April 28th, 2015 by Lyle Smith
Netgear ProSAFE FVS336G VPN Firewall Review
The Netgear ProSAFE FVS336G is a VPN Firewall designed specifically for remote offices, branch offices, and telecommuters offering secure network access to headquarter locations. The FVS336G provides businesses with an extensive feature-set including Stateful Packet Inspection (SPI), multiple VPN pass-throughs , Network Address Translation (NAT), AES, and 3DES Encryption, Denial of Service (DoS) protection and more. It also offers protection against DoS attacks and unwanted traffic as well as SYSLOG, and SNMP, which allow for detailed network monitoring.
The Netgear ProSAFE VPN firewall also comes equipped with various web content filtering options, browsing activity reporting, and instant alerts, all of which can be sent through email. In addition, Network administrators can setup access policies depending on the time of day, specific website addresses, and address keywords.
On the hardware side of things, the FVS336G sports two gigabit Ethernet WAN ports for load balancing and failover protection for Internet connections, which allows for enhanced data rate and increased overall reliability. In addition, the ProSAFE Firewall includes a built-in four-port gigabit Ethernet LAN switch for fast data transfer between local network resources with the ability to support upwards of 200,000 internal or external connections.
Netgear ProSAFE FVS336G VPN Firewall is priced at roughly $163 and is backed by Netgear's ProSAFE limited lifetime warranty.
Netgear ProSAFE VPN Firewall FVS336G Specifications
- Product Number: FVS336G
- Gigabit Ports WAN/LAN: 2/4
- DMZ Interfaces (Configurable): 1
- Wireless: n/a
- IPv6 Support: Yes
- LAN-to-WAN Throughput: 350 Mbps
- IPsec VPN (3DES) Throughput: 78 Mbps
- SSL VPN Throughput: 14 Mbps
- Maximum Concurrent Connections: 10,000
- Maximum Number of VLANs: 254
- Dedicated IPsec VPN Tunnels: 25
- Dedicated SSL VPN Tunnels: 10
- IPsec VPN
- SSL VPN
- L2TP, PPTP Server
- VPN Pass Through: IPsec, PPTP, L2TP
- User Authentication for VPN: Active Directory, LDAP, Radius, WIKID, MIAS, NT Domain, Local User Database
- Stateful Packet Inspection Firewall
- WAN Modes: NAT, Classical Routing
- ISP Address Assignment: DHCP, Static IP Assignment, PPPoE, PPTP
- NAT Modes: 1-1, NAT, PAT
- DHCP: Static, Dynamic, RIPv1, RIPv2
- Routing: DHCP Server, DHCP Relay
- DDNS: DynDNS.org, TZO.com, Oray.net, 3322.org
- Bandwidth Profiles
- Content Filtering (HTTP Only)
- WAN Fail-over
Design and build
The ProSAFE FVS336G has the same look and feel as other Netgear products, with its simple grey design and metal enclosure. The device also feels very sturdy when placed on the ground or on a desk and very rugged when we handle it.
The top panel of the VPN firewall is branded with the NETGEAR Prosafe logo as well as the product name. On the front of the device are four LAN Gigabit Ethernet ports and two WAN Ethernet ports with RJ-45 connectors, both of which feature switched N-way automatic speed negotiating and Auto MDI/MDIX. Each port has two LEDs located just above the connector. The left LED indicates a link with a connected Ethernet device, receiving/transmitting data, or if there is no link present. The right LEDs tells users whether the LAN/WAN port is operating with 1000, 100, or 10 Mbps. Also located on the front are the DMZ, Power, and Test LEDs.
When looking at the back panel, you will see a console port used for connecting to an optional console terminal, a factory defaults reset button to reset the VPN firewall to factory default settings, a cable security lock receptacle, and a AC power receptacle (12V, 1.5A). The product label, which is located on the bottom of the ProSAFE FVS336G, shows factory default settings, regulatory compliance, and other information the user may need to know.
