Verdict

It’s been nearly two years in the making but Netgear’s latest business class firewall router finally amalgamates an ADSL2/2+ modem and Ethernet broadband connection into a single unit. Netgear advised us that its stringent beta testing program threw all up sorts up broadband related issue mainly due to the unreliable services provided by many ISPs so it’s only now that its decided to offer the integrated modem as an option.

Along with a choice of broadband connections the DGFV338 delivers a NAT/SPI firewall, teams this up with standard 802.11b/g wireless services and supports IPsec VPN tunnel pass-through and termination. Alas, Gigabit Ethernet still isn’t on the menu as you get an octet of Fast Ethernet ports instead. Considering it has taken so long to bring this product to market Gigabit would have been good but at least the Fast Ethernet ports keep the costs down to a very affordable level.

No wizards are provided for installation but none are necessary as we found this easy enough. The web interface sees some welcome graphical refreshment and is consequently easier to use than some of Netgear’s older ProSafe security products. Using the internal ADSL modem as our main link we ran the auto-detect option, which correctly identified VPI and VCI values leaving us to enter our account details. We also tested using the Ethernet port with an intelligent ADSL modem and found the process just as painless.

With a pair of broadband connections in the mix link failover comes into play. Coined rollover, you can designate either interface as the primary link and if this fails it will automatically swap over to the secondary link. Three WAN failure detection modes are available as the router can execute lookups on the WAN DNS servers or one you provide yourself or you can enter an IP address that it’ll ping at preset intervals.

The traffic meter can be used to limit monthly Internet access for all connected clients on the primary broadband connection. It keeps an eye on WAN activity and can block all further access if a preset limit in MBs has been reached. You can apply limits to both directions or to downloads only, add a temporary increase to the limit and also block all traffic except email. General traffic statistics are provided and show inbound and outbound volumes in MBs and the percentage of the limit that has been consumed.

Netgear touts this router as capable of web content filtering but in reality it’s just performing URL blocking using keywords. Each LAN and wireless client can be placed in one of eight groups and access policies applied to selected groups. You create a list of keywords and then choose the groups they will be applied to. In practice it works well enough but only one keyword list is supported so you can’t use different lists for each group. The router can also block ActiveX controls, Java applets, cookies and web proxies but this is a blanket policy applied to all users.

The firewall can be customized with a variety of rules for controlling inbound and outbound traffic. These are used to block or allow specific traffic and Netgear provides an extensive list of predefined services. You can also use one of three time schedules to determine when they are active and choose from five different priorities for basic QoS (Quality of Service).

VPN support is particularly good as the price includes fifty site-to-site and mobile client tunnels. A wizard at the router makes light work of configuring either type although the confusing documentation supplied with the SafeNet client utility merely strengthens our argument that SSL-VPNs are the way to go for mobile clients.

Netgear claims the router is fully SNMP manageable although we weren’t impressed with the levels of information on offer. We tested this using Ipswitch’s excellent WhatsUp Professional SNMP monitoring software and found that we could check for general device availability and gather some information about interface utilization. However, the main problem is that Netgear has set the router’s SNMP MIB ‘ifSpeed’ value for all ports at 100Mbps. Consequently, the WhatsUp graphing tool couldn’t show any meaningful activity for the ADSL port as it thought all the interfaces were running at Fast Ethernet speeds.

Wireless security is good as you get the full range of WEP and WPA/WPA2 encryption options plus support for authentication via an external RADIUS server. Some may see the lack of wireless-n support as a drawback but we don’t consider this an issue. The 802.11n standard is still a long way from being ratified and implementing this in a business environment is still too risky. Naturally, performance is a casualty with our real world tests delivering a modest 20.4Mbps over a two metre encrypted link with a Supermicro 3.2GHz Pentium D workstation on the LAN.

”’Verdict”’

Netgear’s ProSafe DGFV338 is a tempting proposition for small businesses looking for a low cost firewall with integral ADSL modem and WAN failover facilities. IPSec VPNs are still a pain to set up and the URL filtering isn’t anything special but the wireless access point does make it look good overall value.

(centre)No setup wizards are provided but installation is aided by an auto-detect function.(/centre)—-

(centre)Connection failover is supported when both ADSL modem and WAN port are in use.(/centre)—-

(centre)Standard 802.11b/g wireless is on offer with good security measures provided.(/centre)—-

(centre)Users can be placed in different groups for content filtering but only one URL blacklist can be applied.(/centre)—-

(centre)Firewall rules can be applied to specific user groups and have one of five priorities assigned to them.(/centre)—-

Trusted Score