Netgear DG824M review

Matthew Bell ZDNet.co.uk

Published: 02 Apr 2003

If you've got more than one computer at home, and are thinking of using ADSL to connect them to the Internet, you've got two choices. Either you go for wired Ethernet and put up with Cat5 cables strewn around the house -- which may or may not be acceptable to you and/or your co-habitees -- or you pay a little extra and go wireless, leaving everything neat and tidy. If the main use of your home network is for Internet access rather than for transferring huge files between your home computers, then 11Mbps 802.11b wireless Ethernet will give you ample performance; 54Mbps 802.11g is very nice, but given that the average home ADSL connection is only 512Kbps then it's wasted.

But you need a few more things. An ADSL modem, of course, plus a router to perform NAT (Network Address Translation) to make your multiple home computers look like a single device to your ISP, and the obligatory firewall. A handful of wired Ethernet ports can also be useful for any devices you have that aren't appropriate for wireless -- a PC running as your home email server and/or Web site, for example.

Installation & setup

Get all of the above as separate devices and you're looking at quite a stack of kit. Good for the flashing light count and the impression of technical excellence; bad if you want your home to actually look like a home rather than a NASA ground station. Alternatively, you can get Netgear’s DG824M wireless ADSL modem and firewall router, and have it all in a smart-looking, single unit about the size of a hardback book -- 25.5cm by 17cm by 35cm, to be precise. Supplied with the unit is an ADSL splitter/filter that plugs into your phone socket, a cable to go from that to the DG824M, an Ethernet cable if you need it, an external power supply, a handy quick-start guide and a CD-ROM containing the full documentation. The only things you need to add yourself are a wires-only ADSL account and your choice of computers to use it with.

Getting the DG824M up and running is about as simple as these things get. Plug it in as shown on the quick-start guide, and then point a Web browser on either a wired (it has four 10/100 Ethernet ports on the back) or wireless PC at the DG824M's default IP address. Put in the username and password for your ADSL account and you're up and running. It really is that simple. Admittedly, this will leave the wireless connection wide open, so the cautious would then set up WEP encryption -- either 64-bit or 128-bit -- and lock down wireless access to the MAC addresses of the wireless cards you want to allow to connect. Thankfully, all of these tasks are aided by the built-in Web interface with no real need to go wading through the documentation -- each of the Web interface's configuration pages has a good explanation alongside it, with tips about what each option does and what it’s used for. Netgear has done a very good job of making this all as straightforward as possible. This is helped by the way that most of the default firewall and security settings err on the cautious side.

Features
The DG824M's built-in firewall offers a reasonable mix of functionality. Netgear claims that it performs stateful packet inspection as well as monitoring for Denial of Service attacks and similar. Certainly, although the firewall's logs showed a fair amount of questionable traffic being stopped at the ADSL interface, packet sniffing on the LAN side didn't uncover anything getting on to the LAN that wasn't supposed to be there. Talking of logs, having a firewall is of limited usefulness if you don't keep an eye on what the firewall's actually doing. The DG824M's logging capabilities are basic but sufficient for most purposes and, usefully, you can easily set it up to email you the logs either when something of interest takes place (a Denial of Service attack, for example) and/or just on a regular basis to save as on-going records.

There are some nice options to block traffic by protocol, IP address, URL and even time of day. If you're using the DG824M in a small office, it's quite easy to limit your co-workers access to non work-related sites during the day, but to then open it up after-hours. Again, you can choose to log attempts to access off-limits sites so you can keep an eye on what people are trying to do.

The DG824M's router and firewall support VPN (Virtual Private Network) pass-through, but it cannot act as a VPN end-point in itself. What this means is that if you've got PCs on your local network that need to access a corporate network using VPN, those PCs will need to have VPN client software running on them to do the encryption/decryption. But, at least, the DG824M won't get in the way of this. If it could act as a VPN end-point then it would mean that the unit itself would do the VPN encryption/decryption and your local PCs would believe that they were directly connected to the corporate network. This lack of VPN end-point capability seemed quite a lack at first but, on reflection, it makes a fair amount of sense. For a start, there are several different VPN implementations out there, and it's virtually impossible for a small device like the DG824M to support them all.

Second, and perhaps more importantly, if your ADSL router is acting as the VPN end-point, it means that all the traffic on your local network isn't encrypted. Your local network is then, effectively, a part of your corporate network. This isn't too much of an issue if your local network is all wired Ethernet, but remember that the DG824M is also a wireless bridge; 128-bit WEP security is fairly time-consuming to break but it is by no means unbreakable. By only supporting VPN pass-through, it means that any and all corporate VPN traffic that could be floating around your home wireless network will be encrypted by the cryptographically robust VPN standards in addition to the rather less rigorous WEP standards.

Leaving the tedious details of cryptography and risk analysis aside, the DG824M has several other tricks up its sleeve. The firewall supports port-forwarding, so incoming connections -- say, if you're running your own Web site on your home network -- are directed to the appropriate PC on your network that can deal with them. It also allows you to specify one device on your local network as being in a DMZ and so, for most intents and purposes, directly connected to the Internet. Without a dedicated DMZ port on the unit, however, it’s up to you to decide whether you trust the DG824M's filtering capabilities sufficiently enough to have your DMZ machine on the same network as the rest of your protected machines.

With all these configuration possibilities (options that you can happily and safely ignore if you just need basic Internet browsing support), one particularly welcome feature is that the entire configuration set can be saved to your PC for backup. This is a fatal flaw in many devices that come with friendly Web-based management interfaces; recreating it all if you happen to lose the settings can be a real pain. The DG824M's facility to backup and restore configuration files is, as a consequence, a nice touch. Not that this last resort was needed during testing, however; after subjecting the poor thing to all manner of network abuse, it just sat there chugging away with no more than the occasional, reproachful firewall log entries as evidence of our attempts to get it to misbehave.

Conclusion

It's difficult not to like the DG824M. It provides an impressive range of services, is controlled through one a very well designed management interface, and once set up, it just gets on with it. Perhaps the only criticism that could be levelled at it is that it only uses a single aerial for the wireless bridge. Many other wireless access points have two aerials, and automatically select which one to use on-the-fly based on signal quality. This may be an issue if you want unusually long distance wireless access, or through particularly thick walls. On the other hand, the DG824M's aerial is, at least, connected by a standard plug and socket so you can easily replace it with a higher-spec one if required.

• 
• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit