The Netgear SRX5308 Quad-WAN VPN wired router was announced this week but virtually no comments here. I doubt anyone has one yet but any comments for the general good? Full gigabit speed throughput LAN-WAN and WAN-LAN is pretty attractive...I have an old Netgear FVS124G dual WAN and it's way too slow for modern cable systems. $500 street price is nice but 4 WAN interfaces is a bit overkill for the SOHO market. Any chances we might see a 2 WAN version of this device and $100 off the price?
NETGEAR ProSafe SRX5308 Gigabit Quad WAN SSL VPN Firewall Reviewed
- Thread starter Sevenfeet
- Start date
First of all, thank you SNB.com for doing this review. It makes purchasing decisions a lot easier (well, mostly).
As I've stated before, I own a Netgear FVS124G dual WAN router and it's very long in the tooth now, having purchased it about 4 years ago. It doesn't have the throughput to keep up with a modern cable connection (I'm getting 37 Mb/sec from Comcast). My DSL connection is still at 3 Mb/sec and the FVS124G is still hooked up to that, but I need a device that can handle both pipes properly.
I was looking hard at the Draytek 2955 (the successor to the 2950) since it seems like the only device out there closest to the specs I was looking for. But it has some disadvantages being that Drayteks aren't widely available in the U.S. At least I know whom I'm dealing with in the case of Netgear (for better or for worse). So I was pleased when I saw the SRX5308 hit the boards as an alternative.
On the surface, it looks like it has everything....4 WAN ports (overkill for my needs) with true load balancing, protocol rules and failover controls, 4 LAN ports, true gigabit speeds between LAN-WAN and vice versa, modern VPN support (versus the ancient all-but-useless FVS124G), good VLAN support and proper DMZ functionality on a dedicated port. But I'm a little disappointed that Netgear didn't finish the job on a few features.
1. L2TP VPN support. For a router that's supposed to be a flexible VPN solution, this is baffling. Not only is it the standard method for Windows 7 VPN support, but it's also the preferred method for Macs running 10.6 Snow Leopard as well (and I run mostly Macs). Macs can do PPTP VPN as well but the Netgear only supports that for the SRX5308 connecting to certain Austrian ISPs according to the documentation. Seriously? You couldn't just extend that to any client? I know that SSL VPN is really cool and is the most user-friendly solution...just point to a URL, authenticate and go. But it's also the slowest way to do VPN if performance means anything to you. Doug Reid's own tests verified that and I've seen similar results with the VPN access to my company's network (a huge well known hardware/software company).
Maybe this can be rectified in a firmware upgrade but it's a big deficiency to ship this way. It's not a deal breaker on my network since I can still do what I'm doing now, having the Mac OS X Server (Snow Leopard) 10.6.3 do L2TP VPN support and just knock holes through the firewall (the Snow Leopard Server and any Apple Airport Extreme does this automatically). I would just have to manually assign the ports on the Netgear.
2. Jumbo Frames. Normally this wouldn't bother me so much for a few reasons. First, I'd be using it to connect to ISPs (versus a traditional router in a network) so it's unlikely I'm ever going to need upstream jumbo frames to the WAN. But Jumbo Frames on the LAN ports is pretty standard even on the cheapest switches. From an architectual standpoint, this wouldn't be so bad since you can just hook up your existing jumbo capable switch to it and not have it worry about routing any internal network traffic. But this router handles VLANs so you might actually want it to handle Jumbo Frames between VLANs during internal routing. This makes this feature's absence most puzzling.
The Draytek 2955 doesn't seem to have these issues (on paper) but it doesn't match the number of WAN ports or jumbo frame support is a big unknown. The price is cheaper than the Netgear by about $75.
In the end, I have to make a purchasing decision. I still haven't seen any reviews of the dual-Wan Drayteks here or anywhere else but hopefully that may change. I appreciate the insight on the new Netgear but I still haven't made up my mind as to buy it or not.
As I've stated before, I own a Netgear FVS124G dual WAN router and it's very long in the tooth now, having purchased it about 4 years ago. It doesn't have the throughput to keep up with a modern cable connection (I'm getting 37 Mb/sec from Comcast). My DSL connection is still at 3 Mb/sec and the FVS124G is still hooked up to that, but I need a device that can handle both pipes properly.
I was looking hard at the Draytek 2955 (the successor to the 2950) since it seems like the only device out there closest to the specs I was looking for. But it has some disadvantages being that Drayteks aren't widely available in the U.S. At least I know whom I'm dealing with in the case of Netgear (for better or for worse). So I was pleased when I saw the SRX5308 hit the boards as an alternative.
On the surface, it looks like it has everything....4 WAN ports (overkill for my needs) with true load balancing, protocol rules and failover controls, 4 LAN ports, true gigabit speeds between LAN-WAN and vice versa, modern VPN support (versus the ancient all-but-useless FVS124G), good VLAN support and proper DMZ functionality on a dedicated port. But I'm a little disappointed that Netgear didn't finish the job on a few features.
1. L2TP VPN support. For a router that's supposed to be a flexible VPN solution, this is baffling. Not only is it the standard method for Windows 7 VPN support, but it's also the preferred method for Macs running 10.6 Snow Leopard as well (and I run mostly Macs). Macs can do PPTP VPN as well but the Netgear only supports that for the SRX5308 connecting to certain Austrian ISPs according to the documentation. Seriously? You couldn't just extend that to any client? I know that SSL VPN is really cool and is the most user-friendly solution...just point to a URL, authenticate and go. But it's also the slowest way to do VPN if performance means anything to you. Doug Reid's own tests verified that and I've seen similar results with the VPN access to my company's network (a huge well known hardware/software company).
Maybe this can be rectified in a firmware upgrade but it's a big deficiency to ship this way. It's not a deal breaker on my network since I can still do what I'm doing now, having the Mac OS X Server (Snow Leopard) 10.6.3 do L2TP VPN support and just knock holes through the firewall (the Snow Leopard Server and any Apple Airport Extreme does this automatically). I would just have to manually assign the ports on the Netgear.
2. Jumbo Frames. Normally this wouldn't bother me so much for a few reasons. First, I'd be using it to connect to ISPs (versus a traditional router in a network) so it's unlikely I'm ever going to need upstream jumbo frames to the WAN. But Jumbo Frames on the LAN ports is pretty standard even on the cheapest switches. From an architectual standpoint, this wouldn't be so bad since you can just hook up your existing jumbo capable switch to it and not have it worry about routing any internal network traffic. But this router handles VLANs so you might actually want it to handle Jumbo Frames between VLANs during internal routing. This makes this feature's absence most puzzling.
The Draytek 2955 doesn't seem to have these issues (on paper) but it doesn't match the number of WAN ports or jumbo frame support is a big unknown. The price is cheaper than the Netgear by about $75.
In the end, I have to make a purchasing decision. I still haven't seen any reviews of the dual-Wan Drayteks here or anywhere else but hopefully that may change. I appreciate the insight on the new Netgear but I still haven't made up my mind as to buy it or not.
hmurchison
Occasional Visitor
I'm curious as to why Netgear doesn't have the same 3G support that exists in some of their other products.
It would seem to be beneficial for smaller businesses to utilize a 3G/4G WAN card. I wonder if there will be an accessory for this in the future.
It would seem to be beneficial for smaller businesses to utilize a 3G/4G WAN card. I wonder if there will be an accessory for this in the future.
Feature Requests.
I agree on the Nat Per interface method. One of the Things I would really Like to see is Classical Routing/NAT Configuration On a PER WAN interface basis. This would really help those in the Medium Enterprise Network with Mixed Connectivity types. I have Multiple Connections to Different Carriers with Different IP Configurations and I would really like to be able to route on some and NAT on others.
In our Current world we have 2 Metro Ethernet Links from different carriers as well as 2 "broadband" type connections. (1 Cable + 1 DSL). I only have one 1 IP from one of the broadband providers so all traffic on that interface is nat'd but the Same can't be done on the Primary Interfaces due to Past bad experiences with one to one NATing in the past.
EDIT
Is there any Time frame on a Slide show for this Device.
I saw some key differences while I was reading the Reference Manual in what screen shots they offered.
I agree on the Nat Per interface method. One of the Things I would really Like to see is Classical Routing/NAT Configuration On a PER WAN interface basis. This would really help those in the Medium Enterprise Network with Mixed Connectivity types. I have Multiple Connections to Different Carriers with Different IP Configurations and I would really like to be able to route on some and NAT on others.
In our Current world we have 2 Metro Ethernet Links from different carriers as well as 2 "broadband" type connections. (1 Cable + 1 DSL). I only have one 1 IP from one of the broadband providers so all traffic on that interface is nat'd but the Same can't be done on the Primary Interfaces due to Past bad experiences with one to one NATing in the past.
EDIT
Is there any Time frame on a Slide show for this Device.
I saw some key differences while I was reading the Reference Manual in what screen shots they offered.
Last edited:
So ignoring the obvious lack of knowledge I have by asking this question...
Could this device conceivably handle full time use in a small business environment that has 40-60M of lines coming in?
Some examples that we're considering are a 10M Fiber line from ISP1, a 20M Fiber line from ISP2, a 6M/1M DSL line and a 6M/1M Cable internet line.
Could I bypass the need for a Cisco setup altogether and just use this device since each of the listed products is an ethernet hand-off?
Obviously there are some variables in answering this but lets just say we're serving some basic web and email traffic and not hosting for others. The main need for high bandwidth is for us to be able to pull data into our location.
And I'd handle much of the firewalling on hardware beneath the SRX5308.
So basic question, in this type of environment, could this box serve as my border entry point?
Could this device conceivably handle full time use in a small business environment that has 40-60M of lines coming in?
Some examples that we're considering are a 10M Fiber line from ISP1, a 20M Fiber line from ISP2, a 6M/1M DSL line and a 6M/1M Cable internet line.
Could I bypass the need for a Cisco setup altogether and just use this device since each of the listed products is an ethernet hand-off?
Obviously there are some variables in answering this but lets just say we're serving some basic web and email traffic and not hosting for others. The main need for high bandwidth is for us to be able to pull data into our location.
And I'd handle much of the firewalling on hardware beneath the SRX5308.
So basic question, in this type of environment, could this box serve as my border entry point?
yes it will be able to do that. if all 4 wan-ports are in use you will get approximately 240 mbit raw routing throughput on each wan-port (measured via simultaneous iperf streams on all ports).
using advanced features of the firewall will reduce this throughput further.
since you would be using only the basic nat firewall the above numbers would be true for you and the device will easily be able to accomodate your needs.
using advanced features of the firewall will reduce this throughput further.
since you would be using only the basic nat firewall the above numbers would be true for you and the device will easily be able to accomodate your needs.
J
Jellen
Guest
OpenVPN compatible?
Hello everyone,
I'm looking for a router that is able to connect as a client to a VPN server using the OpenVPN protocol.
I need a router that can handle about 30mbit(combined) up and download traffic.
I tried a basic setup of running DD-WRT firmware on a Netgear WNDR3700 (one of the most powerful consumer models, 680mhz cpu) I found out that running OpenVPN via the router caused some serious performance issues.
Max speed was around 7mbit, not enough for my needs.
Now I'm looking for a (enterprise) router that is capable of running OpenVPN and has the performance I'm looking for.
As I've read in the review of this Netgear model I conclude that it is one of more powerfull vpn capable routers, can anyone confirm if it's possible to use with OpenVPN and what performance I may expect?
Any other advice is always welcome
Kind regards
Jellen
Hello everyone,
I'm looking for a router that is able to connect as a client to a VPN server using the OpenVPN protocol.
I need a router that can handle about 30mbit(combined) up and download traffic.
I tried a basic setup of running DD-WRT firmware on a Netgear WNDR3700 (one of the most powerful consumer models, 680mhz cpu) I found out that running OpenVPN via the router caused some serious performance issues.
Max speed was around 7mbit, not enough for my needs.
Now I'm looking for a (enterprise) router that is capable of running OpenVPN and has the performance I'm looking for.
As I've read in the review of this Netgear model I conclude that it is one of more powerfull vpn capable routers, can anyone confirm if it's possible to use with OpenVPN and what performance I may expect?
Any other advice is always welcome
Kind regards
Jellen
Yes it could BUT....
As an experienced user of the Cisco world (CCNP Routing and Switching) with numerous high end Cisco chasssis' (65XX/76XX/45xx) I would say that this could be a decent Edge Device. If you can get everything terminated in to an ethernet handoff this would work nicely. Especially if you purely use RFC 1918 (10.x/172.x/192.168.x) addressing inside of your network. I have a been thinking of using this as a replacement for ASA 5510's at a few customer sites that we provide Metro Ethernet Links to.
I will have to see how it works with different Route Redistribution from our internal OSPF network that we currently have. my only recommendation would be to get two and have a constantly updated "warm Spare" handy.
My experiences so far with Netgear Firewall Products has been great. They work up untill they die(hardware failure) and when you do have issues it' some times easier to just have the spare to take over. Save your config constantly and keep a good archival of your working configurations.
Edit
I have seen an issue in the past with netgear products in multihomed Networks where if the return path of a forwarded inbound NAT request comes back over a different Layer 3 link that it errors out. Guess it would have to be your TRUE Gateway of last resort as well.
As an experienced user of the Cisco world (CCNP Routing and Switching) with numerous high end Cisco chasssis' (65XX/76XX/45xx) I would say that this could be a decent Edge Device. If you can get everything terminated in to an ethernet handoff this would work nicely. Especially if you purely use RFC 1918 (10.x/172.x/192.168.x) addressing inside of your network. I have a been thinking of using this as a replacement for ASA 5510's at a few customer sites that we provide Metro Ethernet Links to.
