NETGEAR FV336G DATA SHEET

24/7

TECHNICAL

SUPPORT *

*

VPNC

CERTIFIED

Basic

Interop

AES

Interop

50-user Office VPN Router

ProSafe® Dual WAN Gigabit Firewall Data Sheet
with SSL & IPsec VPN

FVS336G

SSL and IPsec VPN Tunnels for Secure Remote Network Access

NETGEAR’s ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN offers the best of both
worlds by offering two types of virtual private network (VPN) tunnels, Secure Sockets Layer
(SSL) and IP security (IPsec), for optimal secure connection to your network. SSL VPN tunnels
provide clientless remote access to your corporate data for individual access anywhere and
anytime while IPsec VPN tunnels provide both secure site-to-site tunnels and legacy support for
client-based remote access. Backed by a true firewall, this VPN router is a high-performance,
SNMP-manageable, network solution that furnishes multidimensional security including
denial-of-service (DoS) protection, stateful packet inspection (SPI), URL keyword filtering,
logging, reporting, and real-time alerts. Four Gigabit LAN ports keep your data moving at
top speed while two Gigabit WAN ports provide load-balancing and failover protection to
ensure maximum throughput and reliable connectivity to the Internet. With Network Address
Translation (NAT) routing and classical routing, up to 253 users can access your broadband
connection at the same time.

Secure

Reliable

Easy to Use

The FVS336G takes care of all your security needs, with support of up to 25 IPsec VPN
tunnels and 10 SSL VPN tunnels simultaneously, hacker protection via SPI firewall, DoS attack
protection, and multiple VPN pass-through. SYSLOG and email reporting enable thorough
network monitoring. IKE authentication provides peace of mind against unauthorized VPN
network access. The SSL VPN tunnels support industry-strength encryption algorithms and
features such as automatic cache cleanup after session termination to ensure protection and
privacy of your sensitive data. The ProSafe Dual WAN Gigabit Firewall provides optimal value
and defense against network security threats.

Dual Gigabit Ethernet WAN ports support two broadband connections, in either a load-balancing
or fail-over configuration. The load-balancing configuration enables maximum throughput by
utilizing both WAN connections to distribute traffic across two broadband connections, possibly
with different ISP providers. Alternatively, the second WAN port may be configured as a failover
connection in case the primary connection fails, for another method of providing high reliability.
The rugged metal unit houses advanced, high-quality electronics, and NETGEAR’s tested and
proven technology is backed by a lifetime warranty.

Auto Detect connects to your ISP quickly; the user-friendly Web-based ProSafe Control Center
configuration screen and install assistant reduce setup time. With SSL VPN tunnels, employees
can quickly and securely access company data with just a Web browser without going into the
office. The IPsec VPN wizard automates IPsec VPN configuration and secure remote makes it
simple to connect to multiple sites. Support for DHCP (client and server) as well as PPPoE allows
for easy, widespread deployment. This well-built firewall has an integrated 4-port 10/100/1000
Mbps switch and is compatible with Windows
an Ethernet cable, and Auto Uplink on the all ports eliminates the need for crossover cables.

®

, UNIX®, Macintosh®, and Linux® OS. It comes with

1-888-NETGEAR (638-4327)
Email: info@NETGEAR.com

“The FVS336G provides a lot of value to small biz users looking
for an easier way to provide secure connections to roving
employees.”

- SmallNetBuilder

“...a commercial quality unit that is loaded with the necessary
features to bring security and remote connectivity to most any
small business.”

-

ProSafe® Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G

PC with GA311

Desktop PCs with
GA311 network card installed

Servers

FVS336G

Dual WAN Gigabit Firewall
with SSL & IPsec VPN

FVS336G

Dual WAN Gigabit Firewall
with SSL & IPsec VPN

GS724TS

ProSafe 24-port Gigabit
Stackable Smart Switch

Broadband
modems

VPN Tunnel
encrypts your data

Internet

Broadband
modems

PDA with Web browser

Telecommuter with ProSafe VPN
Client Software VPN01L
(IPsec VPN)

PCs with GA311

WG302 access point

Laptop with SSL VPN

Remote Access
via Kiosk or Laptop

Gigabit Ethernet
Fast Ethernet

Technical Specifications

Physical Interfaces•

LAN ports: Four (4) 10/100/1000 –
Mbps auto-sensing, Auto Uplink™
RJ-45 ports

WAN ports: Two (2) 10/100/1000 –
Mbps auto-sensing, Auto Uplink™
RJ-45 ports to connect to any
broadband modem, such as DSL
or cable

Load balancing or fail-over modes –

SPI firewall•

Stateful packet inspection (SPI): –

prevents denial-of-service –
(DoS) attacks

provides stealth mode –
User support: Unrestricted –

Keyword filtering on: –

address –
service (ex. FTP, SMTP, HTTP, RPL, –

SNMP, DNS, ICMP, NNTP, POP3,
SSH, etc.)

protocol –
Web URL port/service blocking –

file extension (ex. Java, URL, ActiveX) –
Port/service blocking –
SIP Application Layer Gateway –
SIP compatibility list: –

Linksys SPA-901 –
Linksys SPA-941 –
SNOM M3 –
Cisco 7940G –
X-Lite 3.0 (software for phones) –
D-Link DPH-140S –

Grandstream GXP-2000 –
Polycom SoundStation 6000 –
Siemens C450 –
Aastra 51i –

IPsec VPN functionality•

Twenty-five (25) dedicated IPsec –
VPN tunnels

Manual key and Internet Key –
Exchange Security Association (IKE SA)
assignment

pre-shared key signature –

RSA/DSA signature –
Key life and IKE lifetime time settings –
Perfect forward secrecy –
Diffie-Hellman groups 1 and 2 –
Oakley support –
Operating modes –

main –

aggressive –
Fully qualified domain name –

(FQDN) support for dynamic IP
address VPN connections

IPsec support•

IPsec-based 56-bit (DES) 168-bit –
(3DES), or 256-bit (AES) encryption
algorithm

MD5 or SHA-1 hashing algorithm –
ESP support –
PKI features with X.509 v.3 certificate –

support
remote access VPN (client-to-site), –

site-to-site VPN
IPsec NAT traversal (VPN pass- –

through)

SSL VPN Functionality•

Ten (10) dedicated –
SSL VPN tunnels

SSL version support: SSLv3 –
and TLS 1.0

SSL encryption support: DES, 3DES, –
ARC4, AES (ECB, CBC, XCBC, CNTR)
128/256 bit

SSL message integrity: MD5, SHA-1, –
MAC-MDS/SHA-1, HMAC-MD5/SHA-1

Certificate support: –

RSA –
Diffie-Hellman –
Self –

Two-factor authentication support –

Routing Modes of Operation•

Many-to-one Multi-network Address –
Translation (NAT)

Classical routing –
Unrestricted users per port –

IP Address Assignment•

Static IP address assignment –
Internal DHCP server on LAN –
DHCP client on WAN –

PPPoE client support –

Performance Features

Throughput•

LAN-to-WAN: 60 Mbps total –
IPsec VPN (3DES): 16 Mbps –
SSL VPN: 10 Mbps –

Connections•

10,000 concurrent sessions –