Background
I have about 30 users, 2 VLAN, content filtering turned on, syslog (Firewall and VPN alerts only) to remote syslog.
Fixed routes directing to another lan router, minor VPN access, most other filtering I was using now turned off due to this issue.
Bandwidth limit and connections limit, two WAN one ethernet one PPOE through Linksys modem to ADSL.

If the network is quiet I can go to the administration page but if there is a fair amount of traffic it will just reboot as soon as I authenticate.

I assume my first course of action is to wipe the thing (firmware wipe .rst) and restart?
I don't want to go through the trouble of setting it all up again if the device is not actually robust, any feedback on if this thing will allow you use half of its features?

Before Windows7 Days I was using a Squid proxy and everything was solid but Win7 didn't like the proxy so I went to content filtering on the 2955 my assumption is that either the Windows7 IPV6 traffic is hitting it, the filtering is pushing it over or some other combination of variables is killing it. For obvious reasons it is hard to see what was happening just before the reboot the act of observing seems to affect it.
I'm going the call it Schrödinger's Draytek.

While typing this I thought of watching log via tenlet/ssh - will go and look for commands.

Enable the syslog feature, that would be my first recommendation.

I do not know about the behaviour you describe (I have 2950 and 5500 but now 2955 because this is not sold here)

If you do not find anything in the logs, try to reduce the used features while keeping the needed things:
For testing, deactivate bandwidth limit and connections limit (QoS should get you about the same result, also for me, bandwith limiting reduces the overall throughput of the router by 50%, whether or not the limit is reached)
check if your DNS servers are working reliable (I had disconnect problems, and maybe reboots because of non working DNS servers)
Deactivate not needed VPN connections
Dont use a VPN connection with a netmask of 0.0.0.0 or a gateway with 0.0.0.0 (like vyprvpn). It does work, but sometimes the router crashes (draytek strongly recommends not to use this unlike you use a netmask of 255.255.255.255 and even then sometimes the routing table gets corrupted)
check for duplicate VPN routes or typos in the VPN profiles (255.255.0.0 instead of 255.255.255.0 for the netmask
check that the NTP server you use is working or deactivate it (I dont know of any issues here, but, it is not needed imho for a test)
check for overlappings of the mamagement port you use and NAT redirects or open ports
Deactivate smtp alerts
What does happen if you try to login from the internet instead of from the local network ?

I dont think that resetting the router to factory settings and then manually typing in all things or reloading a config file will help, but, reset and reload a config file for sure will no hurt and is simple.

Good thoughts thanks,
I have syslog to a machine on the lan but reduced the output while narrowing this down.
I know how to make it reboot constantly that is more syslog with the CMS reporting too, traffic goes up router goes down. reduced reporting helped but still could review that destination for the logs.
My problem is Pre Win7 I had logs to glance over and feel abuse would flag up quickly now I can limit pron sites etc. but not get reports of "Blocks" maybe I should look at another version of squid to offload that work. I do also route some ip specific email traffic over the leased line so I may just go with clean install and slowly build up only the features I know I need.

Will look at some other things you've mentioned it is good to have a second pair of eyes and I hadn't really looked at the bandwidth limiting overall impact. Want to keep a handle on non work stuff so will probably have to look more at QOS (which I recently turned off while this is happening)

Cheers
Stu