
VPNC
CERTIFIED
Basic
Interop
AES
Interop
50-user Office VPN Router
ProSafe® Dual WAN Gigabit Firewall Data Sheet
with SSL & IPsec VPN
FVS336G
SSL and IPsec VPN Tunnels for Secure Remote Network Access
NETGEAR’s ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN offers the best of both
worlds by offering two types of virtual private network (VPN) tunnels, Secure Sockets Layer
(SSL) and IP security (IPsec), for optimal secure connection to your network. SSL VPN tunnels
provide clientless remote access to your corporate data for individual access anywhere and
anytime while IPsec VPN tunnels provide both secure site-to-site tunnels and legacy support for
client-based remote access. Backed by a true firewall, this VPN router is a high-performance,
SNMP-manageable, network solution that furnishes multidimensional security including
denial-of-service (DoS) protection, stateful packet inspection (SPI), URL keyword filtering,
logging, reporting, and real-time alerts. Four Gigabit LAN ports keep your data moving at
top speed while two Gigabit WAN ports provide load-balancing and failover protection to
ensure maximum throughput and reliable connectivity to the Internet. With Network Address
Translation (NAT) routing and classical routing, up to 253 users can access your broadband
connection at the same time.
Secure
Reliable
Easy to Use
The FVS336G takes care of all your security needs, with support of up to 25 IPsec VPN
tunnels and 10 SSL VPN tunnels simultaneously, hacker protection via SPI firewall, DoS attack
protection, and multiple VPN pass-through. SYSLOG and email reporting enable thorough
network monitoring. IKE authentication provides peace of mind against unauthorized VPN
network access. The SSL VPN tunnels support industry-strength encryption algorithms and
features such as automatic cache cleanup after session termination to ensure protection and
privacy of your sensitive data. The ProSafe Dual WAN Gigabit Firewall provides optimal value
and defense against network security threats.
Dual Gigabit Ethernet WAN ports support two broadband connections, in either a load-balancing
or fail-over configuration. The load-balancing configuration enables maximum throughput by
utilizing both WAN connections to distribute traffic across two broadband connections, possibly
with different ISP providers. Alternatively, the second WAN port may be configured as a failover
connection in case the primary connection fails, for another method of providing high reliability.
The rugged metal unit houses advanced, high-quality electronics, and NETGEAR’s tested and
proven technology is backed by a lifetime warranty.
Auto Detect connects to your ISP quickly; the user-friendly Web-based ProSafe Control Center
configuration screen and install assistant reduce setup time. With SSL VPN tunnels, employees
can quickly and securely access company data with just a Web browser without going into the
office. The IPsec VPN wizard automates IPsec VPN configuration and secure remote makes it
simple to connect to multiple sites. Support for DHCP (client and server) as well as PPPoE allows
for easy, widespread deployment. This well-built firewall has an integrated 4-port 10/100/1000
Mbps switch and is compatible with Windows
an Ethernet cable, and Auto Uplink on the all ports eliminates the need for crossover cables.
®
, UNIX®, Macintosh®, and Linux® OS. It comes with
1-888-NETGEAR (638-4327)
Email: info@NETGEAR.com
“The FVS336G provides a lot of value to small biz users looking
for an easier way to provide secure connections to roving
employees.”
- SmallNetBuilder
“...a commercial quality unit that is loaded with the necessary
features to bring security and remote connectivity to most any
small business.”
-

ProSafe® Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G
PC with GA311
Desktop PCs with
GA311 network card installed
Servers
FVS336G
Dual WAN Gigabit Firewall
with SSL & IPsec VPN
FVS336G
Dual WAN Gigabit Firewall
with SSL & IPsec VPN
GS724TS
ProSafe 24-port Gigabit
Stackable Smart Switch
Broadband
modems
VPN Tunnel
encrypts your data
Internet
Broadband
modems
PDA with Web browser
Telecommuter with ProSafe VPN
Client Software VPN01L
(IPsec VPN)
PCs with GA311
WG302 access point
Laptop with SSL VPN
Remote Access
via Kiosk or Laptop
Gigabit Ethernet
Fast Ethernet
Technical Specifications
Physical Interfaces•
LAN ports: Four (4) 10/100/1000 –
Mbps auto-sensing, Auto Uplink™
RJ-45 ports
WAN ports: Two (2) 10/100/1000 –
Mbps auto-sensing, Auto Uplink™
RJ-45 ports to connect to any
broadband modem, such as DSL
or cable
Load balancing or fail-over modes –
SPI firewall•
Stateful packet inspection (SPI): –
prevents denial-of-service –
(DoS) attacks
provides stealth mode –
User support: Unrestricted –
Keyword filtering on: –
address –
service (ex. FTP, SMTP, HTTP, RPL, –
SNMP, DNS, ICMP, NNTP, POP3,
SSH, etc.)
