Update 11/19/2007: Various adds from Netgear feedback (Pg 4).
Update 11/15/2007: Slow WAN failover fixed. (Pg 4)
|At a Glance|
|Product||NETGEAR ProSafe VPN Firewall 200 (FVX538)|
|Summary||Dual WAN IPSec-endpoint router supporting 200 IPSec concurrent tunnels with nine-port switch.|
|Pros||• Dual WAN and Hardware DMZ ports
• 200 IPSec Tunnels
• Powerful CPU, RAM and Encryption Processor
• Nine LAN ports, including one gigabit port
|Cons||• High VPN latency
• Lack of VPN Vista support
• Non 3DES VPN instability
I recently reviewed the NETGEAR FVS124G, so I jumped at the chance to take a look at the FVX538, NETGEAR’s top-of-the-line VPN router.
NETGEAR lists seven routers in its wired business class VPN product line. The FVX538 distinguishes itself by offering the combination of dual 10/100 WAN ports, eight 10/100 LAN ports plus one 1000 Mbps LAN port and support for up to 200 IPSec VPN tunnels. Figure 1, from NETGEAR's product page, summarizes the key features of the line.
Figure 1: Overview of NETGEAR's wired VPN firewalls
Physically, the FVX538 measures 13" wide by 8" deep and 1.75" high, and can be installed in a standard 19" rack with the included mounting brackets. The power supply is built in, and there is an on/off switch on the back. We recently posted a slideshow providing some good looks at the FVX's hardware.
Building the power supply into the device makes for a cleaner installation, and the power switch is a nice convenience over smaller devices that force you to unplug and plug power cords to power-cycle the unit.
On the inside, the FVX has some impressive hardware, including an Intel 533MHz CPU, 64MB RAM, 32MB Flash, and a Cavium Encryption Accelerator, rated for 60+ Mbps of 3DES/SHA-1 encryption throughput. In comparison, its little brother, the FVS124G, has a 200MHz CPU, 16MB RAM, 4MB Flash, and no Encryption Accelerator.
The new CPU is a welcome addition. I noted in my review of the FVS124G that screen response at times was sluggish. Just clicking through the menus of the two devices side by side, it is readily apparent that the FVX is far more responsive.
I liked the FVX's gigabit LAN port, but wonder why NETGEAR didn't make all the LAN ports gigabit as they did with the four port FVS124G. Still, the single gigabit port is useful to connect to a gigabit LAN switch, leaving the other eight 10/100 ports for shared 100 Mbps network devices such as printers.