12~56 VDC In
Dimensions ( W x H x D ) 250 x 172 x 44mm
Weight(kg) 1.17kg
Case of Material Metal case
Production Location TW
Certifications FCC, CE, RoHS Compliant
Package Contents
Contents DR-4000 Main Unit
Ethernet cable
Power Adapter
19” Rack Mount Brackets
Warranty Card