Review: Netgear VPN Firewall
The Netgear ProSafe Dual WAN Gigabit Firewall FVS336Gv2 provides excellent security, networking and remote-access features for an organization that might need more than just a simple router. It’s also ideal for a distributed environment in which a number of branch offices need to be connected for an affordable price.
The ProSafe firewall not only allows remote virtual private network access, but it gives users a choice about how they want to establish the VPN.
You can provision VPN access through either Internet Protocol Security or Secure Sockets Layer protocols. IPsec tends to be faster and more secure, but it can conflict with other firewalls and Network Address Translation rules, which is where the SSL connection comes in handy. Even if a user is at a secure site where IPsec isn’t possible, SSL may be, which will let the user tap into data and other remote tools back at the office.
What’s more, the VPN is easy to install. Simply connect to the firewall’s web front end, log in and download the VPN client directly from it. No more passing around CDs or thumb drives or trying to figure out how to configure Microsoft’s native VPN client.
The authentication can use local authentication, Remote Authentication Dial In User Service, Lightweight Directory Access Protocol or a native connection to Microsoft Windows Active Directory. Workers can use the same user name and password combinations
they regularly use to log in. How’s that for single sign-on service?
Why It Works for IT
This firewall has a lot of features for an appliance the size of an eight-port switch and that retails for just less than $250. The usual networking features you’d expect from a firewall router are there, and Dynamic Host Configuration Protocol and Domain Name Service proxy services are included to manage client networking configuration.
Quality of service for setting traffic priority and limiting bandwidth are available, which is handy for keeping any particular user from dominating available bandwidth. The FVS336Gv2 also includes a demilitarized zone (a feature that was unavailable in the first version of the product) and, of course, all the translations, firewall port rules, Simple Network Management Protocol monitoring and routing you can stomach.
But the most striking feature might be the dual WAN ports. More often than you’d like, one Internet provider or another has trouble with its network, leaving users stranded as they deal with online access withdrawal. With the Netgear ProSafe, you can connect two providers on two separate wide area network links, allowing traffic to fail over from one to the other.
Site-to-site VPN tunnels are also easy to set up. Within minutes, I had an IPsec pre-shared key tunnel set up with another firewall even though it was of a different brand. The latency along that connection was just 13 milliseconds, pretty reasonable considering the packets were being encrypted and decrypted on the fly.
It might seem odd to say, but Netgear may have included too many features. The graphical user interface — while extensive, with built-in wizards to help you along — feels somewhat cumbersome and complex. And if you aren’t a network pro, you’ll probably want to have one nearby.
Also, it’s bothersome that to install the VPN client on 64-bit client operating systems, you need to launch a 64-bit version of your browser. There are still compatibility issues with 64-bit browsers, so most people just use a 32-bit browser. ProSafe reminded me a few times that I needed to launch the 64-bit version; I knew where it was, but I wonder if most users do.
A final caveat: Make sure not to confuse the cool dual WAN capabilities with dual firewalls. Although the FVS336Gv2 protects you from WAN failure, the device can still be a single point of failure. The simplest way to protest against this is to have a spare device ready in the event of a hardware issue — and at this price, that’s not a budget-buster.