Netgear ProSafe Firewall Easy to Set Up and Manage

Netgear, despite its consumer roots, has been making network equipment for small and midsized businesses for years. The ProSafe FVS336G, though awkwardly named, is the result of that experience: it's easy to install, easy to configure, and easy to manage.

The box we received contained only a power supply, but it was labeled "eval" so may not have had all the pieces normally shipped with a retail unit. The lack of a manual didn't bother us, since the system connected quickly and the administration screens are littered with context sensitive help at the touch of a question mark icon.

Larger and heavier than all the other units because of its steel case, the FVS336G is still smaller than a hardback book. All the connections except the power plug are on the front panel.

There are four 10/100/1000 Gigabit Ethernet ports on the front, and two other ports labeled WAN1 and WAN2. One of the four LAN ports can be configured as a DMZ port.

Maximum device throughput is 60Mbps, one of the slowest units, but still faster than our two broadband connections combined. It supports 25 VPN IPSec tunnels as well as 10 SSL VPN connections. The stateful packet inspection firewall provides admin pages about as simple as any firewall can be, with separate pages for LAN-WAN, DMZ-WAN, and LAN-DMZ rules, and a single button to enable the application layer gateway (ALG) for Internet phone traffic using SIP.

Installation and configuration

We plugged the FVS336G into our network switch, connected the first WAN cable, and turned it on. The DHCP server provided the default 192.168.1.x address range for our computers which connected to the router immediately. The first screen that came up was the monitoring screen showing Router Status, with WAN1 up and connected.

Setting the LAN range to 10.0.1.x was also straightforward. From Network Configuration on the top of the admin page, we went to LAN Settings. The LAN address was the top field, and the DHCP settings were right below. We set the range of IP addresses for our clients, ignored the option to connect to an Lightweight Directory Access Protocol (LDAP), and also didn't put in a special DNS server address, preferring to let the unit pass through the addresses from the broadband provider. After hitting the Apply button, the FVS336G rebooted, and we rebooted our computer to catch the new IP address range.

Adding the second WAN connection was just as easy. Going through Network Configuration to WAN2 ISP Settings, we had the chance to put in login information if necessary (it wasn't), and choose whether we needed to use Point to Point Tunneling Protocol (PPTP) or Point to Point Protocol over Ethernet (PPPoE), and provide a static IP address if necessary. You can again pass through DNS server information from your ISP or put in your own; we let the Netgear box handle that just like before.

After rebooting the second broadband modem, the FVS336G made the connection immediately. The Monitoring > Router Status page showed both WAN connections up and running, with full details on IP addresses and primary and secondary DNS addresses. When we hit the Router Statistics icon, a page that refreshed every five seconds appeared, listing the total transmit and receive packets for WAN1, WAN2, and the LAN.

Juggling traffic ratios between the two WAN ports is also easy to configure. A Port Mode page allows you to choose Auto-Rollover between WAN ports by using DNS or ping of two addresses to monitor WAN health. The better option is Load Balancing, and you can tie any of 63 protocols to one WAN connection or the other. Want all SIP phone packets to go through only one WAN link? Easy to configure. You can also separate WAN traffic by source or destination network.

Operation

For a router with "Dual-WAN" in the name, it's surprising there's no way to choose what type of packet load balancing should be used. The Router Statistics display shows the FVS336G has a marked preference for the Time Warner cable connection in WAN2 in receive traffic, but the transmit packet numbers are about equal. It does show a breakdown of traffic by protocol (e-mail, Web, and other) which is interesting. Web traffic was by far the majority.

There are a dozen ways to track and report routing logs, and another 10 for system logs. Even though this product is aimed at small businesses, you can define a syslog server. Speeds were on the high end of average for the tested group.

The FVS336G is a strong entry in the dual-WAN market, and that's before taking into account it comes with the second lowest price tag of the group. Combining good value with good performance makes the FVS336G an excellent option for small businesses with fewer than 50 users that don't need a large number of VPN connections.

Read more about LAN and WAN in Network World's LAN & WAN section.