I will have to see how it works with different Route Redistribution from our internal OSPF network that we currently have. my only recommendation would be to get two and have a constantly updated "warm Spare" handy.
My experiences so far with Netgear Firewall Products has been great. They work up untill they die(hardware failure) and when you do have issues it' some times easier to just have the spare to take over. Save your config constantly and keep a good archival of your working configurations.
Edit
I have seen an issue in the past with netgear products in multihomed Networks where if the return path of a forwarded inbound NAT request comes back over a different Layer 3 link that it errors out. Guess it would have to be your TRUE Gateway of last resort as well.
Last edited:
SRX5308 vs FVS336G v.2
To me the SRX5308 might be a bit overkill for my needs and I have seriously been considering FVS336G as a cheaper alternative. The only problem is, as mentioned in the review, that it is a few years old and might not be as impressive as it was when it was initially launched.
I have found out that NETGEAR have launched a updated version (Not only firmware update, but new hardware) called FVS336G V.2
Click on this link to see the difference: http://kb.netgear.com/app/products/family/a_id/13333
It would really be great to have the new version reviewed to compare the SRX5308 and FVS336G v.2 (as it is not really correct to compare it to the older version any more, when a newer version is available).
I might end up buying the SRX5308 in the end (just to be on the "safe"side), but I would still like to know if anyone has any comments or experiences with the FVS336G v.2
To me the SRX5308 might be a bit overkill for my needs and I have seriously been considering FVS336G as a cheaper alternative. The only problem is, as mentioned in the review, that it is a few years old and might not be as impressive as it was when it was initially launched.
I have found out that NETGEAR have launched a updated version (Not only firmware update, but new hardware) called FVS336G V.2
Click on this link to see the difference: http://kb.netgear.com/app/products/family/a_id/13333
It would really be great to have the new version reviewed to compare the SRX5308 and FVS336G v.2 (as it is not really correct to compare it to the older version any more, when a newer version is available).
I might end up buying the SRX5308 in the end (just to be on the "safe"side), but I would still like to know if anyone has any comments or experiences with the FVS336G v.2
Last edited:
U
Unregistered
Guest
Cannot agree more.
V1 of FSV336G is good in features but unstable per users comments, possibly due to lack of cooling fan and excessive heat. It will be great if Netgear improved the hardware and made it shine again, especially for those who do not need UTM or overkill router like SRX5308.
V1 of FSV336G is good in features but unstable per users comments, possibly due to lack of cooling fan and excessive heat. It will be great if Netgear improved the hardware and made it shine again, especially for those who do not need UTM or overkill router like SRX5308.
Ipsec Througput
Tim et All,
Not Sure if its helpful or not but I have a ISA 2006 Server Peered with the 5308 and I am seeing 60 megabit of ipsec throughput currently on a consistent Basis.
Phase one is 3DES MD5 Group 2
Phase Two is 3DES MD5 with PFS running Group 2.
I believe the limiting factor to be the ISA server honestly as it is using about 60 percent CPU during the transfer and my SNMP monitoring of the 5308 only shows about 10 percent utilization on the CPU utilization and the memory only jumped by about a meg and a half to 160 meg from 158.3.
I am getting ready to put this infront of a VERY popular website to see how well the NAT hangs under considerable load.
Tim et All,
Not Sure if its helpful or not but I have a ISA 2006 Server Peered with the 5308 and I am seeing 60 megabit of ipsec throughput currently on a consistent Basis.
Phase one is 3DES MD5 Group 2
Phase Two is 3DES MD5 with PFS running Group 2.
I believe the limiting factor to be the ISA server honestly as it is using about 60 percent CPU during the transfer and my SNMP monitoring of the 5308 only shows about 10 percent utilization on the CPU utilization and the memory only jumped by about a meg and a half to 160 meg from 158.3.
I am getting ready to put this infront of a VERY popular website to see how well the NAT hangs under considerable load.
U
Unregistered
Guest
Multiple external ip-adresses?
Hi!
Is the srx5308 able to handle more than four external ip-addresses. By comparison the DFL-800 from D-link is able to handle unlimited (or many, at least) ip-addresses, but I can't figure that out for the SRX5308 by reading the documents I've been able to find.
In our setup we need at least five ip-adresses, so what's our option?
Best regards
/Johan
Hi!
Is the srx5308 able to handle more than four external ip-addresses. By comparison the DFL-800 from D-link is able to handle unlimited (or many, at least) ip-addresses, but I can't figure that out for the SRX5308 by reading the documents I've been able to find.
In our setup we need at least five ip-adresses, so what's our option?
Best regards
/Johan
U
Unregistered
Guest
missing details
This is a good review for speed but not for functionality.
