Security Appliances | Product Information

Compact Secure VPN Router

AR2010V

Allied Telesis Secure Virtual Private Network (VPN)

Routers are the ideal secure gateway for smart city
and smart factory network applications. Powerful VPN
functionality is combined with comprehensive routing, to
provide an innovative high performance solution that is
easy to use and very secure.

With the advent of the Internet of Things (IoT) and the Flexible deployment
development of smart cities and smart factories, connected With its compact size, operation up to 50°C, and the ability to
infrastructure that is easy to install and manage has become run on AC or DC power, the AR2010V is easy to deploy in all
a critical requirement. environments, including business, outdoor, surveillance, and
M2M telemetry. A DIN rail mounting option supports industrial
The Allied Telesis AR2010V is the ideal choice for applications applications, and silent operation allows use in office spaces.
that require reliable, high-capacity data transfer in demanding
scenarios—including IP video surveillance, outdoor digital Secure Remote Virtual Private Networks (VPN)
signage, kiosks, remote office VPN back-up, as well as critical The AR2010V supports IPSec site-to-site VPN connectivity,
Machine-to-Machine (M2M) telemetry in remote or mobile to ensure secure data retrieval from remote locations in
environments. distributed smart city and smart factory networks that
connect multiple devices. This ensures up-to-the-minute
The AR2010V features comprehensive security and advanced
information is available, despite long distances and a
networking capabilities, including connectivity over 3G/4G, to
variety of connected devices, and enhances the quality and
easily meet the high data transmission demands of today’s
interactivity of urban services.
distributed infrastructure networks.

Easy to manage Comprehensive routing support

The AR2010V runs the AlliedWare Plus™ fully featured Strong security features are complemented by advanced
operating system, with an industry standard CLI. The routing capability. Full IPv6 routing and protocol
Graphical User Interface (GUI) provides a dashboard for implementation ensures today’s networks are fully
monitoring, showing traffic throughput, security status, and connectable, both internally and externally, with other leading
application use at a glance. Configuration of security zones, edge equipment. Powerful multicasting features support
networks and hosts, and rules to limit and manage traffic, streaming video, ideal for modern surveillance solutions.
provides a consistent approach to policy management.

Wireless LAN management

The AR2010V features Allied Telesis Autonomous Wave The
AR2010V features Allied Telesis Autonomous Wave Controller
(AWC), which is an intelligent, easy-to-use Wireless LAN
controller that automatically maintains the optimal wireless
coverage. Vista Manager mini is part of the Device GUI, and
enables easy visual setup, management, and monitoring of
AWC wireless access points. A network map that includes
floor maps and wireless coverage heat maps enables
simplified deployment and monitoring.

