Security Appliances | Product Information

Secure VPN Router

AR2050V
Allied Telesis Secure Virtual Private Network (VPN) Routers
are the ideal secure gateway for modern businesses. Powerful
VPN functionality is combined with comprehensive routing and
switching, providing an innovative high performance solution
that is easy to use and very secure.

As businesses adapt to faster paced operations, with leading edge equipment. Powerful multicasting features
increasing amounts of data, and the need to access company support streaming video and voice traffic in modern
resources from outside the office, the demand for high converged networks.
performance VPN connectivity becomes more urgent.
High availability
The AR2050V features comprehensive security and advanced When online connectivity is critical, the AR2050V has a
networking capabilities, meeting the demands of distributed bypass port to allow a link to another device as a passive
businesses that require multi-site VPNs. backup. Automated failover immediately transmits
Internet-bound traffic to the backup device, to maximize the
Application-aware firewall availability of external connectivity, and ensure no loss of
The firewall on the AR2050V inspects every packet passing business productivity.
through it, and uses a built-in application list, so different
applications can be managed in line with business security Easy to manage
and acceptable use policies. Allied Telesis Secure VPN The AR2050V runs the advanced AlliedWare Plus™ fully
Routers are the ideal solution for enterprise and branch featured operating system, with an industry standard CLI.
offices requiring secure online connectivity. The Graphical User Interface (GUI) provides a dashboard for
monitoring, showing traffic throughput, security status, and
High performance application use at a glance. Configuration of security zones,
Harnessing the power of multi-core processors and hardware networks and hosts, and rules to limit and manage traffic,
acceleration engines guarantees high performance, by
provides a consistent approach to policy management.
dramatically increasing throughput and enabling sustained
low latency traffic inspection. Wireless LAN management
Performance
The AR2050V features Allied Telesis Autonomous Wave
Controller (AWC), which is an intelligent, easy-to-use Wireless
Firewall throughput 750 Mbps
LAN controller that automatically maintains the optimal
Concurrent sessions 100,000 wireless coverage. Vista Manager mini is part of the Device
New sessions per second 3,600 GUI, and enables easy visual setup, management, and
IPS throughput 200 Mbps
monitoring of AWC wireless access points. A network map
that includes floor maps and wireless coverage heat maps
VPN throughput 400 Mbps
enables simplified deployment and monitoring.

Secure Remote VPNs

The AR2050V supports IPSec site-to-site VPN connectivity
to connect one or more branch offices to a central office,
providing employees company-wide with consistent access
to the corporate network. Multipoint VPN enables a single
VPN to connect the central office to multiple branch offices.

Remote workers can utilize an SSL VPN connection to

encrypt their business data over the Internet, allowing them to
utilize all their business resources when working from home,
travelling, or otherwise away from the company premises.

Comprehensive routing support

The security features of the AR2050V are complemented by
advanced routing and switching capability. Full IPv6 routing
and protocol implementation ensures today’s networks are
fully connectable, both internally and externally with other

617-000572 RevZE
AR2050V | Secure VPN Router

FIREWALL ENGINE

Application-aware All traffic passing through the firewall is inspected, so different applications can be managed in line with business policies.

Protection against Denial of Service (DoS) attacks, which are designed to consume resources and therefore deny users
DoS attack protection
network and application access.
Intrusion Detection and Prevention Sys- IDS/IPS provides monitoring, analysis and logging of suspicious events that occur on a network. It can also perform a
tem (IDS/IPS) variety of actions to prevent attacks.

URL filtering Enables HTTP or HTTPS access to particular websites to be allowed (whitelist) or blocked (blacklist) with user-defined lists.

