The 3300's feature set is essentially the same as that of Netgear's other wireless routers. Figure 2 shows the Basic Settings page where you set the Internet connection type.
Figure 2: Basic Settings
I'll just summarize the routing features in this list:
WAN Support - Types handled include Static and Dynamic IP, Other (static and dynamic IP), PPTP (static and dynamic IP) and BigPond. There is no specific PPPoE setting, so you might be better off using the Setup Wizard to set up your WAN connection. WAN MTU is set separately from the connection type (WAN Setup page) and applies to all WAN options. WAN port MAC address spoofing is supported only for Static and Dynamic connection types.
Firewall - The SPI+NAT firewall is pretty basic, although you can disable SPI. Both port forwarding and triggered port forwarding are supported. You get a rather short pick list of services in the Port Forwarding add screen, but you can specify the port numbers and protocols directly for both the outbound trigger port and inbound port range.
Ports can also be opened automatically via UPnP NAT Traversal (enabled by default), but at least you can log into the admin interface and see the automatically opened ports in the UPnP Portmap table. A single DMZ IP is also supported and you can disable the SPI portion of the firewall.
The WAN Setup page holds the SPI Firewall Disable (default unchecked), DMZ, Respond to Ping on Internet Port and MTU settings. There is also a NAT Filtering option (default "Secured") that has a fuzzy explanation in the online help.
The Block Services (outbound port filters) can be applied to all, one or a range of IP addresses, but not MAC addresses. They also can be controlled by a single rudimentary schedule (checkboxes for days of the week and one set of start / stop times).
The Block Sites feature is keyword-based and applies to web traffic only. My quick testing revealed some odd behavior such as partially rendering a web page for a site that I accessed via IP address that was blocked by a keyword. The logs also showed DOS attack: FIN Scan from the blocked site. You get an attention-grabbing red and black "Web Site Blocked by NETGEAR Firewall" page when you trigger the block and the ability to have one "trusted" IP address that can bypass any blocking.
Dynamic DNS clients - Only Dyndns.org is supported
Logging and Reporting - Logging seems mainly focused on logging web traffic. Everything goes into one log, with no filtering provided. You can clear or email the log, but there is no syslog or SNMP trap support. Email authentication has been added and worked for my ISP, but there is no Test email button or ability to handle SMTP servers using secure connections or specify an alternate SMTP port.
Other features - The DHCP server can be disabled and allows IP address reservation by MAC address. RIP direction and version (1, 2B, 2M) can be controlled and static routes set.
QoS: Simple four-level priority-based QoS for upload (Internet-bound) traffic has been added. You can specify the uplink bandwidth (there is a " Check for current Internet Uplink bandwidth" button, but it's greyed out). Priority can be set by Ethernet port, client MAC address or application port. There are 27 pre-built QoS Policies for applications or you can define your own rules.
What's not here:
No Router / AP mode switch - If you already have a router and just want to use the wireless section on the 3300, see this article.
Secure remote access - Remote access is HTTP only, but you can limit access by IP address range and set the port number.
Admin idle timeout adjust - One of my personal annoyances. The timeout seemed even shorter than the usual 5 minutes.
No reboot button - The only way to get the router to reboot is to power cycle it.