617-000573 RevZC
AR2010V | Compact Secure VPN Router

FIREWALL ENGINE
All traffic flowing in and out of the firewall is inspected, so different applications can be
Application-aware
managed in line with business policies.
Protection against Denial of Service (DoS) attacks, which are designed to consume resources
DoS attack protection
and therefore deny users network and application access.
An Intrusion Detection and Prevention System (IDS/IPS) provides monitoring, analysis and
Intrusion Detection & Prevention
logging of suspicious events that occur on a network. It can also perform a variety of actions
(IDS/IPS)
to prevent attacks.
Enables HTTP or HTTPS access to particular websites to be allowed or blocked with
URL filtering
user-defined lists.
VIRTUAL PRIVATE NETWORKING (VPN)
High-performance IPSec VPN allows the Allied Telesis UTM Firewalls to act as a VPN
IPSec VPN for site-to-site and
concentrator for other large sites, branch offices or home offices. Multipoint VPN uses a
multi-site connectivity
single VPN to connect a head office to multiple branch offices.
The OpenVPN® client allows easy access to corporate digital resources when away from the
office. Secure ways to login include LDAP authentication and two-factor authentication, with
SSL/TLSv1.3 for secure remote options to use a code, certificates, or a one time password (OTP) via email. The TLS version
VPN access for OpenVPN connections can be specified to encourage use of the latest and most secure
version, and TLS Crypt provides ultimate security, with symmetric encryption including the
key exchange for protection against TLS DoS attacks.
VPN pass-through Pass-through enables VPN clients to make outbound connections using L2TP, PPTP or IPsec.
Primary and secondary VPNs can be configured when using multiple WAN connections, for
Redundant VPN gateway
seamless failover of all VPN sessions.
Dynamic routing through VPN Dynamic routing over VPN links ensures no loss of connectivity, as traffic is routed through an
tunnels alternate link in the event of a tunnel failure.
QUALITY OF SERVICE (QOS)
Traffic control allows the amount of bandwidth to be restricted for different traffic classes.
Traffic control
RED curves can be defined to predictably drop traffic if congestion occurs.
Protect your business-critical traffic by limiting the bandwidth available to non-essential traffic.
Bandwidth management During peak times, the non-essential traffic will be limited allowing the critical traffic through
unhindered.
NETWORKING
The 3G/4G/LTE modem offers an additional secure IPv4 or IPv6 data connection for critical
3G/4G/LTE USB modem1 services that can automatically switch to a 3G network whenever a primary data connection
becomes unavailable.
Layer 2 Tunnelling Protocol L2TP provides site-to-site connectivity, which can also be protected by IPSec encryption.
(L2TP)
IPv6 support Full support for IPv6 routing, multicasting and security is provided.
DS (Dual Stack) Lite, Lightweight 4over6, and MAP-E support connecting IPv4 networks over
IPv6 transition technologies
an IPv6 Internet connection.
AMF-WAN enables users to measure the quality of their WAN links and send real-time
AMF-WAN and other applications over the most suitable connection. Users can also load-balance an
(Allied Telesis SD-WAN) application over multiple WAN links, prioritize the delivery of business-critical applications,
and send traffic directly to Cloud-based services from the branch office.
Dual Stack Dual Stack enables IPv4 and IPv6 traffic to be processed simultaneously.
Policy-based routing enables traffic forwarding decisions to be based on where the traffic is
Policy-based routing
coming from, rather than where it is going to.
Autonomous Management AMF Plus enables new devices to be pre-provisioned for zero-touch deployment. This
Framework Plus (AMF Plus) simplifies installation and guarantees a consistent configuration reducing setup time and cost.
The Allied Telesis AR2010V can be deployed in traditional NAT, Layer 2 Bridge, Wire Mode
Flexible deployment options
and Network Tap modes.
Virtual Routing and Forwarding (VRF-Lite) allows multiple routing tables. As the routing
VRF-Lite
instances are independant, the same or overlapping IPv4 addresses can be used.

For a list of supported USB modems, please refer to the Allied Telesis USB Modem Compatibility List
1

2 | AR2010V
AR2010V | Compact Secure VPN Router

Key Solution - Smart Cities

Smart City
Smart Factory

AR
20
10
V
Video

AR
surveillance

20
10
V
INF

Internet
OM
ATIO
N

AR
20
10
V
AR
AR

kiosk/vending
20
20

10
10

V
V

machine
3G / 4G
backup

Environmental
sensors

Secure connectivity for remote infrastructure wide operating temperature, plus AC and DC power
All over the world, smart cities and smart factories are options, make the AR2010V easy to deploy in multiple
looking to increase information availability, security, and locations.
transport efficiency, while still reducing pollution and
waste. Access to real-time data from a variety of sources Smart factories are also well catered for with the AR2010V
gives cities the ability to enhance the quality of urban able to securely connect critical machinery to ensure
services, while increasing the safety of citizens. efficient production.

The AR2010V is the ideal solution for applications With Allied Telesis Autonomous Management FrameworkTM
with data sensors in remote locations, including traffic Plus (AMF Plus), private or public cloud-based
monitoring systems, video surveillance, flood and pollution management of the entire network makes keeping the
sensors, and industrial telemetry systems. In addition, the environment secure and up to date simple. Centralized
compact and easy to install AR2010V is ideal for control, automated provisioning, back-up, upgrade and
replacement all ensure simplified management for large
M2M communication—such as kiosks, vending and distributed networks.
gaming machines, and weather stations. 3G/4G
connectivity supports remote systems, or can operate as For devices connected wirelessly, the AR2010V can
a backup link ensuring a resilient network. manage up to 5 TQ or MWS Series wireless APs with
Autonomous Wave Control (AWC). An auto-setup option
The above solution shows how a a city-wide network of simplifies wireless deployment, while AWC automatically
AR2010V routers can provide connectivity for a number optimizes performance. The built in AWC functionality
of different types of remote devices. A compact chassis, integrates wireless management with secure remote
connectivity, for a simplified solution.