VIRTUAL PRIVATE NETWORKING (VPN)

IPSec VPN for site-to-site and multi-site High-performance IPSec VPN allows the Allied Telesis UTM Firewalls to act as a VPN concentrator for other large sites, branch
connectivity offices or home offices. Multipoint VPN uses a single VPN to connect a head office to multiple branch offices.
The OpenVPN® client allows easy access to corporate digital resources when away from the office. Secure ways to login include
LDAP authentication and two-factor authentication, with options to use a code, certificates, or a one time password (OTP) via
SSL/TLS VPN for secure remote access email. The TLS version for OpenVPN connections can be specified to encourage use of the latest and most secure version, and
TLS Crypt provides ultimate security, with symmetric encryption including the key exchange for protection against TLS DoS
attacks.
VPN pass-through Pass-through enables VPN clients to make outbound connections using L2TP, PPTP or IPsec.
Primary and secondary VPNs can be configured when using multiple WAN connections, for seamless failover of VPN connec-
Redundant VPN gateway
tivity to a remote site.
Dynamic routing over VPN links ensures no loss of connectivity, as traffic is routed through an alternate link in the event of a
Dynamic routing through VPN tunnels
tunnel failure.

RESILIENCY
The bypass port allows a backup link to be formed to another device, to act as a passive backup. In the event of a power failure,
High availability bypass port
the WAN traffic is immediately transmitted to the backup device for automatic failover of the WAN connection.
The AR2050V supports event-based triggers to automatically change VRRP mastership if a bypass port is activated. This simpli-
VRRP triggers for bypass port failover
fies WAN failover and reduces disruption to other network devices.

QUALITY OF SERVICE (QOS)

Traffic control allows the amount of bandwidth to be restricted for different traffic classes. RED curves can be defined to predict-
Traffic control
ably drop traffic if congestion occurs.
Protect your business-critical traffic by limiting the bandwidth available to non-essential traffic. During peak times, non-essential
Bandwidth management
traffic is limited, allowing critical traffic to flow freely.

NETWORKING
A 3G/4G/LTE USB modem offers an additional secure IPv4 or IPv6 data connection for critical services, which can automatically
3G/4G/LTE USB modem1
switch to a mobile network whenever a primary data connection becomes unavailable.

Layer 2 Tunnelling Protocol (L2TP) L2TP provides site-to-site connectivity, which can also be protected by IPSec encryption.

IPv6 support Full support for IPv6 routing, multicasting and security is provided.

IPv6 transition technologies DS (Dual Stack) Lite, Lightweight 4over6, and MAP-E support connecting IPv4 networks over an IPv6 Internet connection.

AMF-WAN enables users to measure the quality of their WAN links and send real-time and other applications over the most suit-
AMF-WAN (Allied Telesis SD-WAN) able connection. Users can also load-balance an application over multiple WAN links, prioritize the delivery of business-critical
applications, and send traffic directly to Cloud-based services from the branch office.
Policy-based routing enables traffic forwarding decisions to be based on where the traffic is coming from, rather than where it is
Policy-based routing
going to.
Autonomous Management Framework Plus AMF Plus enables new devices to be pre-provisioned for zero-touch deployment. This simplifies installation, guarantees consis-
(AMF Plus) tent configuration, and reduces setup time and cost.

AMF Plus backup/recovery As an AMF Plus member, the AR2050V is automatically backed up, and can be recovered with plug-and-play simplicity.

Flexible deployment options The AR2050V can be deployed in traditional NAT, Layer 2 Bridge, Wire Mode and Network Tap modes.

Virtual Routing and Forwarding (VRF-Lite) allows multiple routing tables. As the routing instances are independant, the same
VRF-Lite or overlapping IPv4 addresses can be used. The built-in DHCP Server on the firewall is VRF aware, enabling the supply of IP
addresses to clients across multiple isolated networks.

For a list of supported USB modems, please refer to the Allied Telesis USB Modem Compatibility List
1

