Netgear FVS318NA VPN Firewall Router with 8-Port Switch

Cable/DSL ProSafe VPN Firewall with 8 Port Router

Want the utmost in network security for your office? Netgear's FVS318 ProSafe VPN firewall provides business-class protection at a NAT router price. This completely equipped, broadband-capable Virtual Private Network (VPN) firewall is a true firewall and provides it all--Denial of Service protection and intrusion detection using Stateful Packet Inspection (SPI), URL access and content filtering, logging, reporting, and real-time alerts. Up to 253 users can access your broadband connection at the same time.

The router's Smart Wizard connects to your ISP quickly; the easy-to-use Web-based configuration screen and install assistant reduce setup time. Remote administration capability makes connecting to multiple sites a breeze.

Make a VPN connection to other FVS318 routers or through client software. Support for DHCP (client and server) as well as Point-to-Point Protocol over Ethernet (PPPoE) allows for easy, widespread deployment. The router initiates up to eight IPSec VPN tunnels simultaneously, allowing for secured connections to branch offices and an on-the-go mobile workforce.

1 Best Router Going, but worse technical support.
Tech support unable to answer even easy questions. I asked about some rules setting, he hesitated then asked me what I needed rules for! Why do I need a router! I hung up. However there is an awful lot to like;
Anyhow the thing I really loved about NetGear are as follows:
a. 5 year warranty vs1
b. SPI capable on most models.
c. One of the few Router companies that discloses to the end user the make and model as well as
the speed of the routers CPU.
d. One of the few manufacturers that has most of their routers certified with either the ICSA and
or the VPN compatibility testers.
e. metal case instead of plastic.
f. So much more ways to tweak many various settings vs other manufacturers.
So even though I just got my new NetGear FVS318 version 3 only 3 hours ago I see a lot to like.

2 netgear proves again it's tops
I hate to buy something and then learn you need to jump through hoops to install it and have it work right. I don't want to spend two months - as I did with another brand, finally to give up and buy a netgear. I bought a cheaper version of netgear's router and loved it. But after nearly two years it just died. Too cheap to fix, so I went to replace. I could have replaced with the same version for about half the price, but I liked the stronger firewalls, the closed ports on this one.

I am very computer literate and teach at a computer help "desk". I cannot recommend netgear products high enough for their sheer simplicity. Anyone can install a netgear router. They are plug in and virtually go with no problems what so ever.

I am very please with 8 ports, instead of the four, love the easy of installing, and am one happy netgear customer - for the second time.

3 Version 2 and 3 both work very nicely
I had originally purchased a version 2, not knowing that there was a new and improved one in the works. So I took mine back after a day or so of use and was able to find a version 3 within a week at the same store I purchased the V2 from. My overall impressions are that for the home user version 2 is just as good as version 3. I see no performance difference between the 2. But all I do is network a couple of PCs at home and use it for security. For business applications I think the new processor and increased speed thru the wan port of the version 3 is a definate plus. Both V2 and V3 improved the speed of my internet access. I was using an old Linksys BEFSR41 before and I did see a speed difference. The firewall seems to work well. I have had no problems with this unit and find it to be well worth the money. I like it better than the new Linksys stuff. Since Linksys has partnered with Cisco their products have taken a bad turn, in my opinion. I have worked on several of the new Linksys firewall units (wired and wireless) and have found them to be not as user friendly as the older units. Since the cost is close between the 2 I would go with Netgear, just in case you are torn between the 2. Netgear just seems to be more user friendly and I do believe they are just as reliable as any other products on the market.

4 This is Version 2, Not 3
I bought this for the hardware firewall. I got version 2, not 3. Amazon and (Amazon vendor) J&R listings did not indicate version.

I use it for two networked PC's and the firewall: no more, no less.

5 Everythings not included, expect to pay more
Box is misleading, although you can support 8 VPN clients the client software is extra. Expect to pay another $45 for one license and $130 for five. Input a complex password; ended up getting locked out several times, have to reset w/ a button on the switch and reconfigure. Letters and numbers work fine. So far the rest seems good. Should protect your always on connections.

6 Easy to Configure - Strong Protection
Had this for less than fifteen minutes and it was up and running with minimal effort. It gives you strong protection capability, with lots of options to configure and change as to whatever you desire. In the first day of operation, my DSL connection was protected against a handful of probes for open ports. I can't recommend this product highly enough.

