Author: Tim Higgins
Review Date: 3/12/2001

Model: FR314

Pros:

– Fast, stateful inspection firewall, with full browser
administration
– Detailed logging and alerts via email
– Built-in four port 10/100 switch

Cons :

– Base model supports only 8 clients
– No remote administration
– Can’t control access or filtering by user
Review Updates2/6/02 – New Firmware 6.2.2.0 zip file.

 

The Basics

Indicators
  • Power

  • Internet Activity

  • Internet Link

  • Test

  • 4 LAN Link/Activity, 100

Connectors
  • One RJ45 10BaseT for the WAN

  • Four switched RJ45 auto sensing 10/100BaseT LAN

  • Power

Comes with
  • printed Installation Guide “poster”

  • resource CD with PDF manual and apps notes

  • one normal UTP cable

  • 120VAC Power supply

Other
  • Has factory-default Reset switch

  • Has Uplink switch

 

Introduction

Those of you who follow the inexpensive router market know that NETGEAR tapped SonicWall last Fall (instead of ZyXEL) as their development partner for their new router line.  The FR314 is the first fruit of their joint labors and although it’s not a SOHO2 for $250, it does have many of the features that have made SonicWall one of the most highly regarded routers available.

 

Setting up

Most of the FR314’s network setup can be done from one screen.  Unlike the SonicWall products, the 314 comes with its LAN DHCP server enabled, so all you need to do is connect a computer whose TCP/IP is set to obtain its IP info automatically and you should be able to log right into the admin pages at 192.168.0.1.

Most users will find all they need in the 314’s setup capabilities, but there are some things you should know about, as detailed below:

  • The FR314 can handle single Static IP, single dynamic IP, or PPPoE WAN connections.

  • It does not have any special support for RoadRunner TAS login

  • It does not handle WAN Mac address cloning or changing (MediaOne and other MAC address authenticated users should note that the router serial number on the General > Status page is its WAN MAC address.)

  • You can enter Domain and Host Names, for @Home setup, but the Host Name naming ability goes away if you use the NAT with Fixed Address Network Addressing Mode

  • The base 314 supports 8 users maximum. An 8 to 20 user upgrade is available for $79, and a 20 to 45 user upgrade will cost you an additional $99. (See this SonicWall Tech Note that describes how the number of “users” is counted.)

 

Feature set

The FR314 has an impressive list of features.   But before we dig into what you get, let’s take a look at what you’ll be missing:

  • DMZ:
    Also known as “default server” in some routers, this feature allows you to place one LAN computer completely outside the router firewall.  You won’t find this feature in the FR314, due to its SonicWall heritage.

  • WAN address “loopback”:
    If you have LAN based servers that you set as Public servers, you’ll have to reach them via their private LAN IP address from LAN side machines.

The 314 also doesn’t have any of the SOHO’s “Advanced Features” that are detailed on this page.

With that out of the way, let’s look at what the 314 does give you!

Filtering (or Content Controls): 

The FR314 has quite an array of Content filtering features.  Here’s the list:

  • You can individually choose to block ActiveX, Java applets, Cookies, or access to WAN based Proxy servers

  • You can have the filtering active only during a certain time of the day (just one range) and certain days of the week (one range), or all the time

  • You can enter lists of “Trusted” and “Forbidden” domains

  • You can enter a list of keywords to filter.  If the keyword is contained in a URL, access to the site will be blocked.

  • You can subscribe to CyberPatrol’s CyberNOT content filter list for 6 months ($49) or 12 months ($99) and set the FR314 to update the list automatically once a week (or manually download the list).

Note that these content filters apply to all users.  Unlike the SOHO, you can’t establish lists of users with different privileges.

Access Controls: The 314’s Access page presents you with a list of common services that you can allow or block, just by checking or unchecking a box.  You can also quickly set up a “Public LAN Server” just by entering the server’s IP address.

If you don’t see the service you need, you can add a service, specifying TCP, UDP, or ICMP protocol and the port or range of ports the service uses.  NETGEAR even gives you a list of predefined popular services you can choose from.

We’re not done yet!

Logging and Reports

As described on our “How Firewalls Work” page, all NAT based routers perform some sort of “stateful Inspection”.  The difference in NAT firewalls is how much inspection they do, and the FR314 brings SonicWall’s expertise in this area to bear on the problem.