2 | AR2050V
AR2050V | Secure VPN Router

Key solution

Branch office
Home
worker

AR
20
50
V
Head office
Internet

AR
20
50
V
Branch office

Remote
AR

worker
20
50
V

SSL VPN
IPSec VPN Branch office

Multi-site VPN connectivity Automated network management

Allied Telesis Secure VPN Routers are the ideal integrated In addition to protecting and connecting modern networks,
security platform for modern businesses. The powerful the AR2050V is fully supported by AMF Plus.
combination of VPN connectivity, secure remote access,
and routing and switching, provides a single platform to Autonomous Management Framework Plus (AMF Plus) is
connect and protect corporate data. a sophisticated suite of management tools that automate
and simplify many day-to-day network administration tasks.
This example shows how the AR2050V can provide multi- Powerful features like centralized management, auto-
site connectivity back to a head office. IPSec VPNs to an backup, auto-upgrade, auto-provisioning and auto-recovery
Allied Telesis Unified Threat Management (UTM) Firewall ensure streamlined networking. Growing the network can
ensure that all staff have full access to digital resources. be accomplished with plug-and-play simplicity, and network
SSL VPN access provides secure access for workers when node recovery is fully zero-touch.
travelling, at home, or otherwise away from the office.
As part of an AMF Plus network, along with all of the network
switches, the UTM Firewall and VPN Routers are automatically
backed up, ensuring seamless recovery if required.

AR2050V | 3
AR2050V | Secure VPN Router

Key Solution

Autonomous Wireless LAN solution unscreened electrical equipment, changes to office layout,
Allied Telesis AWC offers solutions for two of the most or neighbouring wireless networks.
common problems with Wireless LANs: initial setup
complexity and on-going performance degradation. Initial When AWC is combined with the security features of the
WLAN set-up usually requires a site survey to achieve the AR2050V, it becomes an ideal solution for branch offices
best coverage; and performance of WLANs can often and small businesses to both protect and manage the
change over time as external sources of radio interference office network. AWC is an essential tool for busy network
reduce coverage and bandwidth. These issues can be time- administrators to save time and money when deploying and
consuming to identify and resolve. managing WLANs.

The auto-setup option simplifies wireless deployment When using the Device GUI, a network map shows wired
by creating wireless profiles and associating discovered and wireless devices, including floor maps and wireless
Access Points (APs) with them automatically. coverage heat maps.

AWC features an intelligent process that automatically Up to 5 TQ or MWS Series wireless APs can be managed
re-calibrates the signal strength and radio channel of each using the built-in AWC functionality.
Access Point (AP) for optimal WLAN performance. This Note: For larger Wireless networks, Allied Telesis AR4050S UTM Firewall can
re-calibration is performed daily based on measurements manage a further 20 APs (25 max) with a feature license.
taken from each AP to compensate for interference such as

4 | AR2050V
AR2050V | Secure VPN Router

Features ‫ ۼ‬Comprehensive SNMPv2c/v3 support for standards-based device management