7 Work great for the price - not for newbies
This device works great and has been the best of it's kind I've used for the price range. I currently access about 6 of these devices using SofteRemoteLT on a daily basis and I am very pleased with the performance. The VPN is rock solid and great for running terminal services over. If you are looking to send files over your VPN, I only got about a 6Mbps throughput rate when I used Chariot and 3DES to test it in my lab (my Linksys BEFSX41 got about 16Mbps).

For a few of my clients I've even set up "static" tunnels using the FVS318 and Linksys BEFSX41's as "clients". The performance is fantastic and it is the configuration I recommend for people connecting to the office from home. Using DDNS on both the FVS318 and the BEFSX41 work great for dynamic connections.

As for people having connections drop or trouble routing traffic to internal networks, I suggest they read up on how to properly set their key lifetime and learn how to setup static routes. It is also important to realize that you have to have each network on a different subnet in order to route traffic successfully :/ As for those having trouble with port forwarding, I suggest you RTFM. Regardless of your troubles, there are plenty of resources on the web to help you set up rock solid VPN regardless of the make or model.

My only criticism is that the latest firmware v2.4 seems to be a little buggy when using PPPoE. If you connect to a DSL provider using PPPoE I would either downgrade to firmware v2.3 or look for another solution. If you have a DSL provider that doesn't use PPPoE, then enjoy!

HTH

-----
Update January 2005: The newer Cisco BEFSX41's are utter junk! Of the three Cisco co-branded BEFSX41's I've installed, none have worked well or at all. I no longer recommend using a BEFSX41 for anything other than target practice ;)

8 BUY SOMETHING ELSE!!!
This router may appear to work fine, but I assure you it is a momentary occurrence. It will spontaneously reboot, interrupting your connection, eventually completely preventing any connection as it cycles through a reboot process continuously. Sometimes this will happen immediately, sometimes after a year or two of working perfectly. Netgear will send you a replacement router if the hardware doesn't work (which is what this problem is). However, they can send you one that has the same problem, since this issue has never been fixed by them. Before you consider, do a web search of this model and "spontaneous reboot" you'll see many have had this problem, and the final resolution seems to be purchasing a competitor's router. Save yourself the aggravation. Not to mention the aggravation of an inept and unreliable tech support staff based in India.

9 A great product for an advanced home user!
Hello -

I see that there are a mix of reviews, so I'll try to put my angle in perspective.

I am an advanced home user in the respect that I am pretty knowledgeable about basic networking and have a basic lab at home with three PCs.

Anyway, my needs are strictly limited to (1) providing the most security for my PCs and (2) allowing the networked PCs to see each other when needed.

The FVS318 is one of the few Netgear products that passes the GRC.COM and symantec.com security scans. No ports open and no responses - total stealth according to those scans. That is important because I have a cable connection and leave my machines running 24x7.

The router has been very stable. I don't think I've ever had to reboot it in the past year.

Most of the newer Netgear products are very poor but this one is still great.

10 DONT BUY it is Shameful garbage, as all of Netgear
This piece of technology has miserably died after endless problems with firmware, connectivity, security and so on. Netgear is low end trash manufacturer that only good for writing right words on the side of their boxes.
As result of my experience of communicating with their laughable "technical support" it would be nice if they will learn the meaning of those words!
It is Idia-China-no-speaka-in-Inglesh company.

11 Customer = = Beta Tester
I purchased a FVS 318 on March 2004. FVS 318's administrative interface allowed me to change HTTP port forwarded traffic from web server `A' to web server `B'. However, FVS 318 never implemented these changes I made within the administrative port forwarding interface. FVS 318 continued to forward traffic to web server `A'. Nothing short of resetting factory settings would allow me to reconfigure HTTP port forwarding. Not acceptable for a small business.

Netgear technical support (located in India) was ineffectual. Both support technicians were clueless regarding Web Services, HTTP Headers, and DNS. After 45 minutes I was told the firmware on my recently purchased FVS 318 router was two versions behind the latest 2.4 version. Neither support technician could confirm a firmware upgrade would resolve bugs regarding reconfiguration changes to HTTP port forwarding.

Fortunately, once FVS 318 was operating the latest 2.4 version firmware, HTTP port forwarding could easily be modified.

I have lost faith in Netgear. Netgear appears to sell products which are not fully quality tested. Given my difficulty with port forwarding, I can only imagine the bugs awaiting my implementation of VPN and/or Network Printing.

I choose to spend my money on a Cisco SOHO 90 series router.

In the future I will give greater credence ti other customer reviews. (reviews not written by Netgear representatives)

12 This is NOT a VPN router!
First I'll state for the price the fvs318 appears to be an excellent value, however the devil is in the details.

I guess you could say: "You get what you pay for...maybe not even that".

