Netgear ProSafe VPN Firewall 25 review
Netgear’s ProSafe routers are aimed at small businesses that want more security features than low-cost consumer products can provide. The latest VPN Firewall 25, or FVS124G, adds improved access controls, WAN failover and Gigabit Ethernet to the equation.
The VPN features are the same for all ProSafe routers, with the FVS124G supporting up to 25 simultaneous tunnels. For mobile clients, you get Netgear’s ProSafe utility, which comes courtesy of SafeNet. However, note that the price includes only a single-user licence. Router installation is easy, as in most cases it can auto-discover the type of net connection on the primary WAN port. The web interface is common to most Netgear routers and is easy to use. Unlike the older ProSafe routers, the FVS124G uses another Fast Ethernet port for the secondary WAN connection, so doesn’t support dial-up modem backup.
Internet access policies can be enforced by placing LAN systems in one of eight groups and applying basic URL blocking. This sounds good but you can only create one URL keyword list and apply it to selected groups, so you can’t use different policies for each group. ActiveX controls, Java applets, cookies and web proxies can be blocked for all users, and specific systems can be declared as exempt, but that’s as far as it goes. The traffic metering comes into play if monthly limits are imposed on internet usage. You can apply a limit in megabytes to WAN usage, and if this is exceeded during the current month all further access can be blocked. The counter can be reset on a specific day of each month, and you can allow a temporary increase if the threshold is breached and also let only email continue if required.
The firewall defaults to blocking all unsolicited inbound traffic, but this can be modified with custom rules, and Netgear provides a comprehensive list of predefined services. You can block or allow specific traffic and use one of three schedules to determine when they’re active. Basic QoS can also be applied to selected services by using one of six priorities for each one. Don’t rely on the claims that the FVS124G is SNMP-manageable, though, as we tested with Ipswitch’s WhatsUp 2006 and found that the Netgear MIB provided only very basic information.
Optional anti-virus measures are available, as you can set the appliance to check that LAN clients are running Trend Micro’s OfficeScan anti-virus agent. The router can query a server running the Client/Server/Messaging Suite for SMB software and will block internet access if the client isn’t listed. It’s a good idea, but this anti-virus suite will add substantially to the overall cost.
A wizard helps create VPN policies on the router and deals with mobile clients in three easy steps. Providing you follow the manual for the ProSafe client setup, you shouldn’t have any problems. But veer away from this and you’ll soon find out how complex the process can be.
For the price, the FVS124G delivers a useful range of security features along with WAN backup. However, we found the internet access controls limited and manual VPN setup could give you nightmares.