As mentioned in the original review, DMZ was a feature intended for that model, but was delayed. The V3, however, allows LAN port 4 to be converted to a hardware DMZ port for both IPv4 and IPv6. Once enabled, the front DMZ LED lights and it's up to you to create firewall rules to control traffic among the DMZ, LAN and WAN ports. I'll comment further on DMZ firewall rules in the Security section of this review.
I like the addition of the DMZ port because it's more flexible than firewall rules to an internal IP address. A hardware DMZ port allows for placing multiple devices in the router's DMZ and applying specific traffic controls.
The FVS336Gv3 is a dual WAN router with multiple options and traffic controls. Dynamic DNS is a useful feature when your internet connection has a dynamic IP address. Supported Dynamic DNS providers are DynDNS, DNS TZO, Oray DNS, and 3322 DDNS. I had no issues configuring the FVS336Gv3 with my DynDNS account.
With two WAN links, the router can be configured with one link as primary and the other secondary. Alternatively, both links can be used simultaneously in Load Balancing Mode or Round Robin. Load Balancing distributes traffic based on the configured speed of each WAN link. Round Robin equally distributes new connections to the Internet over each WAN link.
Protocol Binding can be used with the Load Balancing option to direct specific traffic types to a specific WAN link. For example, VoIP traffic can be sent over one WAN link, while web traffic can be sent over the other WAN link.
Traffic Metering can be applied on each WAN link to measure and/or limit the amount of bandwidth used.
QoS and Bandwidth profiles can be applied. QoS profiles are created to provide a minimum and maximum amount of bandwidth (rate control) or priority to specific traffic types. Bandwidth profiles are created to provide minimum and maximum bandwidth to individual devices or to groups of devices (based on IP or MAC addresses.)
Note, Traffic Metering, QoS, and Bandwidth profiles have an effect on the router's performance when applied. The below warning about a "drop in performance" is displayed when enabling Bandwidth profiles. A similar warning is displayed when enabling QoS profiles and Traffic Metering.
New to the FVS336Gv3 is support for VLANs. NETGEAR's spec sheet says the FVS336Gv3 supports 802.1Q VLANs, whereas the manual states "the VPN firewall supports port-based VLANs." Based on my test, it looks to me like the FVS336Gv3 supports 802.1Q tagging.
On the LAN page of the FVS336Gv3, you can add a VLAN Profile as shown below. I created VLAN 66 with the 192.168.66.0/24 subnet. Notice also in the below, all ports have a default VLAN equal to "Default" which is VLAN 1. According to the manual, changing the default VLAN on a port changes the port's untagged VLAN, or PVID. I left port 3, my test port, as a member of the default VLAN.
NETGEAR FVS336Gv3 Add VLAN
In the VLAN Profile page, you configure an IP address and DHCP server per VLAN. You also define whether a port is a member of a VLAN. In the test shown below, I made port 3 a member of VLAN 66. Essentially, port 3 is now acting as an 802.1Q trunk port configured as an untagged member of VLAN 1 and a tagged member of VLAN 66.
NETGEAR FVS336Gv3 VLAN Profile
I tested 802.1Q tagging by connecting port 3 of the FVS336Gv3 to a port on a Cisco SG200 802.1Q switch. The port on the switch was also configured as an 802.1Q trunk port as an untagged member of VLAN 1 and a tagged member of VLAN 66. I then verified that a PC connected to an access port on the switch assigned to VLAN 1 connected to VLAN 1 (192.168.1.0/24) on the router and a PC connected to an access port on the switch assigned to VLAN 66 (192.168.66.0/24) on the switch connected to VLAN 66 on the router.
The 336G-300 supports IPv6 in many areas. IPv6 is supported on the WAN, LAN, and DMZ interfaces. Firewall rules, filters, port triggering, IPsec and SSL VPNs can all be configured to work with IPv6 traffic. IPv6 6to4 and ISATAP tunnels are also supported.
Enabling IPv6 on the FVS336Gv3 requires a reboot, so you might want to enable this first if your ISP supports IPv6. I did a basic IPv6 test to see if I could get a global IPv6 address on the WAN interface of the router and a global IPv6 prefix for my LAN devices. I connected the FVS to my Time Warner cable modem, with the modem in bridge mode. I enabled IPv6, enabled DHCP-PD, and enabled RADVD as shown in the gallery below. With all three enabled, I was able to get a global IPv6 prefix for LAN use, as shown in the second screenshot. Further, I was able to ping google.com and other Internet sites via IPv6.
RADVD, or Router Advertisement Daemon, as explained in the FVS' help menu "is stateless IPv6 auto configuration as it distributes IPv6 prefixes to all nodes on the network."