The requirement that this appliance should satisfy but does NOT is the following:

Network setup:
Site 1: Home office example: simple local setup 1 flat Ethernet segment, access to internet.

Site 2: Enterprise main office: Multiple subnets which is a very common setup, access to the internet.

Problem:
The Problem with the FVS318 (likely in all safenet products ) is that any users on Site1 of the vpn are not able to reach any reachable IP addresses not directly connected to the (site 2) enterprise FVS318. If there are any subnets beyond that the packets are denied transport by the FVS318 (on both sides).

Technically there is no reason for this restriction; I can only hope it was the suggestion of a clueless sales droid to sell more hardware.

I was unable to locate publicly any available documentation that explains the critical restriction.
The reason I know this is that NetGear support stated that I should've known this before purchase. When I responded with: "There is no publicly available info on this restriction", he attempted to find it in the public domain and NetGear's site, but admitted it wasn't available.

To add to this insult, Netgear's Level 2 support suggested that I call their premium support (pay support) that they may have a work around.

The disappointing experience I had with NetGear support I suspect is not uncommon.

At this point I'll declare success if I can return the netgear equipment and get my $$ back. However Netgear support will not even admit that this issue is a reason to return the equipment for a refund.

I have other complaints about the box from a reporting perspective and limited port forward sessions (limited to 16) , along with not being able to re-map an incoming port to a separate private port but these complaints pale in comparison to the obvious technical oversight explained above.

Executive Summary: If you have a simple home setup with 1 flat ethernet segment on both ends the fvs318 is fine. However, if you ever expect to have another routable segment on either end of the network (most commonly found with enterprise networks ) you should save yourself the time and frustration. Rely on 3Com (3cr856-95 nice competing product) or SSH or encrypted GRE. Do NOT consider this box for one moment if you expect anything more than a secure connection between Joes-Home-Network with Johns-home-network.

I hope this helps.

dwd

13 Great hardware - Stick to another Clientware though
For the money, you cannot beat this product, however, when setting up the remote VPN clients Netgear will gouge you for every dollar you have (Fee-based support for VPN05L). The tech support for the FVS318 was free and helpful as far as general setup/firewall/routing but Netgear's VPN Client is just SafeNet v10.0, the config files they send you (.spd) are bunk and the instructions for the VPN client are worthless. SafeNet has the correct support files for connecting to a FVS318.

14 Great router but $$$ for VPN client may be required
Beware that the native 9x/Me/NT VPN client will not work at all as they don't support IPSpec. The 2K/XP VPN client will ONLY work from a static IP address to a static IP. If you are connecting from a dynamic IP such as a dial up you will need to purchase additional software such as Netscreen-Remote or SafeNet. Hint: Netscreen is much cheaper!<...

15 Unbelievable price for this feature set!!
This is an awesome deal, as it costs less than buying just the Safenet VPN client software alone, and also give firewall protection to the client(s.) It can act as a VPN server, supports AES, and uses a hardware co-processor. We have been buying them like crazy for all of our clients with VPN needs. We were using Sonicwall, but they have really tight limits on the number of nodes you can have, etc (to get a comparable device from them, at a few hundred dollars, would limit you to 10 or so users, while Netgear allows 253.) Plus, Netgear gives free firmware updates forever - almost all the other VPN firewall vendors make you pay a huge "support" fee for them.
This little baby is a must buy if you're setting up a VPN or want to in the future!!

16 Great home or small office true "firewall" and router.
I have been using the Netgear FVS318 router firewall for over a month now with not one glitch. For the money, this is an amazing bargain considering it is a true SPI firewall and a certified ipsec VPN endpoint for eight tunnels included with a eight port switch! The quality of Netgear products are also commendable.

We had it up and running in less than fifteen minutes. My son configured two ipsec vpn tunnels with his friends networks using Linksys VPN routers in short order and I have one configured to my Windows 2000 computer at work that is behind a nat router using Windows 2000 built in ipsec capabilities. All three of our ipsec tunnels have proven to be reliable. I also have no problems using remote desktop through port 3389 or going to my pptp Windows 2000 vpn server through port 1723 behind the FVS318.

