SmallNetBuilder

Follow SmallNetBuilder
Follow SmallNetBuilder on TwitterConnect On Facebook Google+Get the SmallNetBuilder RSS Feed
You are here: LAN & WAN LAN & WAN Reviews NETGEAR ProSafe SRX5308 Gigabit Quad WAN SSL VPN Firewall Reviewed

NETGEAR ProSafe SRX5308 Gigabit Quad WAN SSL VPN Firewall Reviewed

Print E-mail
Prev - Page 1 of 4 - Next >>

Introduction

NETGEAR ProSafe SRX5308 Gigabit Quad WAN SSL VPN Firewall

At a Glance
Product NETGEAR ProSafe Gigabit Quad WAN SSL VPN Firewall (SRX5308-100NAS)
Summary Biz-class VPN router w/ quad Gigabit WAN & quad LAN Ports and lots of power supporting 125 IPsec and 50 SSL tunnels, QoS and up / down bandwidth control.
Pros • > 500 Mbps routing throughput
• 30 - 40 Mbps 3DES IPsec throughput
• Four WAN ports
• All Gigabit Ports
• Built-in VLAN
Cons • Only four LAN ports
• No L2TP support
• No jumbo frame support
• Admin interface can be slow at times
• Win 7 IPsec client support not complete

Introduction

NETGEAR recently announced its newest router, the SRX5308 ProSafe Gigabit Quad WAN SSL VPN Firewall.  I'm pleased to be the first to review this device, which the company proclaims as the flagship of its ProSafe firewall family!

The 5308 is equipped with four Gigabit WAN ports plus four Gigabit LAN ports, and is designed to be at the core of a network with  100+ users.  NETGEAR's specifications list capacity to handle 200,000 concurrent connections, support for up to 254 VLANs, 125 simultaneous IPSec VPN tunnels, and 50 simultaneous SSL VPN tunnels.  Holy smokes!

Although brand new, the SRX5308 has similar menus and options to several NETGEAR routers and gateways I've reviewed, including the FVS336G, the FVS318G, and the UTM10.  Throughout this review, I'll be referencing sections from those reviews as appropriate. 

The SRX is a 1U height device, measuring 13” x 1.7” x 8.2”.  It is enclosed in a metal case with NETGEAR's ProSafe grey and blue metal exterior and intended for a data room, not a desktop.  The exhaust fan on the left side is quite loud, so it is not a device you want in your office or work area.  The chassis supports side brackets for rack mounting in a data center.

The front of the device has both the LAN and WAN ports, with simple status indicator lights as shown in Figure 1.

SRX5308 Front Panel

Figure 1: SRX5308 Front Panel

The rear of the device (Figure 2) has a serial console port, security port to physically lock the device to a physical structure, AC power connector and power switch.

SRX5308 Rear Panel

Figure 2: SRX5308 Rear Panel

Inside

The motherboard is neatly laid out with plenty of room for airflow through the chassis.  The SRX runs on a 700Mhz Cavium CN5010 CPU, 512 MB of DDR2 of RAM, 64 MB of Flash and a Broadcom BCM53118 9-Port GbE Switch with 8 Integrated 10/100/1000 PHYs chip.  The latter is also used in NETGEAR's FVS318G. The CPU and Ethernet chips have passive heatsinks, removed for the picture.  I've called out some of the components in Figure 3.

SRX5308 board
Click to enlarge image

Figure 3: SRX5308 board



Related Items:

NETGEAR Announces Gigabit VPN Firewall
NETGEAR FVS318N ProSafe Wireless-N 8-port Gigabit VPN Firewall Reviewe
LAN Section
Cisco RV180 VPN Router Reviewed
An Old Standby Reborn: NETGEAR FVS318G Reviewed

User reviews

View all user reviews

Average user rating from: 6 user(s)

NOTE! Please post product reviews from actual experience only.
Questions, review comments and opinions about products not based on actual use will not be published.

User Rating    [Back to Top]
Overall: 
 
2.6 Features :
 
3.2 Performance :
 
3.0 Reliability :
 
1.7
 
Ratings (the higher the better)
Features*
 
Performance*
 
Reliability*
 
Comments*
    Please enter the security code.
 
 

Very unreliable!!

Overall rating: 
 
2.7
Features:
 
4.0
Performance:
 
3.0
Reliability:
 
1.0
Reviewed by Peter Claeys
April 18, 2011
Report this review
 

We have replaced our old firewall solution with the SRX5308 and we have had nothing but trouble since the first day we installed it. After only 4 or 5 hours functioning we already started having problems where all users would loose their connections and the router seemed to reboot automatically! This kept happening all afternoon and we where desperately trying to find the cause of this problem (all users lost their connection every time!!!).

