- Review Price: £117.00
Netgear is undoubtedly best know for its consumer networking products but its ProSafe router lineup aims to provide businesses with that little bit more in terms of features and security options. The VPN Firewall 50, or FVS338, offers the usual SPI/NAT firewalling and protection from DoS attacks but augments these with Internet failover and VPN support for up to fifty mobile clients. Netgear has also done a deal with Trend Micro to incorporate optional anti-virus and anti-spam measures.
The router provides eight Fast Ethernet ports for LAN connections and a single RJ-45 WAN port for adding a suitable broadband device. The web management interface design is common to all Netgear routers and consequently is very easy to use. For WAN failover to function you connect a standard modem to the appliance’s serial port and enter your ISP dial-up account details. The appliance checks for WAN failures by running a DNS lookup on a specific host or a Ping to an IP address and if it receives no response after so many seconds and a specified number of times it will automatically fire up the backup link. We tested this with a basic 56K modem and after disconnecting our ADSL modem found the backup link sprung into life after four DNS lookup failures.
The traffic meter feature could prove useful if your ISP places a monthly limit on your Internet usage and charges if you go above this. It keeps an eye on all WAN activity and can block all further access if a preset limit in Megabytes has been reached. You can add a temporary increase to the limit and also block all traffic except email. General traffic statistics are provided along with a table showing the amount in megabytes of web and email traffic as well.
Initially, security options look more interesting as you can place your LAN users in one of eight groups and apply an Internet access policy to each one. All systems along with their IP and MAC addresses are listed so you can easily select each one and add them to a group using the drop-down menu alongside. All ActiveX controls, Java applets, cookies and Web proxies can be blocked for all users and for each group you can set up a URL list and apply blocking to selected groups. However, only one URL list can be created and this is applied to all selected groups so you can’t have different lists for each group.
The firewall can be customized with extra rules for inbound and outbound traffic and Netgear provides an extensive list of predefined services. Rules can block or allow specific traffic and you can use one of three schedules to determine when they are active. One of six priorities can also be applied to selected services allowing rudimentary QoS (Quality of Service) to be implemented.
Netgear makes a big deal about this appliance being fully SNMP manageable although the level of information available is minimal. Using Ipswitch’s WhatsUp Professional 2006 monitoring software we were able to discover the device but Netgear’s SNMP MIB doesn’t allow you to monitor all network interfaces. All we were able to do was check for general device availability using Ping and monitor the WAN port and the LAN IP address of the unit. Even here, no utilization information was forthcoming and the appliance couldn’t even provide details of the negotiated interface speeds.
VPNs are high on the menu with support for fifty tunnels between other routers and remote clients. The client VPN setup routine is by the numbers as a wizard configures the router in three easy steps and a guide is provided for setting up the remote client utility to connect to the default policies. The biggest problem with IPSec VPNs is their inherent complexity and while Netgear’s quick start method is easy enough to use you won’t be so lucky when it comes to manual configuration as the process is overly complicated.
Netgear’s partnership with Trend Micro enables you to optionally use the appliance to ensure users are running the latter’s OfficeScan anti-virus agent on their desktops. It works with Trend’s latest Client/Server/Messaging Suite for SMB software and enables you to block Internet access to unprotected systems. The router has a single entry in its management interface for this option where you provide network details of the system running the anti-virus server components. It’s a good idea that increases the effectiveness of the router although we weren’t impressed with the fact that Netgear neither discusses this component in its documentation nor offers any support for it making it more of a token gesture than a serious attempt to deliver a complete UTM (Unified Threat Management) solution. It’ll also add significantly to the overall cost with a ten user license costing around twice as much as the appliance itself.
This little router offers plenty of security features which include WAN failover, Internet traffic controls and optional anti-virus enforcement. However, on closer inspection a number of features don’t look so sophisticated, the Trend Micro option will add significantly to the price and IPSec VPNs are still a pig to set up.
Add an analogue or ISDN modem to the serial port and the router will activate it if the broadband link goes down
Basic URL blocking features are provided and the list can be applied to specific groups of users
The client utility comes courtesy of SafeNet and is also the same as that used by 3Com and SonicWALL.
The easiest way to set up VPN clients is to use the wizard and help file for the ProSafe client software
Go for the optional Trend Micro network anti-virus software and Netgear can enforce its use on the LAN