Author: Ronald Pacchiano
Review Date: 12/14/2001

 

Model: FV318 ($799 MSRP) and FR318 ($349 MSRP)

With so many SOHO routers on the market today it can sometimes be difficult to pick the right one for you. Sometimes the easiest way to make this decision is to first get a clear understanding of what your needs are. How many users are ultimately going to need access to it? What type of connection will you be using: DSL, Cable modem or ISDN. Is the protection of a firewall important to you? What about VPN support for remote users? Many routers today will perform most of these functions. However, if you need one router that will let your small business share its DSL or Cable modem connection with up to 45 users, provides solid firewall protection and gives you the ability to configure a secure VPN tunnel to a remote office or offsite users for relatively low cost, then the Netgear FR318 and FV318 Cable/DSL Routers with integrated firewall and VPN functionality could just be what you’ve been waiting for.

Pros

  • VPN Capability
  • Detailed logging and alerts via email
  • Supports up to 45 users
  • Subscription based content filtering
  • Street prices are close to 1/2 the list price

Cons

  • VPN Client is available only through 3rd party software
  • Can’t control access or filtering by user

Setup

Getting started is straightforward. Once you’ve got PCs connected to one of the units, launch a browser and go to IP address 192.168.0.1. DHCP is enabled by default so your workstation should see the router right away (as long as it’s set to automatically obtain an IP address). Once connected, the router’s configuration wizard will start automatically.

Basic Features

 

Next choose your password and time zone. Specify your Internet connection type (Static IP, Dynamic IP, or PPPoE ), enter your Host and Domain name, restart your router and all PCs on the LAN, and you should be ready to browse the Web

in the number of VPN tunnels they provide (more on that later). Both are based on a NetARM RISC processor and provide Internet Access Sharing capability through an integrated 10/100 8-port switch. Auto-sensing ports let the unit detect your connection speed automatically and remove the need for a crossover/straight through switch. The FR318 can share your Internet connection with up to 8 users. Up to 20 users could share that same connection when using the FV318 linked to another switch. If your network needs continue to grow, both routers could be upgraded to support as many as 45 users. Again, the built-in DHCP capabilities let the router handle all of the client IP assignments.

A router is useless if it doesn’t know how to talk with other routers so the 318s support a variety of routing protocols including TCP/IP, RIP-1, RIP-2, PPPoE, and PPTP. For added security the 318s also support IPSec and Network Address Translation (NAT) routing. Encryption is key in preventing data interception and the 318’s come with a powerful set of security protocols; Digital Encryption Standard (DES), Internet Key Exchange (IKE) and Stateful Packet Inspection (SPI). SPI continuously examines incoming data packets and is pivotal in defending against Denial of Service (DoS) attacks such as Ping of Death, SYN flood attacks and Teardrop. The 318’s also supports 168-bit TripleDES (3DES), arguably one of the strongest commercially available encryption algorithms on the market today.

Small business network administrators will like the two products’ logging and reporting capabilities. The router reports on what Web sites have been visited and how much bandwidth is being used on a per service basis (HTTP, DNS, ICMP, etc.) or by IP address usage. Logs can be configured to collect data on anything from System Errors, blocked Web sites, dropped TCP connections and even network attacks. If desired, the router can notify the administrator of these events by e-mail.

Other options available are time-of-day usage limits and the ability to restrict access to Web sites of questionable content by either keyword or through the CyberNOT subscription service. Specific features like ActiveX, Java and cookies can be blocked. Blocking those components made a big difference when browsing sites associated with Web-rings. Pop up windows were noticeably decreased and made browsing the Web a much more enjoyable experience. Until recently, many of these features were only available in high-end routers.

VPN Features

One of the FV318’s most valuable features is its ability to generate a secure Virtual Private Network (VPN) tunnel with other offices or remote users to establish data connections with other offices or remote users. This is far less expensive then dedicated site-to-site leased lines. In order to protect data transmitted in this way many security protocols are built into the 318s that encrypt your data and keeps its contents hidden from unauthorized users.

Using NETGEAR Firewall’s Web browser management interface, a secure connection may be easily created between two or more sites. IKE is a protocol negotiation and key exchange protocol that is part of the IPSec protocol suite specified by the Internet Engineering Task Force (IETF). IKE allows VPNs to automatically negotiate IPSec Security Associations (SA) during the creation of a VPN tunnel. The Security Association between two systems is based on the SPI, and includes the Destination Address Range, IPSec Gateway Address, Encryption Method, Encryption Key, and Authentication Key. The FV318 can support up to 5 VPN tunnels. VPN support is limited to one tunnel on the FR318. In order to connect to a remote workstation to your VPN, you’ll need to purchase client software such as Nortel ContivityCheckpoint, or SafeNet.

Firewall Effectiveness

The routers firewalls abilities are pretty impressive for a SOHO product. We tested the firewall using some of the more well known testing sites. Gibson Research Corporation‘s Shields Up!, Port Probe and HackerWhacker.com‘s default port-probing tests and Trojan Horse test. In all of these tests, the FV318 archived impressive results. The famous “Test my Shields!” test reported that “this computer appears to be VERY SECURE since it is not exposing any of its internal NetBIOS networking protocol over the Internet.” It goes on to say that “Most Windows systems hold NetBIOS port 139 wide open to solicit connections from all passing traffic. This port has closed this dangerous port to all passersby. (Congratulations!)”

The only possible cause of concern I saw was reported by GRC‘s LeakTest which tests to see if your firewall will prevent unknown applications from making outbound connections to the Internet. According to the test, the firewall was penetrated. We’ll do some further investigating on this issue and report our findings in the next update.

WAN-Side Setup

Configuration and administration of the 318 routers takes place through a Web-based interface. The menu interface, while not incredibly attractive, is efficient and straight forward. Installation of our FV318 was incredibly simple. We plugged our cable modem into the WAN port, attached our workstations and servers to the LAN ports, pointed our browsers to its default IP address (192.168.0.1) and supplied the information requested by the installation wizard. We rebooted our workstations and server and we were online.

After that, maintenance and administration is simply point and click. We learned that a firmware update was available for our router which was necessary for 3DES encryption. We downloaded the file, logged in to the router and pointed it to our download folder. It took about a minute and half to upload the new firmware. When finished we simply restarted the router and 3DES encryption was now available.

Performance

We ran the standard Qcheck suite to test performance, with the following results:

Test Description

Qcheck Transfer Rate (Mbps)

[1MB data size]

Qcheck Response Time (msec)
[10 iterations 100byte data size]

Qcheck UDP stream
[10 seconds at 500Kbps]

(Actual throughput- kbps)

(Lost data- %)

WAN to LAN

7.055

2ms

498.8

 0%

LAN to WAN6.8384ms499.7.2%

(Details of how we tested can be found here.)

Summary

The NETGEAR Cable/DSL VPN Routers are both easy to install, configure and administrator. Most of the features can be setup by a person with a moderate amount of networking experience. As you network needs grow, these routers will grow with you. So if you need a low-cost switch, Internet access sharing capabilities and the security that comes from a real firewall, give these routers a try.