The 824 handles static port forwarding for single ports and port ranges chosen from a list of pre-defined services, or for custom user-defined services (Figure 4). Triggered ports are also supported for gaming and messaging applications, but a pick-list of applications isn't supplied to simplify setup. And, of course, a single DMZ machine is supported.
Note that NETGEAR said there is "no hard number" for the number of port forwarding or triggering rules or number of custom services that can be defined because of the way user entries are treated internal to the router. So I guess if you use a lot of forwarded ports, you could find yourself up against a limit.
Figure 4: Port Forwarding
UPnP is also supported and enabled by default. Although you can change the Advertisement Period and Time To Live, you can't disable NAT Traversal, which is used by UPnP-aware applications to automatically open ports in the 824's firewall. In a nod to security, NETGEAR has included a UPnP Portmap table, which is supposed to show connections opened by UPnP applications. But even when I launched Windows Messenger on a LAN-side machine, I couldn't get anything to appear in the table.
To control the services (ports) that LAN users can access, the 824 provides a Block Services function. Figure 5 shows you can schedule when services are blocked or have them always blocked and each service can be blocked for all, individual or a range of IP addresses.
Figure 5: Blocked Services summary
But if you choose scheduled blocking, you get only one schedule, which has only one time period that can be enabled for each day of the week. Figure 6 shows the screen for defining a custom service to block. You can choose UDP and TCP/UDP in addition to the TCP protocol shown.
Figure 6: Blocked service setup
You can exert finer control (than blocking all access with Block Services) over the websites and newsgroups that your users visit via the Block Sites feature. You can enter up to 255 keywords (these don't have to be complete domain names or even complete words) that will cause a "Web Site Blocked by NETGEAR Firewall" page
Figure 7: Block sites screen
(click on image to enlarge)
It's nice that this feature is schedulable, and you also can enter one "Trusted" IP address that will get unfiltered Internet access. But, unfortunately, Block Sites isn't very smart, since it can be easily bypassed by entering the IP address of the desired site or news server.