There was no error message whatsoever on the SRX5308, it just rebooted. Until finally we found out that it seemed related to our printer (Konica-Minolta bizhub). Windows clients printing through the queue on our print server caused no problem but Linux clients printing through cups immediately to the printer caused the reboot SRX5308! We have had this printer for 3 years and never had a problem with our old firewall system.

Once we had figured out this problem we blocked printing from anywhere but the print server.
The Netgear seemed to function properly for a couple of days but now we can no longer connect to the admin interface. It is reacting so slow that we get a session timeout before we can do anything.
In conclusion I have to say that this piece of equipment looks VERY promising on paper but in real life it's worthless an d I'd rate it 0 for reliability here if I could.

 

I agree with "SRX5308- nice design, bad QA"

Overall rating: 
 
2.7
Features:
 
4.0
Performance:
 
3.0
Reliability:
 
1.0
Reviewed by Mihai
March 18, 2011
Report this review
 

Just as the poster of SRX5308- nice design, bad QA
I agree with his findings.

It doesn't look like the units are faulty - the internal Netgear forums (to which one gets access only AFTER purchasing and registering the product via serial number) has quiet a number of users complaining about this unit.

My own personal experience is that it just stop working:

- After workstations are turned on they might take up to 15 minutes to be allowed to browse the net. During this time they can’t even ping the SRX5308.
- My VOIP phone loses connection to my VOIP service providers’ every 5 minutes! (Or so). Sometimes the SRX5308 doesn’t even allow me to make calls through VOPI!
- Workstations randomly are being dropped and not being allowed to browse the net
- No "errors" in the SRX5308 logs to enable me to troubleshoot - as far as this hardware is concerned everything works fine! My network monitoring tool (which I configured to use a ping the SRX5308) consistently shows it not responding to pings every 30 minutes to 6 hours (random) for a number of seconds/minutes. There are times when NOTHING is happening on the network (like in the middle of the night) and it still stops responding to pings.

And this is after I moved to a dedicated server DHCP and DNS functions!

Support is very average - all they offer is some new BETA firmware. So basically we are asked by netgear to do the testing of this product for them. Thts after we pay for a product advertised as finished fully functional.

Buy something else...

 

Ruvvish product - will NOT aggregate the bandwidth - NOT TRUE balancing

Overall rating: 
 
1.0
Features:
 
1.0
Performance:
 
1.0
Reliability:
 
1.0
Reviewed by James Diaz
March 14, 2011
Report this review
 

Why do we buy a multiwan router? to distribute the load - aggregate the bandwidth
DOES NOT AGGREGATE BW

 

SRX5308- nice design, bad QA

Overall rating: 
 
4.0
Features:
 
5.0
Performance:
 
5.0
Reliability:
 
2.0
Reviewed by james triplett
February 02, 2011
Report this review
 

I'm pretty disappointed. The specs say this should be a great unit, but our experience has been discouraging. I have received 3 of these units. The first arrived DOA due to the cpu heatsink falling off before it arrived here. The second seemed to be OK. The third has a mysterious problem where it drops out for 2-3 minutes very 15 min. or so, with no logging or indication of what the problem might be. The unit seems to work fine, but simply stops talking (can't even ping the inside interface) for a period of time. Needless to say, my users don't like that feature very much ;-)

 

10 of them Put in Across 3 continents and 4 countries

Overall rating: 
 
4.3
Features:
 
4.0
Performance:
 
5.0
Reliability:
 
4.0
Reviewed by Mark
December 01, 2010
Report this review
 

Using these on Business Class Broadband Connections in a Global Network Refresh.
Each site Received 3 Connections 1 Cable, 1 xDSL, and an Ethernet 3/4G Wireless Modem.
Device is used in Weighted Round Robin with failover to Wireless Modem when necessary.
Any Number of VPN Connections between sites based on DYNDNS with Roll-Over Enabled to secondary Broadband Connection. 2 Main Data centers Connect to each site in an IPSEC full Mesh setup. Will eventually move Internal Routing to provide ARIN provided address Space.
These make great Branch office Firewalls and provide a great alternative to Cisco ASA 5510's with superior Numbers in some area's when specific features aren't needed.

Some Tradeoff's when moving from a pure Cisco Shop but the aging PIX hardware needed to be replaced. A lot of IPsec Traffic on these devices. network is engineered to reach back to main Datacenters for all Critical Services with small replication to branch offices.

 
 
View all user reviews