Netgear VPN finally finds a spot in the real world
Pros:
* Price
* Performance (3DES 60MBps)
* Proven stability for simple VPN
Cons:
* Unrefined VPN client software
* Advanced features unproven
The Bottom Line:
Good for securing remote offices, but watch out for a few rough edges in here and there (see review)
|
|
Overall Rating:
|
 |
|
Author's Review
What it is:
A low-cost 1U SPI VPN Firewall/Router with dual upstream and DMZ, based on Intel XScale chip with "Cavium" 3DES processor.
Review:
(This review assumes some networking expertise)
FVX538 is one of the flagship VPN products from Netgear. It is intended for small/branch office environment that require transparent, stateful VPN connection to corporate offices and headquarters. If you are familiar with the Cisco PIX / ASA security appliances, one could see this product as a challenger to the defending champion. This up-and-comer is worth your attention for its outstanding performance/price ratio.
It has standard set of features you would expect in a home router, plus some corporate-user friendly features. To run down the hit list, it supports 200 SA's (VPN tunnels), function as DHCP, SNMP, QoS and stateful firewall. It has two upstream ports for failover or load-balancing, while on the inside it has dedicated DMZ port, one GbE port and 8 Fast Ethernet ports.
The web interface is fairly intuitive, and most of the early glitches have been worked out. It allows for what 80% of network admin would expect in a Cisco PIX in a home-router like, Web-based UI, including creation and management of VPN tunnels.
I currently use this unit for a branch office. While I cannot comment on real-world readiness of dual upstream capabilities (since we have one), the performance and stability as a simple VPN firewall has proven itself. For us this unit came in as a direct replacement to an aging Cisco PIX506E. Over a buiness-class fiber, we are seeing 60 to 80% inprovement in large file transfer over a 3DES/MD5 tunnel.
Interoperability is an important consideration when choosing this class of products. While not a statitically significant information, I have not encountered any vendor-specific interop problems with this Netgear. It has connected to Fortinet Fortigate 60B, Cisco PIX 515E, 506E without any issues.
However, the Netgear's client software is a definite minus. Restrictive licensing requirement, cumbersome interface and lack of Active Diretory readiness make it unusable to most corporate users. In our case, the Netgear secures only branch office - so this was not an issue for us; dial-up VPN goes to the headquarters that are secured by heftier gears. If you are considering this unit as a center piece in your network architecture that includes remote user, I encourage you to actually try the network client before commiting to the design.
For simple deployment scenarios, I prefer this unit over more expensive Cisco ASA's. The unit is so cheap, if you are corporate user, you can stock a whole cold spare and still beat ASA in terms of price, and any Junior-level admins can figure out this unit in reasonable time, given basic knowledge of VPN.
This reviewer has bought early VPN offerings (FVS318's) from Netgear for corporate use and took much blame for their lack of stability and performance back in 2006. However, netgear's firmware has come a long way since. As of fall 2008, with Firmware version 3.0.4-19, it is a little unit I can trust for securing a branch office.
Mwave.com
