Netgear ProSafe FVG318 Wireless Router/Firewall/VPN
June 14, 2006
Featuring VPN, firewall and wireless access point capabilities, Netgear's FVG318 aims to find a niche somewhere between home network routers and business-class routers.
Not so long ago network routers were all rather the same, providing basic "Internet sharing" functionality. But as broadband use has become more popular for a wider variety of activities, today's routers often have specific personalities targeting one type of user or another.
Netgear's ProSafe FVG318 wireless router aims to find a niche somewhere between the typical home network and security-conscious SOHO or small business user. With a street price between $115-$120, the ProSafe costs about twice that of a garden variety router, but less than half that of full-featured "security appliances."
Out of the Box
On its rear is a single 5dBi antenna. Because it's detachable, the ProSafe is suitable for connection to a more powerful antenna. But unlike some lower priced competitors, the ProSafe does not employ any MIMO
When you first connect to the ProSafe's browser-based administration interface it doesn't require any login. A wizard offers to guide you through network setup including connecting to your broadband provider and setting up wireless security.
Like most broadband routers, the ProSafe can retrieve a DHCP-assigned
For users with dynamically assigned IP addresses, the ProSafe supports DynDNS.org, TZO.com, and Oray.net, three third-party services that can map a static domain name to your dynamic IP address.
The wireless access point
The strongest form of wireless security is encryption and here the ProSafe offers a spectrum of choices. Traditional WEP
For stronger security, the ProSafe supports both WPA
Firewalling and Filtering
The "Safe" in the ProSafe model line partly refers to its firewall and content filtering features. First and foremost, the ProSafe offers an SPI, or stateful packet inspection, firewall. The firewalls often found in less expensive routers are "dumb," meaning that they know only to block or allow certain classes of network traffic.
In contrast, an SPI
A traditional port-blocking firewall works in combination with the ProSafe's SPI awareness. You can define services based on their port and protocol, and apply rules to these services allowing or blocking them. Optionally, rules can be enforced according to a schedule, such as on weekdays or weekends.
Rules can be used to promote or demote the priority of a certain kind of traffic, known as QoS or quality of service
Compared to many other routers, including less expensive models, the ProSafe includes only a limited selection of pre-defined services. While adding custom services is not difficult, you will need to consult reference materials to find out which ports they use.
You can port forward incoming traffic to a particular LAN client, but the ProSafe does not support remapping ports or port triggering.
Besides firewalling, the ProSafe supports limited content filtering. You can block sites containing ActiveX components, Java applications and cookies, or those reached via a proxy server
However, you could setup google.com as a trusted domain, which will bypass the content filter. Similarly, you can designate a single LAN address which will bypass the filter.
The "ProSafe" name also relates to VPN, or Virtual Private Networking
The ProSafe can support VPN connections between client computers and the router, or between the router and another VPN router. It supports up to eight simultaneous tunnel connections.
VPN's can be complicated to setup. Netgear has made a strong effort to simplify the process with a setup wizard that will guide you through most typical VPN configurations. Because VPN's can vary widely, the online electronic documentation offers a series of step-by-step "recipes" for creating a variety of VPN architectures.
Netgear promotes the ProSafe's VPN as "optimized" for use with their matching "ProSafe VPN Client software" product. The VPN client, though, is not included with the router and is available as a separate purchase with a current street price between $40-$50 for a single user license.
Advanced administrators can host a VPN with the ProSafe with full control over policies and certificates.
Netgear includes some basic logging and monitoring features in the ProSafe. The router is SNMP
Most activities can be set to log, which is disabled by default. You can log attacks detected by the SPI firewall, blocked pages, administration activity, all traffic activity either within the LAN or to the Internet, and rule events.
Logs can be sent to an external syslog server and/or sent via e-mail to a specified address.
Today's routers are jacks of many trades. As a wireless access point, the ProSafe's performance rated average. Its signal strength and throughput, connected to a Netgear client card with Super G support, trailed below that of a similarly priced MIMO router.
The ProSafe's firmware presented some quirks. For example, on most routers you can see which wireless clients are currently connected. The only feature on the ProSafe that would seem to offer this data is called "Attached Devices." But the list always showed up empty, no matter how many clients wired or wireless were connected to the router.
When managing the router through its administration interface, it would occasionally hang and become unresponsive until it was power-cycled. As with many routers, chances are good that these quirks will be ironed out with future firmware upgrades, which are easily applied through the administration interface.
At a price point in between feature-filled home network routers and enterprise-class business routers, Netgear's ProSafe stands out for strong VPN support and its SPI firewall. These strengths combine with average wireless performance and somewhat limited port control and content filtering.
Story courtesy of PracticallyNetworked.