Firewall
The FVS124G is a more robust Firewall than a simple gateway router with NAT services, as it provides enhanced security through the use of Stateful Packet Inspection (SPI) technology. To quickly review, an SPI based Firewall creates and maintains a state table, which is a listing of all active connections. Connections are things such as access to an Internet web page, or an FTP session.
A Firewall creates additions to the SPI state table by looking at the Firewall's rules to determine if the connection is allowed. The default Firewall rules for the FVS124G are to allow all Outbound connections and to block all Inbound connections, as you can see in Figure 4, below.
Figure 4: The default fiewall rules
With the Netgear's default rules, if a connection is originated on your LAN, it will be entered in the state table and will be allowed through the SPI firewall until it times out after a period of inactivity. If a connection is originated on the WAN, it will be blocked by the SPI firewall unless there is a firewall rule allowing that connection. I wouldn't call SPI a competitive advantage of the Netgear, as SPI is a relatively common feature in today's small network routers.
Regarding firewall rules, the FVS124G has a pretty simple menu for creating rules to allow inbound connections to devices on your LAN. For example, if you're running an FTP server on your LAN that requires WAN access, you can use Netgear's menu of common network services to set up a rule to route FTP requests from the WAN to a specific server on your LAN. As you can see in Figure 5, I've set up a simple rule to “ALLOW Always” WAN FTP requests to 192.168.4.7 on my LAN.
Figure 5: A sample rule for an FTP server
Netgear's rule menu also allows for creation of schedules, which would be used to restrict the rule to user-defined hours. Further, you can configure a rule to only work from specific IP addresses if you want to limit access to your LAN from specific IP addresses.
Firewall rules such as the above FTP example are also known as port forwarding, referring to the fact that the rule forwards inbound connections to port 21 (FTP) to a LAN IP address. Additional rules can be created to meet the needs of your LAN, and additional services can be added to Netgear's list of approximately 40 pre-built network services.
For example, if you wanted to forward SIP signaling traffic for a VoIP application, you would first add SIP (port 5060) to the list of available Services and then create a rule to “ALLOW” and forward this traffic to an IP on your LAN.
VPN
The downside to creating Rules, or port forwarding, is you are essentially creating “holes” in your firewall, which could be used to compromise your network. Virtual Private Networking, or VPN technology, is another means to provide secure access to devices and services on your LAN without creating “holes” in your firewall.
The Netgear FVS124G will allow you to set up three different types of VPNs, including client-to-gateway, gateway-to-gateway, and client-to-gateway through NAT router connections with a total of 25 simultaneous tunnels. For this review, I successfully set up and completed the first two types, which I'll walk you through below.
For the client-to-gateway, or “Road Warrior” connection, you need to load VPN client software on each PC that will be accessing the home LAN. Netgear includes a single license for its VPN client software with the FVS124G, which is actually based on a product called SoftRemote from SafeNet.
Netgear/SafeNet hasn't updated their VPN client to support Vista, although SafeNet's website indicates Vista support is due in 2007. I tried installing it anyway, and can confirm that it doesn't work on Vista.
The Netgear VPN client does work with XP, however. I used Version 10.7.1 Build 10 of the Netgear VPN client (see Figure 6, below) on a Windows XP Home PC. Using the client, I was able to remotely access all the devices on my LAN, including mapping network drives, using Remote Desktop Connection to access a Windows server, and using SSH to access a Linux server.
Contest #29 Results 