One of the main issues with Dual (or Multi) WAN routers is how it handles failover.
The algorithms have not been tested in this review.
In particular I would like to know- if it switches due to failure to a different WAN, does it switch the DNS providers also? I have seen routers (Zyxel) that do not. I hear that the Peplink does it but I don't know about Netgear. This is important since not switching the DNS makes use of the other connection useless. In order for this to work the devices on the network should have the router as the DNS provider and the router needs to use the appropriate DNS. In devices where you can only list the DNS for the LAN (as opposed to per the WAN), you can have 4 DNS entries (2 for each WAN ISP) but it will always try according to the order they are in- and you wil get long timeouts before name resolving.
The other thing that maybe crippling the Netgear is that you can do EITHER load balancing OR failover. I want protocol binding with failover and looking at the manual, I don't see that I can do that (it says that for protocol binding you need to select load balancing). So for example I have a T1 and a backup DSL. I want the servers to use the T1 with protocol binding, but I want all the other activities (mainly web browsing from clients) to use the high-speed DSL, and be able to switch to the T1 if the DSL becomes unavailable. Can that be done? Not sure...
This is a good review for speed but not for functionality.
One of the main issues with Dual (or Multi) WAN routers is how it handles failover.
The algorithms have not been tested in this review.
In particular I would like to know- if it switches due to failure to a different WAN, does it switch the DNS providers also? I have seen routers (Zyxel) that do not. I hear that the Peplink does it but I don't know about Netgear. This is important since not switching the DNS makes use of the other connection useless. In order for this to work the devices on the network should have the router as the DNS provider and the router needs to use the appropriate DNS. In devices where you can only list the DNS for the LAN (as opposed to per the WAN), you can have 4 DNS entries (2 for each WAN ISP) but it will always try according to the order they are in- and you wil get long timeouts before name resolving.
The other thing that maybe crippling the Netgear is that you can do EITHER load balancing OR failover. I want protocol binding with failover and looking at the manual, I don't see that I can do that (it says that for protocol binding you need to select load balancing). So for example I have a T1 and a backup DSL. I want the servers to use the T1 with protocol binding, but I want all the other activities (mainly web browsing from clients) to use the high-speed DSL, and be able to switch to the T1 if the DSL becomes unavailable. Can that be done? Not sure...
Based on the SNB review of the SRX5308 I purchased one for my office, however I am having serious performance issues with simple Internet download speeds.
I have the router connected to two ADSL modems, Modem1 is on a 1500kbps plan and can download without fail at 157Kb per sec, Modem2 is on an 8000kbps plan and will download at between 200Kb and 700Kb per sec.
When the modems are connected to the SRX5308 my download speed is between 10 and 100Kb per second.
I have tried connecting the modems in PPoE, with dynamically assigned and statically assigned IP addresses, none of which makes any difference to the speed.
The router itself seems OK as I have connected the WAN ports to two of my internal networks and connected the LAN port to a PC and was able to download from the network servers at a sustained 60 to 70 Mb/s so the WAN to LAN through put is fine, but the Internet to LAN is terrible!
Does anyone have any suggestions of what configuation changes I may need to make??
Cheers,
mangyDOG
I have the router connected to two ADSL modems, Modem1 is on a 1500kbps plan and can download without fail at 157Kb per sec, Modem2 is on an 8000kbps plan and will download at between 200Kb and 700Kb per sec.
When the modems are connected to the SRX5308 my download speed is between 10 and 100Kb per second.
I have tried connecting the modems in PPoE, with dynamically assigned and statically assigned IP addresses, none of which makes any difference to the speed.
The router itself seems OK as I have connected the WAN ports to two of my internal networks and connected the LAN port to a PC and was able to download from the network servers at a sustained 60 to 70 Mb/s so the WAN to LAN through put is fine, but the Internet to LAN is terrible!
Does anyone have any suggestions of what configuation changes I may need to make??
Cheers,
mangyDOG
Last night I tried another test.
I connected a totally different brand of ADSL modem directly to a PC and was able to download a 300Mb file at an average of over 500Kb/s. I then reconfigured the modem to bridge mode and connected it to the WAN1 port of the SRX5308 and the PC to the LAN1 port.
I configured the SRX5308 to PPoE mode and left the WAN port settings at auto sense. I set the WAN port speeds to 10Mb/s down and the upload to 384Kb/s. I then tried to download the same file again. The download speed topped out at 45kb/sec, less than 1/10th the speed the ADSL connection achieved on its own.
I also reset the WAN port speeds to 100Mbit duplex (which is what the modem is meant to have) and to 10Mbit half duplex with no change in performance. I also reset the Internet connection settings to 100Mbit up and down with no effect.
