Network Browsing, Port Forwarding
Next, I decided that I wanted to see how well the WebCIFS functionality, i.e. network browsing, worked over the VPN tunnel. I have a Linksys NSLU2 NAS on my network; so, I tried to connect to it through the tunnel. From the SSL VPN portal page you can click the Network Places link and start browsing your network domain for shares. I experienced very little trouble gaining access to my files. I could upload files, delete files, and create new folders. I uploaded several different files ranging in sizes from 250kb all the way up to 50MB.
One minor annoyance was that after an upload operation had completed, the SSL312 would take you back to the root of your share instead of leaving you in the directory to which you had just uploaded a file. One nice feature of the WebCIFS interface was the ability to create bookmarks. You can create bookmarks for any machine shares and have them show up at the machine level when you click Network Places instead of having to navigate down through layers of subdirectories.
All in all, the WebCIFS functionality worked very well. There were times when it seemed a bit slow in downloading and uploading operations, but I suspect that this may have been more of a reflection on my internet connection than the SSL312 itself. It would have been nice if the interface had a "progress bar" for uploads and downloads so that you could occasionally check the status of the file transfers and not worry about whether or not the transfers were successful. Figure 17 shows an example of the WebCIFS GUI.
Another nice feature of the SSL312 is the ability to perform port forwarding. The port forwarding feature in the SSL312 only works with applications that use TCP connections. The functionality is currently implemented in the form of an ActiveX control much like the full VPN tunnel feature. According to Netgear, if you do not need a "full-blown" VPN tunnel and only want to forward TCP connections, you may want to consider the port forwarding functionality since it does not create as much overhead as a full tunnel connection.
I decided to use the port forwarding functionality to forward IMAP (TCP 143) connections from Mozilla Thunderbird to my Linux mail server and to forward MySQL (TCP 3306) database connections to my Linux database server. You configure the port forwarding selections that will be available for users from the management side of the SSL312. Refer to Figure 18.
In this manner, the users do not have the ability to arbitrarily forward anything. Users must select from the ones that the Administrator has set up and made available to them. Once you are logged into the portal, click the Port Forwarding link to load the ActiveX control and activate the port forwarding feature. It will place a small icon in your system tray. If you double-click the icon, a Port Forwarding window appears, which displays your current port forwarding details.
My testing with Mozilla Thunderbird and MySQL seemed to indicate that the SSL312 was handling the port forwarding duties seamlessly with flying colors. I was able to retrieve my mail and perform all other mail-oriented daily tasks without a single hiccup. I was also able to run several complicated queries on a large MySQL database without any issues. Databases in particular are generally very sensitive to network hiccups, especially when performing lengthy complicated transactions. Again, it all worked seamlessly.
One thing that I did wish existed was a way to grant "privileges" to specific users so that they are able to forward ports arbitrarily without having to have the SSL312 Administrator set up every scenario. This feature would give a little more flexibility to software developers who work remotely and are constantly working with servers and applications which run on a plethora of different ports. It's possible that this can be accomplished by setting up Groups using the User and Groups feature, but I didn't try it.