AR2010V | 3
AR2010V | Compact Secure VPN Router

Features ‫ ۼ‬Comprehensive SNMPv2c/v3 support for standards-based device management

‫ ۼ‬Event-based triggers allow user-defined scripts to be executed upon selected
Firewall system events
‫ ۼ‬Application-aware firewall with bidirectional inspection engine ‫ ۼ‬Comprehensive logging to local memory and syslog
‫ ۼ‬Application Layer Gateway (ALG) for FTP, TFTP and SIP ‫ ۼ‬Console management port on the front panel for ease of access
‫ ۼ‬Bandwidth limiting control ‫ ۼ‬USB interface allows software release files, configurations and other files to be
‫ ۼ‬Firewall session limiting per user or entity (zone, network, host) stored for backup and distribution to other devices
‫ ۼ‬Bridging between LAN and WAN interfaces
‫ ۼ‬Intrusion Detection and Prevention System (IDS/IPS) Resiliency
‫ ۼ‬Policy-based storm protection
‫ ۼ‬User-defined URL access-control lists (block or allow HTTP and HTTPS access to
specific Websites)
Diagnostic tools
‫ ۼ‬DoS and DDoS attack detection and protection
‫ ۼ‬Ping polling for IPv4 and IPv6
‫ ۼ‬Maximum and guaranteed bandwidth control
‫ ۼ‬Port mirroring
‫ ۼ‬Per-host session limits
‫ ۼ‬TraceRoute for IPv4 and IPv6
‫ ۼ‬Static NAT (port forwarding), double NAT and subnet-based NAT
‫ ۼ‬Masquerading (outbound NAT) Authentication
‫ ۼ‬Enhanced NAT (static and dynamic) ‫ ۼ‬RADIUS authentication and accounting
‫ ۼ‬Security for IPv6 traffic ‫ ۼ‬TACACS+ Authentication, Accounting and Authorization (AAA)
‫ ۼ‬Local or server-based RADIUS user database
Networking ‫ ۼ‬Strong password security and encryption
‫ ۼ‬Routing mode / bridging mode / mixed mode
‫ ۼ‬Two-factor authentication using a code, certificates, or a one time password (OTP)
‫ ۼ‬Static unicast and multicast routing for IPv4 and IPv6 via email for maximum security
‫ ۼ‬DS-Lite, Lightweight 4over6, and MAP-E for connecting IPv4 networks over IPv6
‫ ۼ‬Dynamic routing (RIP, OSPF and BGP) for IPv4 and IPv6 VPN tunneling
‫ ۼ‬Flow-based Equal Cost Multi Path (ECMP) routing ‫ ۼ‬Diffie-Hellman key exchange

‫ ۼ‬Dynamic multicasting support by IGMP and PIM ‫ ۼ‬Secure encryption algorithms: AES and 3DES

‫ ۼ‬Route maps and route redistribution (OSPF, BGP, RIP) ‫ ۼ‬Secure authentication: SHA-1, SHA-256, SHA-512

‫ ۼ‬Virtual Routing and Forwarding (VRF-Lite) ‫ ۼ‬IKEv2 key management

‫ ۼ‬Traffic control for bandwidth shaping and congestion avoidance ‫ ۼ‬IPsec Dead Peer Detection (DPD)

‫ ۼ‬Policy-based routing ‫ ۼ‬IPsec NAT traversal

‫ ۼ‬SD-WAN: performance measure and load balance WAN links ‫ ۼ‬IPsec VPN for site-to-site connectivity

‫ ۼ‬PPPoE client with PADT support ‫ ۼ‬Multipoint VPN for connecting a single VPN to multiple end points

‫ ۼ‬DHCP client, relay and server for IPv4 and IPv6 ‫ ۼ‬VPN pass-through

‫ ۼ‬Dynamic DNS client ‫ ۼ‬Dynamic routing through VPN tunnels (RIP, OSPF, BGP)

‫ ۼ‬IPv4 and IPv6 dual stack ‫ ۼ‬Generic Routing Encapsulation (GRE) over IPv6

‫ ۼ‬Device management over IPv6 networks with SNMPv6, Telnetv6 and SSHv6 ‫ ۼ‬L2TPv2 virtual tunnels