These tests where without a 2nd Internet connection and with no load balancing so the router should have been fine.
Cheers,
mangyDOG
I connected a totally different brand of ADSL modem directly to a PC and was able to download a 300Mb file at an average of over 500Kb/s. I then reconfigured the modem to bridge mode and connected it to the WAN1 port of the SRX5308 and the PC to the LAN1 port.
I configured the SRX5308 to PPoE mode and left the WAN port settings at auto sense. I set the WAN port speeds to 10Mb/s down and the upload to 384Kb/s. I then tried to download the same file again. The download speed topped out at 45kb/sec, less than 1/10th the speed the ADSL connection achieved on its own.
I also reset the WAN port speeds to 100Mbit duplex (which is what the modem is meant to have) and to 10Mbit half duplex with no change in performance. I also reset the Internet connection settings to 100Mbit up and down with no effect.
These tests where without a 2nd Internet connection and with no load balancing so the router should have been fine.
Cheers,
mangyDOG
it can easily Handle 5 Ip address's on one interface. Especially if they are in a single Subnet.
Unlike other netgear firewall's where you assign the IP address's for your rules in the Rules themselves as "Another IP Address" on the 5308 you assign the ip to each interface on the WAN1/WAN2/WAN3/WAN4 settings. I can provide screen shots if you need them.
S
Stephen Wong
Guest
Avoid the SRX5308 like plague
I've used my SRX5308 since it released in April / May 2010. TOTALLY DISASTER!
My 2 points:
1. Lack of general DDNS support, the existing 4 are too restricted,
TZO is not a free service (30 days free trial), the last 2 are for PRC
users only, as they request PRC identity card number to register.
Should have a general DDNS interface and many more DDNS choice (my
choice: ZoneEdit).
2. Lack of WAN Traffic log / graph. It will be good if a traffic log
/ graph per WAN interface is there to show, in / out bytes per minute,
opened sessions per minute, CPU loading, memory loading, multicast
traffic, network collision, errors, etc.
3. DHCP reservation for specific MAC addresses. The current User
Interface in Networking-->Lan Settings-->Lan Group, is very deep and
not user friendly. User should have a simple MAC address = IP address
table to make the setting. In the current firmware, I found some
problem in routing. If I save a MAC address, IP address pair, but the
IP address is NOT in the DHCP range, the router refuse to send out
packets for that IP address (but ping router is okay, proxy DNS from
router is okay)!
3a. The Menu structure cannot be more irrational! You can call me stupid, I expect I have a 'reboot router' button in 'Administration' tab, but not in 'Monitoring-->Diagnostics-->Router Options' tab!
4. Better user interface for WAN TCP/UDP ports map to LAN IPort.
Now, it is unclear to put it under Security-->Lan routing-->Incoming
routing. Actually, it should be very simple, Port Mapping, WAN Port /
Protocol = LAN IPort.
5. PPPoE on WAN port will show WAN port MAC address as
00:00:00:00:00:00. At least, I use PPPoE in WAN2 port, and it's the
display from Monitoring-->Router Details
6. Better load balancing algorithm, when a WAN port is down (router
configured to share load), I cannot go to an external site previously
assigned to that 'down' WAN port until a long time. I guess, it might
be due to a table inside the router to map external IP address to a
WAN port, but the table is not flushed after a WAN port down event.
6a. It's plain stupid on NAT routing. Say, it will send out Port 443 (HTTPS) traffic to 2 different WAN interfaces, even the traffic is generated from 1 LAN PC. Draytek dual WAN router will make sure Port 443 traffic from 1 LAN PC will make use of 1 WAN interface (with perhaps a time out). Anyway, with SRX5308, I can't login to some e-banking services. I suspect, because one http / https session send a redirect to a https URL and the incoming public IP is noted. In the final https session, it will allow traffic from that recorded public IP only. So, the stupid SRX5308 send the 'final / real' https using 'another' WAN interface, the server (or firewall) on the other end refuses the traffic! Correct implementation should be if traffic is from 1 LAN PC, use the chosen WAN interface consistently (or with a reasonable time out).
6b. With 6a, so, I set a rule in SRX5308 to send Port 443 traffic to 1 WAN interface (say WAN2) only. All the observed e-banking issues were solved. But another VERY STUPID bug in SRX5308 is found, that is, if WAN2 is down, SRX5308 will NOT send Port 443 traffic to any other WAN interfaces, OMG!
7. Better load balancing algorithm, I've a highly asymmetric set up,
WAN1 is 1Gbps / 1Gbps and WAN2 is 8Mbps/640kbps. When I upload to
internet, the router chooses WAN2 (the slower one) most of the time, but WAN1 is idle.