Installing a VPN firewall can be a lot of work; however, the ProSAFE FVS336G can be up and running, configured, and operating fairly quickly due to Netgear’s feature set to simplify installation and management as well as the availability of extensive documentation. Some of these features include: Auto-detection of ISP, which automatically senses the type of Internet connection; the IPSec VPN Wizard, which allows users to easily configure IPSec VPN tunnels according to the recommendations of the Virtual Private Network Consortium (VPNC); and SNMP, which allows the FVS336G to support the Simple Network Management Protocol (SNMP) for monitoring and managing log resources from an SNMP-compliant system manager.
The VPN firewall is specifically designed for use in an office environment in both freestanding mode or mounted into a 19-inch equipment rack (it comes with a 1U rack-mounting kit), allowing it to be placed almost anywhere in the office. Once you have the VPN firewall installed on your network (by connecting the cables and restarting your network), you can connect to and configure the Netgear device via an Internet browser. We used the FVS336G for remote access to our lab.
The web management interface consists of a variety of useful configuration tools including, network configuration, security, VPN, users, administration, monitoring, and web support with menus that are organized in a layered structure of main categories and submenus.
The Router Status screen provides status and usage information, including the firmware version in the System Info section, which will change to reflect any new version that is installed. This is also the first page that is displayed when you log into the ProSafe VPN Firewall. In addition, LAN IPv4 and IPv6 information will be displayed here.
In the WAN Mod option tab, users can choose either NAT or classical routing, the latter which allows the VPN router to perform routing though without NAT. In order to have Internet access, all computers on your LAN network must have a valid static Internet IP address.
The dual WAN ports of the ProSafe VPN firewall can also be configured as auto-rollover (which allows for increased system reliability) or load balancing (which gives maximum bandwidth efficiency by managing the outbound traffic equally among the functional WAN interfaces). One port can also be disabled.
The Remote Management page allows an administrator with Internet access to configure, upgrade, and check the status of the VPN firewall. Once enabled, users must simply configure the external IP addresses that need to connect. To allow access from any IP address on the Internet, users will choose the ‘Everyone’ option, while ‘IP Address Range’ will be used if a range of IP addresses needs access. It should be noted that users are required to be logged in locally to enable this feature.
The QoS page determines the quality of that service for the traffic passing through the VPN firewall. The Netgear ProSAFE FVS336G VPN Firewall supports numerous QoS profiles for each WAN interface. Users have the ability to assign profiles to services including HTTP, FTP, and DNS and to LAN groups or IP addresses. These QoS profiles administer either rate control with bandwidth allocation or priority queue control with the following configurable options:
- QoS Type: The profile type, which is either Rate Control or Priority.
- Interface Name: Which WAN interface the profile applies to.
- Service: Which service the profile applies to.
- Direction: Which WAN direction the profile applies to (inbound, outbound, or both).
- Rate: The bandwidth rate in Kbps, or the priority.
- Hosts: The IP address, IP addresses, or group to which the rate control profile applies.
- Action: The Edit table button gives access to the Edit QoS screen.
Small businesses often overlook the importance of firewalls, particularly when workers are connecting to their headquarters from location outside the network. It’s fairly common, even nowadays, for these smaller organizations to be unaware of the benefits of a specially designed device and what it can offer in terms of security. The Netgear ProSAFE FVS336G VPN Firewall is built to make this transition seamless with its straightforward installation, all the while offering business with a plethora of useful features.
We found the Netgear ProSAFE FVS336G VPN firewall easy to setup and its performance to be very good. The performance was the same high quality we’ve seen and come to expect from the other Netgear ProSAFE devices we use around the lab. It has a rugged design and it can easily be hidden away without intruding into visible workspace. Offering more features than a traditional router, the ProSAFE FVS336G fits well into SOHO or SMB locations, or in our case worked perfectly at home to prioritize traffic into the lab for remote management activities.
- Easy to setup and use
- Great performance
- WAN load balancing for high-performance applications
- Mild learning curve required compared to a home router
The Bottom Line
The Netgear ProSAFE FVS336G is a VPN firewall that works well and is ideal for small businesses and remote offices.