NETGEAR ProSafe Dual Band Wireless VPN Firewall reviewed



Firewall

The FWAG borrows its Rules and Services firewall model from its sibling products to control all port usage in and out of the firewall. Figure 4 shows the Rule screen that summarizes both Inbound and Outbound Rules.

NETGEAR FWAG114: Firewall rules

Figure 4: Firewall Rules
(click on the image for a full-sized view)

Outbound Service rules (commonly known as Port Filters), are used to specify a range of ports, i.e. a service, that are either allowed or blocked from a range of LAN IP addresses to a range of WAN (Internet) IP addresses. Figure 5 shows a rule that will block access to RealAudio streams for all LAN users.

NETGEAR FWAG114 - Outbound Service rule
Figure 5: Outbound Service Rule
(click on the image for a full-sized view)

Inbound Services (usually known as Port Forwarding), have the same configuration features as Outbound Services, but are used to allow access to servers on your LAN that are behind the FWAG's firewall. Note that server "loopback" is supported for Inbound Services.

The FWAG comes with service definitions for commonly used services such as HTTP (Web), FTP, and others, which you can pick from a drop-down list. When you need a service that's not pre-defined, you can add it via the Custom Services screen, shown in Figure 6.

NETGEAR FWAG114 - Custom Service
Figure 6: Custom Service
(click on the image for a full-sized view)

Rules have a few other tricks they can do. Both Inbound and Outbound rules are schedulable as shown in Figure 7, but there is only one schedule, which can be applied on a rule by rule basis.

NETGEAR FWAG114 - Rule schedule
Figure 7: Rule Schedule
(click on the image for a full-sized view)

You can also control the logging of each rule with selections of Never and Match, as well as the order of precedence for rules in both directions. But note that there is no ability to set an outbound trigger port for the Inbound Services... the service mappings are static only. And contrary to the FWAG's User Manual, UPnP is not supported, at least not yet.

You can exert finer control (than blocking all access with Outbound Services) over the websites and newsgroups that your users visit via the Block Sites feature. The feature is not schedulable, but you can enter one "Trusted" IP address that will get unfiltered Internet access.