VPN Features

One of the FV318's most valuable features is its ability to generate a secure Virtual Private Network (VPN) tunnel with other offices or remote users to establish data connections with other offices or remote users. This is far less expensive then dedicated site-to-site leased lines. In order to protect data transmitted in this way many security protocols are built into the 318s that encrypt your data and keeps its contents hidden from unauthorized users.

Using NETGEAR Firewall's Web browser management interface, a secure connection may be easily created between two or more sites. IKE is a protocol negotiation and key exchange protocol that is part of the IPSec protocol suite specified by the Internet Engineering Task Force (IETF). IKE allows VPNs to automatically negotiate IPSec Security Associations (SA) during the creation of a VPN tunnel. The Security Association between two systems is based on the SPI, and includes the Destination Address Range, IPSec Gateway Address, Encryption Method, Encryption Key, and Authentication Key. The FV318 can support up to 5 VPN tunnels. VPN support is limited to one tunnel on the FR318. In order to connect to a remote workstation to your VPN, you'll need to purchase client software such as Nortel Contivity, Checkpoint, or SafeNet.

Firewall Effectiveness

The routers firewalls abilities are pretty impressive for a SOHO product. We tested the firewall using some of the more well known testing sites. Gibson Research Corporation's Shields Up!, Port Probe and HackerWhacker.com's default port-probing tests and Trojan Horse test. In all of these tests, the FV318 archived impressive results. The famous "Test my Shields!" test reported that "this computer appears to be VERY SECURE since it is not exposing any of its internal NetBIOS networking protocol over the Internet." It goes on to say that "Most Windows systems hold NetBIOS port 139 wide open to solicit connections from all passing traffic. This port has closed this dangerous port to all passersby. (Congratulations!)"

The only possible cause of concern I saw was reported by GRC's LeakTest which tests to see if your firewall will prevent unknown applications from making outbound connections to the Internet. According to the test, the firewall was penetrated. We'll do some further investigating on this issue and report our findings in the next update.

WAN-Side Setup

Configuration and administration of the 318 routers takes place through a Web-based interface. The menu interface, while not incredibly attractive, is efficient and straight forward. Installation of our FV318 was incredibly simple. We plugged our cable modem into the WAN port, attached our workstations and servers to the LAN ports, pointed our browsers to its default IP address (192.168.0.1) and supplied the information requested by the installation wizard. We rebooted our workstations and server and we were online.

After that, maintenance and administration is simply point and click. We learned that a firmware update was available for our router which was necessary for 3DES encryption. We downloaded the file, logged in to the router and pointed it to our download folder. It took about a minute and half to upload the new firmware. When finished we simply restarted the router and 3DES encryption was now available.

Performance

We ran the standard Qcheck suite to test performance, with the following results:

(Details of how we tested can be found here.) 

Summary

The NETGEAR Cable/DSL VPN Routers are both easy to install, configure and administrator. Most of the features can be setup by a person with a moderate amount of networking experience. As you network needs grow, these routers will grow with you. So if you need a low-cost switch, Internet access sharing capabilities and the security that comes from a real firewall, give these routers a try.