protocol –
Web URL port/service blocking –
file extension (ex. Java, URL, ActiveX) –
Port/service blocking –
SIP Application Layer Gateway –
SIP compatibility list: –
Linksys SPA-901 –
Linksys SPA-941 –
SNOM M3 –
Cisco 7940G –
X-Lite 3.0 (software for phones) –
D-Link DPH-140S –
Grandstream GXP-2000 –
Polycom SoundStation 6000 –
Siemens C450 –
Aastra 51i –
IPsec VPN functionality•
Twenty-five (25) dedicated IPsec –
VPN tunnels
Manual key and Internet Key –
Exchange Security Association (IKE SA)
assignment
pre-shared key signature –
RSA/DSA signature –
Key life and IKE lifetime time settings –
Perfect forward secrecy –
Diffie-Hellman groups 1 and 2 –
Oakley support –
Operating modes –
main –
aggressive –
Fully qualified domain name –
(FQDN) support for dynamic IP
address VPN connections
IPsec support•
IPsec-based 56-bit (DES) 168-bit –
(3DES), or 256-bit (AES) encryption
algorithm
MD5 or SHA-1 hashing algorithm –
ESP support –
PKI features with X.509 v.3 certificate –
support
remote access VPN (client-to-site), –
site-to-site VPN
IPsec NAT traversal (VPN pass- –
through)
SSL VPN Functionality•
Ten (10) dedicated –
SSL VPN tunnels
SSL version support: SSLv3 –
and TLS 1.0
SSL encryption support: DES, 3DES, –
ARC4, AES (ECB, CBC, XCBC, CNTR)
128/256 bit
SSL message integrity: MD5, SHA-1, –
MAC-MDS/SHA-1, HMAC-MD5/SHA-1
Certificate support: –
RSA –
Diffie-Hellman –
Self –
Two-factor authentication support –
Routing Modes of Operation•
Many-to-one Multi-network Address –
Translation (NAT)
Classical routing –
Unrestricted users per port –
IP Address Assignment•
Static IP address assignment –
Internal DHCP server on LAN –
DHCP client on WAN –
PPPoE client support –
Performance Features
Throughput•
LAN-to-WAN: 60 Mbps total –
IPsec VPN (3DES): 16 Mbps –
SSL VPN: 10 Mbps –
Connections•
10,000 concurrent sessions –

ProSafe® Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G
Management Features
Administration Interface•
SNMP (v2c) support –
Web graphic user interface –
Secure Sockets Layer (SSL) remote –
management
User name and password protected –
Secure remote management support –
authenticated through IP address (or
IP address range) and password
Configuration changes/upgrades –
through Web GUI
Two-factor authentication support –
for administrator interface
Logging •
– SYSLOG
– Email alerts
Functions•
VPN Wizard to simplify configuration –
of IPsec VPNs
Auto Detect to automatically detect ISP –
address type (static, dynamic, PPPoE)
Port range forwarding –
Port triggering –
Enable/disable WAN ping –
DNS proxy –
MAC address cloning/spoofing –
Network Time Protocol NTP support –
Diagnostic tools (ping, DNS lookup, –
trace route, other)
Port/service –
Auto-Uplink on switch ports –
L3 Quality of Service (QoS) –
LAN-to-WAN and WAN-to-LAN (ToS)
SIP ALG –
Protocol support•
Network: IP routing, TCP/IP, UDP, –
ICMP, PPPoE
IP addressing: DHCP (client and –
server)
Routing: RIP v1, RIPv2 –
(static routing, dynamic routing)
VPN/security: IPsec (ESP), IKE, PKI, –
HTTPS
User support•
LAN: Up to 253 users –
Maintance•
Save/restore configuration, restore –
defaults, upgrades via Web browser,
display statistics
Hardware Specifications•
Processor Speed: 300 MHz –
Memory: 16 MB flash, 64 MB DRAM –
Power adapter: 12V DC, 1.2A -plug is –
localized to country of sale
Dimensions: 25.4 x 17.8 x 3.96 cm –
(10 x 7 x 1.56 in)
Weight: 1.7 kg (3.7 lb) –
Environmental Specifications•
Operating temperature: 0° to 40°C –
(32° to 104°F)
Operating humidity: –
90% maximum relative humidity,
non-condensing
Warranty
Firewall: NETGEAR Lifetime Warranty –
Power supply: NETGEAR 3-year –
Warranty
System Requirements
Cable, DSL or wireless broadband –
modem and
Internet service –
Ethernet connectivity from –
broadband modem
Network card for each connected PC –
Network software (e.g. Windows) –
Internet Explorer 5.0 or higher or –
Netscape Navigator 4.7 or higher
Package Contents
ProSafe Dual WAN Gigabit Firewall –
(FVS336G)
Ethernet cable –
Installation guide –
Warranty/support information card –
Resource CD with single user ProSafe –
VPN Client Software license
NETGEAR Related Products
Accessories•
VPN01L and VPN05L ProSafe –
VPN Client Software
NMS100 ProSafe Network –
Management Software
SSL Concentrators•
SSL312 ProSafe SSL VPN –
Concentrator 25
Ordering Information
North America: FVS336G-100NAS –
†
Europe: FVS336G-100EUS –
Asia: FVS336G-100AUS –
ProSupport Service Packs Available
OnCall 24x7, Category 1•
PMB0331-100 (US) –
PMB0331 (non-US) –
XPressHW, Category 1•
PRR0331 –
350 E. Plumeria Drive
San Jose, CA 95134-1911 USA
1-888-NETGEAR (638-4327)
E-mail: info@NETGEAR.com
www.NETGEAR.com
© 2009 NETGEAR, Inc. NETGEAR, the NETGEAR Logo, NETGEAR Digital Entertainer Logo, Connect with Innovation, FrontView, IntelliFi,
PowerShift, ProSafe, ProSecure, RAIDar, RAIDiator, X-RAID, RangeMax, ReadyNAS and Smart Wizard are trademarks of NETGEAR, Inc. in
the United States and/or other countries. Mac and the Mac logo are trademarks of Apple Inc., registered in the U.S. and other countries.
Other brand names mentioned herein are for identification purposes only and may be trademarks of their respective holder(s). Information
is subject to change without notice. All rights reserved.
*Basic technical support provided for 90 days from date of purchase.
†
Lifetime warranty for product purchased after 05/01/2007.
D- FVS336G- 5