The 2000's feature set doesn't stray from the standard NETGEAR set, as you can tell from the Basic Settings page in Figure 5.
Figure 5: Basic Settings
So I'll once again just summarize the routing features, which are very similar to what I found in the last NETGEAR router that I looked at, the WNDR3300:
WAN Support - Types handled include Static and Dynamic IP, Other (static and dynamic IP), PPTP (static and dynamic IP) and BigPond. There is no specific PPPoE setting, so you might be better off using the Setup Wizard to set up your WAN connection. WAN MTU is set separately from the connection type (WAN Setup page) and applies to all WAN options. WAN port MAC address spoofing is supported only for Static and Dynamic connection types.
Firewall - The SPI+NAT firewall is pretty basic, although you can disable SPI. Both port forwarding and triggered port forwarding are supported. You get a rather short pick list of services in the Port Forwarding add screen, but you can specify the port numbers and protocols directly for both the outbound trigger port and inbound port range.
Ports can also be opened automatically via UPnP NAT Traversal (enabled by default), but at least you can log into the admin interface and see the automatically opened ports in the UPnP Portmap table. (I noticed entries for TCP and UDP ports 16584 listed here, which were opened by Skype.) A single DMZ IP is also supported and you can disable the SPI portion of the firewall.
The WAN Setup page holds the SPI Firewall Disable (default unchecked), DMZ, Respond to Ping on Internet Port and MTU settings. There is also a NAT Filtering option (default "Secured") that has a fuzzy explanation in the online help.
The Block Services (outbound port filters) can be applied to all, one or a range of IP addresses, but not MAC addresses. They also can be controlled by a single rudimentary schedule (checkboxes for days of the week and one set of start / stop times).
The Block Sites feature is keyword-based and applies to web traffic only. You get an attention-grabbing red and black "Web Site Blocked by NETGEAR Firewall" page when you trigger the block and the ability to have one "trusted" IP address that can bypass any blocking.
Dynamic DNS clients - Only Dyndns.org is supported
Logging and Reporting - Logging seems mainly focused on logging web traffic. Everything goes into one log, with no filtering provided. You can clear or email the log, but there is no syslog or SNMP trap support. Email authentication has been added and worked for my ISP, but there is no Test email button or ability to handle SMTP servers using secure connections or specify an alternate SMTP port.
Other features - The DHCP server can be disabled and allows IP address reservation by MAC address. RIP direction and version (1, 2B, 2M) can be controlled and static routes set.
QoS: Simple four-level priority-based QoS for upload (Internet-bound) traffic has been added. You can specify the uplink bandwidth, or use the "Check for current Internet Uplink bandwidth" button. I tried this and got values much higher than the 400 Kbps or so that my ISP provides. It's possible, however, that the test got confused by the multiple NAT routers between the 2000 and my Internet connection. On the other hand, routers with Ubicom's StreamEngine auto QoS don't have the problem.
QoS priority can be set by Ethernet port, client MAC address or application port. There are 18 pre-built QoS Policies for applications or you can define your own rules.
What's not here:
No Router / AP mode switch - If you already have a router and just want to use the wireless section on the 3300, see this article.
Secure remote access - Remote access is HTTP only, but you can limit access by IP address range and set the port number.
Admin idle timeout adjust - One of my continuing personal annoyances with NETGEAR's routers. The timeout seemed to be about one minute!
No reboot button - The only way to get the router to reboot is to power cycle it.