‫ ۼ‬Logging to IPv6 hosts with Syslog v6 ‫ ۼ‬Redundant VPN gateway

‫ ۼ‬Web redirection allows service providers to direct users to a specified web address ‫ ۼ‬SSL/TLSv1.3 for secure remote VPN access

‫ ۼ‬URL-offload enables cloud-based traffic (e.g. Office 365) to be sent directly to the ‫ ۼ‬IPv6 tunneling
Internet
Wireless Controller AWC
Management ‫ ۼ‬Allied Telesis AWC is an intelligent WLAN controller that automatically maintains
‫ ۼ‬Allied Telesis Autonomous Management Framework Plus (AMF Plus) enables optimal wireless coverage
powerful centralized management and zero-touch device installation and recovery ‫ ۼ‬Manage up to five access points (APs)
‫ ۼ‬From AW+ 5.5.2-2, an AMF Plus license operating in the network provides all ‫ ۼ‬Auto-setup simplifies wireless network deployment
standard AMF network management and automation features, and also enables ‫ ۼ‬Rogue AP detection for increased WLAN security
the AMF Plus intent-based networking features menu in Vista Manager EX (from
version 3.10.1 onwards) ‫ ۼ‬WEP/WPA personal or WPA enterprise, pre-shared key (WEP/WPA personal),
RADIUS server (WPA enterprise)
‫ ۼ‬Web-based GUI for device configuration and easy monitoring, including a network
map of wired and wireless devices ‫ ۼ‬Wireless networks can have separate SSIDs, VLANs, security settings, etc.

‫ ۼ‬Industry-standard CLI with context-sensitive help ‫ ۼ‬APs can belong to multiple networks each with different wireless settings, and can
broadcast multiple SSIDs (Virtual AP)
‫ ۼ‬Role-based administration with multiple CLI security levels
‫ ۼ‬APs can be defined individually or in bulk using a common profile.
‫ ۼ‬Built-in text editor and powerful CLI scripting engine
‫ ۼ‬AP radio settings can be configured automatically (default) or manually
‫ ۼ‬AP functions such as updating firmware, executing AWC calculations and applying
AR2010V COMPACT SECURE VPN ROUTER calculation results can be run automatically based on a user-defined schedule
‫ ۼ‬AWC supports Allied Telesis TQ and MWS Series wireless access points
Reset button USB retainer slot

Console port Status LEDs USB port Kensington lock hole

2 x Ethernet ports DC power connector AC power connector
4 | AR2010V
AR2010V | Compact Secure VPN Router

Specifications

AR2010V
Processor & memory
Security processor 800MHz dual-core
Memory (RAM) 512MB
Memory (Flash) 4GB

Security features

Firewall Application-aware packet inspection firewall

Application proxies FTP, TFTP, SIP

Threat protection DoS attacks, fragmented & malformed packets, blended threats & more

Tunneling & encryption

IPsec site-to-site VPN tunnels 50

SSL VPN users 100

Encrypted VPN IPsec, SHA-1, SHA-256, SHA-512, IKEv2, SSL/TLS VPN
Encryption 3DES, AES-128, AES-192, AES-256
Key exchange Diffie-Hellman groups 2, 5, 14, 15, 16, 18
Dynamic routed VPN RIP, OSPF, BGP, RIPng, OSPFv3, BGP4+
Point to point Static PPP, L2TPv2 virtual tunnels, L2TPv3 Ethernet pseudo-wires

Encapsulation GRE for IPv4 and IPv6

Management & authentication

Logging & notifications Syslog & Syslog v6, SNMPv2 & v3
User interfaces Scriptable industry-standard CLI, Web-based GUI
Secure management SSHv1/v2, strong passwords
Allied Telesis Autonomous Management FrameworkTM Plus (AMF Plus)
Management tools Autonomous Wave Control for wireless LAN APs (AWC)
Vista Manager EX
User authentication RADIUS, TACACS+, internal user database
Command authorization TACACS+ AAA (Authentication, Accounting and Authorization)

Networking
Routing (IPv4) Static, Dynamic (BGP4, OSPF, RIPv1/v2), source-based routing, VRF-Lite, SD-WAN