The FR314 duplicates most of the SOHO’s extensive logging capabilities, which are detailed in the SOHO review.  The 314 supports the emailing of logs and alerts and selection of what to filter.  I especially like the fact that the log alert messages are clear and even identify the type of attack instead of just giving you a port number to puzzle out. Some messages are hyperlinked to the 314’s built-in log file, which contains an explanation of the attack that’s logged!  You can also view the log via the admin pages (see screen shot below), sort it by date/time, clear it, or force it to be mailed to you.

The main omission in the 314’s logging is that logging to a syslog daemon isn’t supported.

Reports are running summaries of certain types of activities. The 314 does not keep a detailed “traffic” log, but instead, performs three rolling analyses, which can be viewed, but not emailed:

– Top 25 Most Accessed Web sites
– Top 25 Bandwidth users by IP address
– Top 25 Bandwidth consumers by service (Port and Protocol)

These reports will give you a quick idea of where your bandwidth is going.  You can enable and disable data collection and clear the accumulated data, but can’t save it.

 

VPN

The 314 supports IPsec and PPTP pass-thru from LAN clients.  Only one IPsec session is supported, but multiple PPTP sessions can be supported. No details were available on whether you can connect multiple clients per VPN termination (server).  NETGEAR also says that you can access either a PPTP or IPsec server on the LAN side of the router, too (provided you open the required ports).  (See our VPN help section for more info.)

 

What else is there?

The FR314 has a number of features that don’t fit neatly into one of the previous categories of this review, so I’ll once again use my favorite review shortcut: The List:

  • You can restart the box from the Management Interface as well as from a button on the back of the box

  • You can Import and Export router settings (to make it easy to restore your settings after a firmware upgrade), or reset them to factory defaults

  • Firmware upgrading is done via a browser Java applet that worked just fine with my Netscape 4.5 browser.  You have to download the firmware file to a machine on your LAN first, however. You can also ask to be notified when new firmware is available

  • You have five built-in Diagnostic tools including DNS lookup, Traceroute, Ping, Packet Trace, and “Tech Support Report” that will dump a file that can help NETGEAR engineers help you debug problems with your router.

  • There’s a full featured LAN DHCP server, which you can control pretty much everything on, including Lease time and reserving IPs according to MAC address.  You can also shut it off!  The DHCP Status screen shows you all active IP to MAC address bindings. You can’t, however, manually end a DHCP lease.

 

Router Performance

I ran the Qcheck test suite on the FR314 and got the results below:

[Tests run with Ver 6.0.0.0b15 firmware]

Test Description

Qcheck Transfer Rate (Mbps)

[1Mbyte data size]

Qcheck Response Time (msec)
[10 iterations 100byte data size]

Qcheck UDP stream
[10S@500Kbps]

(Actual throughput- kbps)

(Lost data- %)

WAN-LAN

4.7

4 avg.
9 max.

499

0%

LAN-WAN

1.7

4 avg.
22 max.

495

5%

(Details of how we tested can be found here.)

Comments: The poor LAN-WAN throughput could be due to the firewall processing.  This would only affect you if you were trying to access servers located on your LAN.

NOTE: NETGEAR’s testing showed approximately equal speed for both WAN-LAN and LAN-WAN transfers.  I double checked my test setup and still got the lower LAN-WAN speed, however.  If we resolve the difference in testing, I’ll update the review.

 

Summary

In my mind, NETGEAR has established a new price-performance point for consumer routers.  SonicWall has always had the richest feature set and most friendly user Interface of this class of routers, but they’ve always commanded a price that made many prospective buyers seek less expensive solutions.  With the FR314, NETGEAR brings you most of the key features of a SonicWall SOHO2, throws in a four port 10/100 switch, and prices it to move with a street price about half the SOHO2’s price!

My main gripes are the inability to control the Content Filter and Access Control features on a user-by-user (or group of users) basis (which NETGEAR says they’re planning for a future firmware release), and the omission of the Network Anti-Virus feature that’s available on the SonicWalls.  Even though Network Anti-Virus is a pay-for option, I think that automatically ensuring that up-to-date anti-Virus protection is installed and working on all subscribed LAN machines is more useful to the average user than a stateful inspection firewall!

So if you’re looking for a $100 router, then keep looking!  But if you’re looking for a fast, full-featured router with a robust stateful inspection firewall at an attractive price, then look no further!