‫ ۼ‬Event-based triggers allow user-defined scripts to be executed upon selected
Firewall system events
‫ ۼ‬Multi zone firewall with a built-in application list ‫ ۼ‬Comprehensive logging to local memory and syslog
‫ ۼ‬Application Layer Gateway (ALG) for FTP, SIP and H.323 ‫ ۼ‬Console management port on the front panel for ease of access
‫ ۼ‬Bandwidth limiting control ‫ ۼ‬USB interface allows software release files, configurations and other files to be
‫ ۼ‬Firewall session limiting per user or entity (zone, network, host) stored for backup and distribution to other devices
‫ ۼ‬Bridging between LAN and WAN interfaces
Resiliency
‫ ۼ‬Intrusion Detection and Prevention System (IDS/IPS)
‫ ۼ‬Policy-based storm protection
‫ ۼ‬User-defined URL blacklists and whitelists (block or allow HTTP and HTTPS
‫ ۼ‬Link Aggregation Control Protocol (LACP) on LAN ports
access to specific Websites)
‫ ۼ‬Spanning Tree Protocol (STP, RSTP) with root guard
‫ ۼ‬DoS and DDoS attack detection and protection
‫ ۼ‬Virtual Router Redundancy Protocol (VRRPv2/v3)
‫ ۼ‬Maximum and guaranteed bandwidth control
‫ ۼ‬Static NAT (port forwarding), double NAT and subnet-based NAT
Diagnostic Tools
‫ ۼ‬Masquerading (outbound NAT) ‫ ۼ‬Automatic link flap detection and port shutdown
‫ ۼ‬Enhanced NAT (static and dynamic) ‫ ۼ‬Optical Digital Diagnostic Monitoring (DDM)
‫ ۼ‬Security for IPv6 traffic ‫ ۼ‬Ping polling for IPv4 and IPv6
‫ ۼ‬Port mirroring
Networking
‫ ۼ‬TraceRoute for IPv4 and IPv6
‫ ۼ‬Routing mode / bridging mode / mixed mode
‫ ۼ‬Static unicast and multicast routing for IPv4 and IPv6
Authentication
‫ ۼ‬DS-Lite, Lightweight 4over6, and MAP-E for connecting IPv4 networks over IPv6 ‫ ۼ‬TACACS+ Authentication, Accounting and Authorization (AAA)
‫ ۼ‬Dynamic routing (RIP, OSPF and BGP) for IPv4 and IPv6 ‫ ۼ‬RADIUS authentication and accounting
‫ ۼ‬Flow-based Equal Cost Multi Path (ECMP) routing ‫ ۼ‬Local or server-based RADIUS user database
‫ ۼ‬Dynamic multicasting support by IGMP and PIM ‫ ۼ‬RADIUS group selection per VLAN or port
‫ ۼ‬Route maps and route redistribution (OSPF, BGP, RIP) ‫ ۼ‬RADIUS CoA (Change of Authorization)
‫ ۼ‬Virtual Routing and Forwarding (VRF-Lite) ‫ ۼ‬Strong password security and encryption
‫ ۼ‬Traffic control for bandwidth shaping and congestion avoidance ‫ ۼ‬MAC and 802.1x Port authentication on switch ports
‫ ۼ‬Policy-based routing ‫ ۼ‬Two-factor authentication using a code, certificates, or a one time password (OTP)
‫ ۼ‬SD-WAN: performance measure and load balance WAN links via email for maximum security
‫ ۼ‬PPPoE client with PADT support
VPN Tunneling
‫ ۼ‬DHCP client, relay and server for IPv4 and IPv6
‫ ۼ‬Diffie-Hellman key exchange
‫ ۼ‬Dynamic DNS client
‫ ۼ‬Secure encryption algorithms: AES and 3DES
‫ ۼ‬IPv4 and IPv6 dual stack
‫ ۼ‬Secure authentication: SHA-1, SHA-256, SHA-512
‫ ۼ‬Device management over IPv6 networks with SNMPv6, Telnetv6 and SSHv6
‫ ۼ‬IKEv2 key management
‫ ۼ‬Logging to IPv6 hosts with Syslog v6
‫ ۼ‬IPsec Dead Peer Detection (DPD)
‫ ۼ‬Web redirection allows service providers to direct users to a specified web address
‫ ۼ‬IPsec NAT traversal
‫ ۼ‬URL-offload enable cloud-based traffic (e.g. Office 365) to be sent directly to the
‫ ۼ‬IPsec VPN for site-to-site connectivity
Internet
‫ ۼ‬Multipoint VPN for connecting a single VPN to multiple end points
‫ ۼ‬LLDP and LLDP-MED for network discovery
‫ ۼ‬VPN pass-through
Management ‫ ۼ‬Dynamic routing through VPN tunnels (RIP, OSPF, BGP)
‫ ۼ‬Allied Telesis Autonomous Management Framework Plus (AMF-Plus) enables ‫ ۼ‬Generic Routing Encapsulation (GRE) over IPv6
powerful centralized management and zero-touch device installation and recovery
‫ ۼ‬Redundant VPN gateway
‫ ۼ‬From AW+ 5.5.2-2, an AMF Plus license operating in the network provides all
‫ ۼ‬SSL/TLS VPN for secure remote access
standard AMF network management and automation features, and also enables
the AMF Plus intent-based networking features menu in Vista Manager EX (from ‫ ۼ‬IPv6 tunneling
version 3.10.1 onwards)
‫ ۼ‬Web-based GUI for device configuration and easy monitoring, including a network Wireless Controller AWC
map of wired and wireless devices ‫ ۼ‬Allied Telesis AWC is an intelligent WLAN controller that automatically maintains
optimal wireless coverage
‫ ۼ‬Industry-standard CLI with context-sensitive help
‫ ۼ‬Manage up to five access points (APs)
‫ ۼ‬Role-based administration with multiple CLI security levels
‫ ۼ‬Auto-setup simplifies wireless network deployment
‫ ۼ‬Built-in text editor and powerful CLI scripting engine
‫ ۼ‬Rogue AP detection for increased WLAN security
‫ ۼ‬WEP/WPA personal or WPA enterprise, pre-shared key (WEP/WPA personal),
AR2050V SECURE VPN ROUTER RADIUS server (WPA enterprise)
‫ ۼ‬Wireless networks can have separate SSIDs, VLANs, security settings, etc.
1 x 10/100/1000T bypass port 1 x 10/100/1000T WAN port ‫ ۼ‬APs can belong to multiple networks each with different wireless settings, and can
USB retainer slot broadcast multiple SSIDs (Virtual AP)
‫ ۼ‬APs can be defined individually or in bulk using a common profile.
‫ ۼ‬AP radio settings can be configured automatically (default) or manually
‫ ۼ‬AP functions such as updating firmware, executing AWC calculations and applying
calculation results can be run automatically based on a user-defined schedule
Status LEDs USB port ‫ ۼ‬AWC supports Allied Telesis TQ and MWS Series wireless access points
4 x 10/100/1000T LAN ports Console port Reset button