Routing (IPv6) Static, Dynamic (BGP4+, OSPFv3, RIPng), SD-WAN

Multicasting IGMPv1/v2/v3, PIM-SM, PIM-DM, PIM-SSM, PIMv6

Resiliency STP, RSTP
Traffic control 8 priority queues, DiffServ, HTB scheduling, RED curves
Quality of Service (QoS) Premarking and remarking, taildrop queue congestion, strict priority, weighted round robin or mixed scheduling
IP address management Static v4/v6, DHCP v4/v6 (server, relay, client), PPPoE
NAT Static, IPsec traversal, Dynamic NAPT

Reliability features
Modular AlliedWare Plus operating system
Full environmental monitoring of temperature and internal voltages.
SNMP traps alert network managers in case of any failure

Hardware characteristics
Rated input voltage DC12-24V AC100-240V (with AC adapter)
Max power consumption 13 watts
LAN port 1 x 10/100/1000 RJ-45
WAN port 1 x 10/100/1000T RJ-45
Other ports 1 x USB, 1 x RJ-45 console
Product dimensions (W x D x H) 140 mm (5.51 in) x 105 mm (4.13 in) x 42.5 mm (1.67 in)
Packaged dimensions (W x D x H) 215 mm (8.46 in) x 263 mm (11.35 in) 82 mm (3.237 in)
Product weight 556 grams (1.2 lb) unpackaged, 1.2 kg (2.65 lb) packaged
Fanless Silent operation

AR2010V | 5
AR2010V | Compact Secure VPN Router

AR2010V

Environmental specifications
Operating temperature range 0°C to 50°C (32°F to 122°F). Derated by 1°C per 305 meters (1,000 ft)
Storage temperature range -20°C to 60°C (-4°F to 140°F)
Operating relative humidity range 5% to 80% non-condensing
Storage relative humidity range 5% to 95% non-condensing
Operating altitude 2,000 meters maximum (6,600 ft)

Regulations and compliances

EMC EN55032 class A, FCC class A, VCCI class A

Immunity EN55024, EN61000-3-levels 2 (Harmonics), and 3 (Flicker)
Safety Standards UL60950-1, CAN/CSA-C22.2 No. 60950-1-03, EN60950-1, EN60825-1, AS/NZS 60950.1
Safety Certifications UL, cUL, TuV

Reduction of Hazardous Substances (RoHS) EU RoHS6 compliant, China RoHS compliant

IPv6 Ready Phase 2 (Gold) Logo

High performance Performance

By harnessing the power of multi-core processors and hardware acceleration
Firewall throughput 750 Mbps
engines, the AR2010V guarantees high performance, dramatically increases
throughput, and enables sustained low latency traffic inspection. You can Concurrent sessions 100,000
enjoy maximum throughput, while still protecting your important data and New sessions per second 3,600
business information. IPS throughput 200 Mbps
VPN throughput 400 Mbps

Ordering information
Related Products

AT-TQm1402 AT-TQ6602 GEN2

Enterprise-Class 802.11ac Wave 2 Wireless Access Enterprise-Class hybrid Wi-Fi 6 AP with 2 radios
Point with 2 radios and embedded antenna (4x4 2.4GHz and 4x4 5GHz) and embedded antenna

AT-TQ1402 AT-TQ6702 GEN2

AT-AR2010V-xx Enterprise-Class Advanced 802.11ac Wave 2 Enterprise-Class hybrid Wi-Fi 6 AP with 2 radios
2 x 10/100/1000T RJ-45 Wireless Access Point with 2 radios and embedded (4x4 2.4GHZ and 8x8 5GHz) and embedded
antenna antenna
AT-DRMT-J02
Din rail mount kit AT-TQ6602 AT-TQ6702e GEN2-xx
Enterprise-Class Wi-Fi 6 Wireless Access Point Outdoor Wi-Fi 6 hybrid AP with 2 radios
with 2 radios and embedded antenna (4x4 2.4GHZ and 8x8 5GHz) and embedded
Where xx = 10 for US power cord antenna
30 for UK power cord AT-TQm6602 GEN2
40 for Australian power cord Enterprise-Class Wi-Fi 6 AP with 2 radios (4x4 3G/4G USB Modems
50 for European power cord 2.4GHz and 4x4 5GHz) and embedded antenna For a list of supported USB modems visit
alliedtelesis.com
AT-TQm6702 GEN2
Enterprise-Class Wi-Fi 6 AP with 2 radios (4x4
2.4GHZ and 8x8 5GHz) and embedded antenna

© 2024 Allied Telesis, Inc. All rights reserved.

617-000573 RevZC