I think, a better weighted load balancing algorithm should be used.
8. No PPTP VPN, it is a useful addition to IPSec / SSL VPN.
9. Syslog messages, if WAN connection is selected, Syslog will show
all four WAN ports status every 30 seconds. It is too much, better to
send Syslog message ONLY when the WAN connection status is CHANGED (up
or down). And the message itself is too simple (now, something like
WAN1 CONNECTION: UP, WAN2 CONNECTION: DOWN, etc.) The message should
contain protocol information, communication parameters, up / down time
duration etc.
10. Jumbo Frames on LAN ports, the internal LAN switch does NOT support
Jumbo (> 1542 bytes) Frames, confirmed by Netgear technical support!
11. No Router CPU / Memory / system up time etc. status in Monitoring page.
12. Only telnet is supported as a CLI interface, ssh is NOT supported.
13. syslog in telnet interface, you cannot read syslog message in the telnet interface, the syslog command in telnet is for you to modify the syslog setting only.
14. SRX5308 will hang from time to time. Okay, not very frequently, say once every few weeks. Com'on, with the price tag, and the spec, I demand a 24x7x365 class box. My 1/2 price Draytek 2950 runs and runs, until I upgrade the firmware and reboot. Yes, they are not the same spec, but SRX5308 is crap!
All the above were sent to Netgear technical support (w/o the comparison with Draytek), but all the replies I received are just company lines. And no single firmware update is ever published (as of 7-Oct-2010)!
I've used my SRX5308 since it released in April / May 2010. TOTALLY DISASTER!
My 2 points:
1. Lack of general DDNS support, the existing 4 are too restricted,
TZO is not a free service (30 days free trial), the last 2 are for PRC
users only, as they request PRC identity card number to register.
Should have a general DDNS interface and many more DDNS choice (my
choice: ZoneEdit).
2. Lack of WAN Traffic log / graph. It will be good if a traffic log
/ graph per WAN interface is there to show, in / out bytes per minute,
opened sessions per minute, CPU loading, memory loading, multicast
traffic, network collision, errors, etc.
3. DHCP reservation for specific MAC addresses. The current User
Interface in Networking-->Lan Settings-->Lan Group, is very deep and
not user friendly. User should have a simple MAC address = IP address
table to make the setting. In the current firmware, I found some
problem in routing. If I save a MAC address, IP address pair, but the
IP address is NOT in the DHCP range, the router refuse to send out
packets for that IP address (but ping router is okay, proxy DNS from
router is okay)!
3a. The Menu structure cannot be more irrational! You can call me stupid, I expect I have a 'reboot router' button in 'Administration' tab, but not in 'Monitoring-->Diagnostics-->Router Options' tab!
4. Better user interface for WAN TCP/UDP ports map to LAN IP
ort.Now, it is unclear to put it under Security-->Lan routing-->Incoming
routing. Actually, it should be very simple, Port Mapping, WAN Port /
Protocol = LAN IP
ort.5. PPPoE on WAN port will show WAN port MAC address as
00:00:00:00:00:00. At least, I use PPPoE in WAN2 port, and it's the
display from Monitoring-->Router Details
6. Better load balancing algorithm, when a WAN port is down (router
configured to share load), I cannot go to an external site previously
assigned to that 'down' WAN port until a long time. I guess, it might
be due to a table inside the router to map external IP address to a
WAN port, but the table is not flushed after a WAN port down event.
6a. It's plain stupid on NAT routing. Say, it will send out Port 443 (HTTPS) traffic to 2 different WAN interfaces, even the traffic is generated from 1 LAN PC. Draytek dual WAN router will make sure Port 443 traffic from 1 LAN PC will make use of 1 WAN interface (with perhaps a time out). Anyway, with SRX5308, I can't login to some e-banking services. I suspect, because one http / https session send a redirect to a https URL and the incoming public IP is noted. In the final https session, it will allow traffic from that recorded public IP only. So, the stupid SRX5308 send the 'final / real' https using 'another' WAN interface, the server (or firewall) on the other end refuses the traffic! Correct implementation should be if traffic is from 1 LAN PC, use the chosen WAN interface consistently (or with a reasonable time out).
6b. With 6a, so, I set a rule in SRX5308 to send Port 443 traffic to 1 WAN interface (say WAN2) only. All the observed e-banking issues were solved. But another VERY STUPID bug in SRX5308 is found, that is, if WAN2 is down, SRX5308 will NOT send Port 443 traffic to any other WAN interfaces, OMG!
7. Better load balancing algorithm, I've a highly asymmetric set up,
WAN1 is 1Gbps / 1Gbps and WAN2 is 8Mbps/640kbps. When I upload to
internet, the router chooses WAN2 (the slower one) most of the time, but WAN1 is idle.