AR2050V | 5
AR2050V | Secure VPN Router

Specifications

AR2050V
Processor & memory
Security processor 800MHz dual-core
Memory (RAM) 512MB
Memory (Flash) 4GB

Security features

Firewall Application-aware packet inspection firewall

Application proxies FTP, TFTP, SIP

Threat protection DoS attacks, fragmented & malformed packets, blended threats & more

Tunneling & encryption

IPsec site-to-site VPN tunnels 50

SSL VPN users 100

Encrypted VPN IPsec, SHA-1, SHA-256, SHA-512, IKEv2, SSL/TLS VPN
Encryption 3DES, AES-128, AES-192, AES-256
Key exchange Diffie-Hellman groups 2, 5, 14, 15, 16, 18
Dynamic routed VPN RIP, OSPF, BGP, RIPng, OSPFv3, BGP4+
Point to point Static PPP, L2TPv2 virtual tunnels, L2TPv3 Ethernet pseudo-wires

Encapsulation GRE for IPv4 and IPv6

Management & authentication

Logging & notifications Syslog & Syslog v6, SNMPv2 & v3
User interfaces Scriptable industry-standard CLI, Web-based GUI
Secure management SSHv1/v2, strong passwords
Allied Telesis Autonomous Management FrameworkTM Plus (AMF Plus)
Management tools Autonomous Wave Control for wireless LAN APs (AWC)
Vista Manager EX

User authentication RADIUS, TACACS+, internal user database, Web authentication, MAC authentication,
802.1x port authentication
Command authorization TACACS+ AAA (Authentication, Accounting and Authorization)

Networking
Routing (IPv4) Static, Dynamic (BGP4, OSPF, RIPv1/v2), source-based routing, policy-based routing, VRF-Lite, SD-WAN

Routing (IPv6) Static, Dynamic (BGP4+, OSPFv3, RIPng), policy-based routing, SD-WAN

Multicasting IGMPv1/v2/v3, PIM-SM, PIM-DM, PIM-SSM, PIMv6

Resiliency STP, RSTP
High availability VRRP, VRRPv3, hardware controlled bypass port
Traffic control 8 priority queues, DiffServ, HTB scheduling, RED curves
IP address management Static v4/v6, DHCP v4/v6 (server, relay, client), PPPoE
NAT Static, IPsec traversal, Dynamic NAPT
Link aggregation 802.3ad static and dynamic (LACP)
VLANs 802.1Q tagging
Discovery LLDP, LLDP-MED

Reliability features
Modular AlliedWare Plus operating system
Full environmental monitoring of PSU, fan, temperature and internal voltages.
SNMP traps alert network managers in case of any failure
Variable fan speed control

