- ✓Integrated ADSL2+ modem with Annex A and B-UR2 support
- ✓Built-in 802.11g wireless access point
- ✓Dual firewall (SPI & NAT)
- ✕No Draft-N Wi-Fi support
- ✕No Gigabit Ethernet
Netgear’s latest networking product integrates everything but the kitchen sink, making it the perfect choice for small businesses looking for a single, easy-to-manage device. In fact, there’s very little this comprehensive and affordable solution doesn’t offer. Designed for business use (Netgear also offers more attractive but less feature-rich devices for consumers), the ProSafe DGFV338 combines six key functions in a single, compact package: a Stateful Packet Inspection (SPI) firewall, 802.11g wireless access point, IPSec Virtual Private Network (VPN), NAT router, 8-port 10/100 Fast Ethernet switch and built-in ADSL2+ modem.
Easy to support and extremely reliable (it rarely dropped a wireless connection in our tests), the DGFV338 delivers 10Mbps and 100Mbps (but not Gigabit) Ethernet connections for wired devices, plus 802.11b/g (2.4GHz) wireless with data transfer rates up to 108Mbps. There’s no Draft-N support, but this is hardly likely to worry businesses at the moment due to the immaturity of the standard.
More than just a simple NAT router, the DGFV338 firewall provides business-class protection, blocking unwanted users from accessing your network. Support for Wi-Fi Protected Access 2 Enterprise (WPA2) shields wireless communication with the highest available level of industry-standard encryption and authentication, and comprehensive controls block or filter unwanted addresses, services, protocols and URLs. Up to 50 simultaneous IPSec VPN connections protect links between business locations, encrypting all traffic as it traverses the internet. It’s this type of security that really differentiates the DGFV338 from typical off-the-shelf wireless routers.
The DGFV338 is also an ideal solution for telecommuters and remote offices. It is easy to set up and use, thanks to Netgear’s Smart Wizard (VPN Wizard) which helps you to connect to your ISP and establish VPN connections. Of course, as with any other broadband modem, you’ll need to have your ISP details to hand. It delivers all the advantages of centralised administration for remote offices, teleworkers and small businesses, including dynamic DNS capabilities to facilitate remote access, cameras, games and other hosted services for users with dynamic IP addresses. Providing support for ADSL2+, the DGFV338 even supports an Ethernet WAN port for failover on non-ADSL connections.
Security is a big issue for any company. For added piece of mind, the DGFV338 is one of the most secure broadband routers we’ve tested. It includes Stateful Packet Inspection (SPI) Intrusion Detection System (IDS) including logging, reporting and email alerts, address, service and protocol, URL keyword filtering, and port/service blocking. Advanced features include block Java/URL/ActiveX-based on extension and FTP/SMTP/RPC program filtering. VPN functionality includes Manual key and Internet Key Exchange Security Association (IKE SA) assignment with pre-shared key and RSA/DSA signatures, key life and IKE lifetime settings, perfect forward secrecy (Diffie-Hellman groups 1 and 2 and Oakley support), operating modes (Main, Aggressive, Quick) and fully qualified domain name (FQDN) support for dynamic IP address VPN connections.
IPSec support includes IPSec-based 56-bit (DES), 168-bit (3DES) or 256-bit (AES) encryption algorithm, MD5 or SHA-1 hashing algorithm, AH/AH-ESP support, PKI features with X.509 v.3 certificate support, remote access VPN (client-to-site), site-to-site VPN and IPSec NAT traversal (VPN pass-through). Mode of operations comprise one-to-one/many-to-one Multi-Network Address Translation (NAT), classical routing and unrestricted users per port, while IP Address Assignment includes Static IP Address Assignment, DHCP Replay, and DHCP Address Reservation.
The router offers comprehensive management features, allowing network managers to see exactly what the device is up to. The web-based administration interface supports SNMP (v2c), Secure Sockets Layer (SSL) remote management, user name and password protection, as well as secure remote management support authenticated through IP address or IP address range and password. Configuration and upgrades are also managed via the interface, allowing you to upload and download configuration settings, as well as flash the firmware. Remote management support is authenticated through IP address or IP range and password.
The VPN Wizard simplifies configuration of the VPN, allowing you to set Port Range Forwarding, Port Triggering, Exposed Host (DMZ), Enable/Disable WAN Ping, DNS Proxy, MAC Address cloning/spoofing, Network Time Protocol support, apply Keyword Content Filtering, set email alerts, manage the DHCP Server (Info and display table), and play with diagnostic tools (ping, trace route, other). Other protocols supported include PPP over Ethernet (PPPoE) and PPP over ATM (PPPoA).
Using stateful packet inspection to defend against attacks, its firewall features include DoS protection (automatically detecting and thwarting DoS attacks such as Ping of Death, SYN Flood, LAND Attack and IP Spoofing), the blocking of unwanted traffic from the internet to your LAN, as well as blocking access from your LAN to internet locations or services that you specify as off-limits. It also logs security incidents, such as blocked incoming traffic, attacks and administrator logins. You can configure the firewall to email the log to you at specified intervals. You can also configure the firewall to send immediate alert messages to your email address or email pager whenever a significant event occurs. This level of management just can’t be found on any similarly-priced product.