I think, a better weighted load balancing algorithm should be used.
8. No PPTP VPN, it is a useful addition to IPSec / SSL VPN.
9. Syslog messages, if WAN connection is selected, Syslog will show
all four WAN ports status every 30 seconds. It is too much, better to
send Syslog message ONLY when the WAN connection status is CHANGED (up
or down). And the message itself is too simple (now, something like
WAN1 CONNECTION: UP, WAN2 CONNECTION: DOWN, etc.) The message should
contain protocol information, communication parameters, up / down time
duration etc.
10. Jumbo Frames on LAN ports, the internal LAN switch does NOT support
Jumbo (> 1542 bytes) Frames, confirmed by Netgear technical support!
11. No Router CPU / Memory / system up time etc. status in Monitoring page.
12. Only telnet is supported as a CLI interface, ssh is NOT supported.
13. syslog in telnet interface, you cannot read syslog message in the telnet interface, the syslog command in telnet is for you to modify the syslog setting only.
14. SRX5308 will hang from time to time. Okay, not very frequently, say once every few weeks. Com'on, with the price tag, and the spec, I demand a 24x7x365 class box. My 1/2 price Draytek 2950 runs and runs, until I upgrade the firmware and reboot. Yes, they are not the same spec, but SRX5308 is crap!
All the above were sent to Netgear technical support (w/o the comparison with Draytek), but all the replies I received are just company lines. And no single firmware update is ever published (as of 7-Oct-2010)!
There is a public beta firmware that you can run with that will solve a few of these issues. you have to contact support via phone and they will provide a download link for you via email. I am not affiliated with netgear in anyway other than a customer and member of there Beta Software group that anyone can join. I have replicated a few of these issues on the initial release software and some but NOT ALL are currently fixed in current beta code. I can tell you that the base processor in the 5308 is the same as what is in the UTG50 and if you don't need the 4 uplinks it may be a better fit for you in terms of security.
Draytek 2920 a Better Choice for the SOHO
http://www.draytek.co.uk/products/vigor2920.html
Dual-WAN ports for load-balancing and failover/reduncancy
WAN1 : 10/100BaseT Ethernet
WAN2 : Gigabit Ethernet
Up to 150Mb/s Data throughput
All-Gigabit 4-port Ethernet LAN Ports
3G (Cellular) USB Modem support
Comprehensive and Robust Firewall
Content Filtering (by matched keyword or data type)
Web Site Category Filtering (subject to subscription)
Ethernet and WiFi Virtual LAN segmentation (common/distinct)
Configurable QoS Features (For traffic prioritisation)
VPN Dial-in/dial-out with VPN hardware co-processor
Mobile One-Time Passwords (MOTP)
802.11n Wireless LAN ('n' models only)
USB Port for Printer or 3G Modem
Highly configurable but easy to install and monitor
Draytek Router Comparison Chart: http://www.draytek.co.uk/products/comparison.html
SOHO users do not need the 200 VPN Tunnels possible with the 2955 and do need at least one Giga-bit WAN port.
Not sure where I saw it, but it is possible that the NAS will provide only 12MBps data transfer rate.
Comments?
//Cliff
http://www.draytek.co.uk/products/vigor2920.html
Dual-WAN ports for load-balancing and failover/reduncancy
WAN1 : 10/100BaseT Ethernet
WAN2 : Gigabit Ethernet
Up to 150Mb/s Data throughput
All-Gigabit 4-port Ethernet LAN Ports
3G (Cellular) USB Modem support
Comprehensive and Robust Firewall
Content Filtering (by matched keyword or data type)
Web Site Category Filtering (subject to subscription)
Ethernet and WiFi Virtual LAN segmentation (common/distinct)
Configurable QoS Features (For traffic prioritisation)
VPN Dial-in/dial-out with VPN hardware co-processor
Mobile One-Time Passwords (MOTP)
802.11n Wireless LAN ('n' models only)
USB Port for Printer or 3G Modem
Highly configurable but easy to install and monitor
Draytek Router Comparison Chart: http://www.draytek.co.uk/products/comparison.html
SOHO users do not need the 200 VPN Tunnels possible with the 2955 and do need at least one Giga-bit WAN port.
Not sure where I saw it, but it is possible that the NAS will provide only 12MBps data transfer rate.
Comments?
//Cliff
Last edited:
Similar threads
Latest threads
-
-
-
LAN - IPTV - what does it do, and how to reproduce it on other than asus devices?
- Started by abgx1
- Replies: 1
-
-
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!
Staff online
-
thigginsMr. Easy