Hardware characteristics
Input power 90 to 260V AC (auto-ranging), 47 to 63Hz
Max power consumption 14W
LAN ports 4 x 10/100/1000T RJ-45
WAN ports 1 x 10/100/1000T RJ-45

6 | AR2050V
AT-AR2050V | Secure VPN Router

AR2050V
Hardware characteristics
High Availability bypass ports 1 x 10/100/1000T RJ-45
Other ports 1 x USB, 1 x RJ-45 console
Product dimensions (W x D x H) 210mm (8.26 in) x 220mm (8.66 in) x 42.5mm (1.67 in)
Packaged dimensions (W x D x H) 254 mm (10.00 in) x 360 mm (14.17 in) x 112 mm (4.41 in)
Product weight 1.8 kg (4.0 lb) unpackaged, 2.5 kg (5.51 lb) packaged

Environmental specifications
Operating temperature range 0°C to 45°C (32°F to 113°F). Derated by 1°C per 305 meters (1,000 ft)
Storage temperature range -20°C to 60°C (-4°F to 140°F)
Operating relative humidity range 5% to 80% non-condensing
Storage relative humidity range 5% to 95% non-condensing
Operating altitude 2,000 meters maximum (6,600 ft)

Regulations and compliances

EMC EN55032 class A, FCC class A, VCCI class A

Immunity EN55024, EN61000-3-levels 2 (Harmonics), and 3 (Flicker)
Safety Standards UL60950-1, CAN/CSA-C22.2 No. 60950-1-03, EN60950-1, EN60825-1, AS/NZS 60950.1
Safety Certifications UL, cUL, TuV

Reduction of Hazardous Substances (RoHS) EU RoHS6 compliant, China RoHS compliant

IPv6 Ready Phase 2 (Gold) Logo

Ordering information Related Products

AT-AR2050V-xx AT-TQm1402 AT-TQm6702 GEN2

1 x GE WAN and 4 x 10/100/1000 LAN Enterprise-Class 802.11ac Wave 2 Wireless Access Enterprise-Class Wi-Fi 6 AP with 2 radios (4x4
Point with 2 radios and embedded antenna 2.4GHZ and 8x8 5GHz) and embedded antenna

AT-TQ1402 AT-TQ6602 GEN2

Enterprise-Class Advanced 802.11ac Wave 2 Enterprise-Class hybrid Wi-Fi 6 AP with 2 radios
Wireless Access Point with 2 radios and embedded (4x4 2.4GHz and 4x4 5GHz) and embedded
antenna antenna

AT-RKMT-J15 AT-TQm5403 AT-TQ6702 GEN2

Rack mount kit to install two devices side by side in a Enterprise-Class 802.11ac Wave 2 Wireless Access Enterprise-Class hybrid Wi-Fi 6 AP with 2 radios
19-inch equipment rack Point with 3 radios and embedded antenna (4x4 2.4GHZ and 8x8 5GHz) and embedded
antenna
AT-TQ5403
Enterprise-Class Advanced 802.11ac Wave 2
Wireless Access Point with 3 radios and embedded
antenna 3G/4G USB Modems
AT-RKMT-J14 For a list of supported USB modems visit
Rack mount kit to install one device in a 19-inch AT-TQ5403e alliedtelesis.com
equipment rack Enterprise-Class Outdoor Advanced 802.11ac Wave
2 Wireless Access Point with 3 radios with four
AT-STND-J03 omni-directional antennas
Stand-kit for AT-AR2050V
AT-TQ6602
Enterprise-Class Wi-Fi 6 Wireless Access Point
Where xx = 10 for US power cord with 2 radios and embedded antenna
30 for UK power cord
40 for Australian power cord AT-TQm6602 GEN2
50 for European power cord Enterprise-Class Wi-Fi 6 AP with 2 radios (4x4
2.4GHz and 4x4 5GHz) and embedded antenna

© 2023 Allied Telesis, Inc. All rights reserved.

617-000572 RevZE