We have not experienced any of the problems that other reviewers have, but we have experience configuring these kinds of devices. The FVS318 has fairly extensive built in logging though it does not store much information itself but it can be configured to transfer log information to another computer and can even send you an email alert if certain attacks are detected. It has configurable services based on ports and protocols that are used to create port forwarding to inbound services and block outbound services. However you are limited to 16 services. It can control outbound traffic which is very important to defend against undetected trojans or users [and kids] running things like file swapping or other unapproved applications that access the internet. Internet access can be even controlled by a day/time schedule. If your network is fairly simple, a default block all rule could be created [which must be at the end of the list] and then you can specify what outbound services are allowed. It is also possible to deny a computer or address range of computers from having internet access while allowing others full access. Though the block services is a great addition to this device, it is somewhat limited if you have more than a few variations of configurations compared to a more sophisticated [and much more expensive] soho firewall, and the services can not be configured to use certain ip address/subnet destinations for outbound control which should not be a big deal for most home/small office users. However inbound services/port mapping can be configure to come from specific ip address/subnet. That is an important security feature. For instance if you open an internal computer for remote managment, you can configure the FVS318 to accept connections from only one ip address, which will keep everyone else on the internet from trying to connect and guess your password!

I am very impressed with the Netgear FVS318. Being a true SPI firewall and ipsec VPN endpoint with all the other feaures it has in a quality package, I can highly recommend it to anyone that wants a bargain priced internet device that is a big step up from the consumer grade nat routers.

17 Frequent lockups
I purchased this router for the 8 ports and built in firewall. Unfortunatly it never works for more than 6hours. It came with firmware v1.3. After having to reboot 3 times within 24 hours I upgrade to v1.4. Unfortunatly I had the same lockup issues. I sent an email to tech support but never received a response. I then downgraded the firmware to v1.3 and the lockups remained. This is completely unacceptable.

After a call to tech support (They answered within 5 min) and an explanation of my problem they suggested that I return the router as defective.

I received a second router and had the same problem. I replaced my cable modem (SB4100) with an SB3100, this helped and I was able to stay conencted for about 1 week. Then the problem returned for 2 days of headaches. A call to my ISP (Road Runner) tech support and they came out to check my signals. All they could do was replace the modem with a SB4200. The problem was still rearing its ugly head.

Netgear tech support returned my email (2 weeks after sending it) and said that the SB4100 modems have had voltage problems and may be the cause. Unfortunatly changing modems didn't help and my ISP and Netgear just seem to point the finger at each other.

When the router was working it seemed to perform well. The features are excellent and the interface is very good.

18 FVS 318 works nicely with Firmware 1.3
I have installed 2 of these units in two very similar applications. The first one was a disaster. Firmware v. 1.0 was unstable and kept disconnecting us. Although firmware 1.2 was available it could not be loaded on the originally shipped unit or on its first replacement. The second replacement came with v 1.1 and we upgraded it to 1.2 without trying to use it w. v. 1.1. It worked well at this point.

The next time I installed one (about 2 months later), the unit came w. version 1.3 firmware and it worked well right out of the box.

Despite the frustration of the initial unit, I felt Netgear people were very responsive and helpful. Because of their support, I gave them another opportunity - and was happy with the result.

I have not used the VPN feature and cannot comment on it.

19 Stick to LinkSys..
I purchased this as an upgrade from my 4 port LinkSys router. What a mistake! Simple port redirection for HTTP or FTP works just fine. But I use my home network for managing remote sites. So, when I tried to use Remote Desktop (RDP) to manage a Win 2000 Server box, the connection froze before I could get to the login screen. The log said that the FVS318 had rejected suspicious packets. After trying to change settings and test - over and over again, I finally upgraded the firmware from 1.1 to 1.3. No change.

I also use Outlook Express to manage my Hotmail and some other POP3 email accounts. Everything came through but my Hotmail.

...

20 GREAT product,, Wonderful with sonicwall
This is by far the best firewall in this price range EVER. I was able to create a vpn connection to a sonicwall with this thing on the first attempt in less than 2 minute.. Amazing.. the options as well,, absolutely amazing... MANY of the features of the [$$$] firewalls that aren't usually seen. One bad thing, as will all netgear, only ONE IP addy can be used externally.

21 Great Solution for VPN
After racking my brain for days on how to use a VPN between two private networks with a windows 2000 server, I stumbled across the FVS318NA. I am very pleased with the results so far. Setup was easy with no problems. With in minutes, everything was working great. The default setting are probably good for most home users with DSL/Cable Modems who has dynamic IP addresses. Would recommend to others!

22 Unstable
Still a beta box, If you get much beyond a basic configuration, this box is not for you. Running the latest firmware (1.2) the box crashed several times and had to be initialized. Netgear's technical support states that this box cannot be used a just a VPN server, it must also be used as the network gateway in order for the VPN's to work. Entirely not acceptable.

23 VPN for cheap
This FVS-318 is replacing two other models in the same box; it has VPN built in, an Internet gateway router and a 8 ports 10/100 switch, all for less than a 8 ports switch. The precedent VPN box cost about 5 times the price of this one.

The new firmware release 1.1 corrected lot of bugs; the anoying drop of TCP sessions seem to has been fixed. I ordered an other box to try VPN.

24 Still a beta box
As of today(8/26/02 @ 22:00 UCT), The KVS318 production firmware on their website is still at 1.00 . My FVS318 routers consistently drop sessions in SSH, TELNET; many SSL logins fail, many JHTML pages fail to load. HTML pages intermittently load slowly, partially or not at all. I had to remove them from our network to resume business.

Their support is unresponsive. If I am able to get through on the phone the support reps are difficult to understand. Their technical support people have, in my experience, misenterpreted questions or problems even when I sent them TCP dumps, traps and logs to support the incident report. It appears English is a second language to their support people, a fact evident in their e-mail and web site support replies. Their answers are unreliable and often recommend disabling a feature like site keyword blocking or forwarding ports to non-existent computers. On their support web site they have closed some of my cases without answers, fixes or workarounds provided.

As of 8/26/02 @ 22:00 UCT, their U.S. support is presently on firmware beta N1.01 with no date available for the production firmware to be available. It fixes a lot of problems but in my opinion is not yet production quality.

For those who have a requirement for a product with features that work as advertised, I recommend against the FVS318. I recommend the DSLREPORTS web site for more information, support topics and user experiences with the FVS318.

25 Cable/DSL ProSafe VPN Firewall with 8 Port Switch
8 VPN Tunnels for Encrypted Remote Access.

Want the utmost in network security for your office? NETGEAR's FVS318 ProSafe VPN Firewall provides business-class protection at a NAT router price. This completely equipped, broadband-capable Virtual Private Network (VPN) firewall is a true firewall and provides it all ��? Denial of Service (DoS) protection and Intrusion Detection using Stateful Packet Inspection (SPI), URL access and content filtering, logging, reporting, and real-time alerts. It initiates up to 8 IPSec VPN tunnels simultaneously, reducing your operating costs and maximizing the security of your network. With 8 auto-sensing, Auto Uplink��? switched LAN ports and Network Address Translation (NAT) routing, up to 253 users can access your broadband connection at the same time.

BUSINESS CLASS SECURE

Initiates up to 8 IPSec VPN tunnels simultaneously, allowing for secured connections to branch offices and the "on-the-go" mobile workforce. Network Address Translation (NAT) routing enables shared access to your broadband connection. Includes Web page URL content filtering and 168-bit 3DES IPSec encryption capability. Sends you e-mail notification of network activity ��? reporting and tracking of hacker attempts ��? as well as real-time alerts.

WELL-ARMED

Has everything you want for maximum security coverage: True Firewall using Stateful Packet Inspection (SPI) and Intrusion Detection features, Denial of Service (DoS) attack protection, and VPN pass-through for extra security. There's even a Kensington Lock ��? slot on the unit for theft protection. And with free Freedom��? anti-virus and privacy protection software, the FVS318 ProSafe VPN Firewall provides optimal value and defense against network security threats.

USER FRIENDLY

Smart Wizard connects to your ISP quickly; the easy-to-use Web-based configuration screen and Install Assistant reduce setup time. Remote administration capability makes connecting to multiple sites a breeze.

FLEXIBLE

Make a VPN connection to other FVS318's or through client software*. Support for DHCP (client and server) as well as PPPoE allows for easy, widespread deployment.

26 Easy interface and set up, lots of features, little price.
I got this router to replace a reliable Linksys router that lacked the Netgear FVS318NA's VPN feature and 8 port built in switch.

The VPN feature and the 8 port integrated switch are the best selling points for this Netgear router over other brands and models. The built in Virtual Public Network (VPN) feature let's you use the FVS318NA with a wide variety of VPN Clients and Hosts (not all of course, but many.) Netgear has a 25 page online document that tells you how to VPN your FVS318NA to a Windows 2000 Server for example. Easiest of course is to buy two FVS318NA's and create a point to point VPN between two offices, friends and family with DSL, a cable modem, etc. The built in 10/100 switch and Internet connection sharing means most people with small networks won't need to purchase a separate switch in order to plug in all of their computers, game systems and other Ethernet\Internet using devices.

The built in Firewall offers more than the usual NAT invisibility (it does stateful inspection of packets) and logging is adequate but could be better (more information than is currently available in the router's logs would be helpful for troubleshooting problems and or security.)

All in all you will not be disappointed with the money spent on this little "network cabinet" in a box. Netgear seems to have thought of most everything your power home or small to medium office user would want.