To measure VPN throughput on the FVS, I used two PCs running 64-bit Windows with software firewalls disabled. Using TotuSoft's LAN Speed Test client and server application, with a file size of 100 MB, I measured throughput over Site to Site and Client to Site IPsec, SSL, L2TP, and PPTP tunnels. Table 2 shows the throughput results.
|Tunnel Type||Client > Gateway||Gateway > Client|
Table 2: NETGEAR FVS336G-300 VPN throughput (Mbps)
IPsec VPN throughput on the FVS336Gv3 is significantly improved over the original FVS336G. On the original FVS336G, I measured peak IPsec Client > Gateway throughput at 16.9 Mbps. On the new FVS336Gv3, the same test yielded 44.1 Mbps.
The FVS336Gv3's SSL throughput was actually a bit lower than the V1's. On the V1, I measured peak SSL throughput at 11.4 Mbps. On the new V3, I measured peak SSL throughput at 9.9 Mbps.
Note that NETGEAR rates the FVS336Gv3 as capable of 78 Mbps for IPsec throughput and 14 Mbps for SSL throughput. Most manufacturers use a UDP based test to rate throughput on their devices. The TotuSoft test uses TCP based testing. UDP has lower overhead than TCP, which is the likely explanation for the difference between my measurements and NETGEAR's ratings.
The FVS336Gv3 SPI firewall configurations look similar to the original, with a few additions. Rules can be created to filter IPv4 and IPv6 traffic between the WAN and LAN based on Service; Schedule; LAN IP addresses, IP address ranges, or groups; WAN IP addresses or IP address ranges; QoS profiles and Bandwidth profiles. In addition, firewall rules can be created to filter traffic between the DMZ port and the WAN, as well as between the DMZ port and the LAN.
External WAN Attack prevention methods include blocking pings to the WAN port, blocking TCP and UDP floods and Stealth mode, which blocks port scans on the WAN ports. Session limits can also be applied in the firewall, limiting the number of sessions or percentage of total sessions that can be established by a single device on the network. Other firewall features include source MAC address filtering and Port Triggering.
Content Filtering on the FVS336Gv3 is the same rudimentary keyword blocking found on the original model. Per the FVS336Gv3's help menu, "Up to 64 key words in the site's name (web site URL, newsgroup name, etc.) can be specified, which will cause the access to the site be blocked." Keyword blocking can be over-ridden by creating Trusted Domains. I set up a simple keyword block to filter on the word "sports." Browsing to sports.com resulted in the below page, similar to the original FVS336G.
Finally, the FVS336Gv3 firewall has the option to enable/disable a SIP ALG (Application Layer Gateway). NETGEAR's specification sheet lists their SIP ALG as compatible with VoIP devices from Linksys, SNOM, Cisco, X-Lite, D-Link, Grandstream, Polycom, Siemens, and Aastra.
Updated 2/25/16 - Router performance retest due to measurement process error
We tested router performance using our standard test method. Table 3 compares the original FVS336G to the V3.
|WAN - LAN||800 Mbps||59 Mbps|
|LAN - WAN||766 Mbps||58 Mbps|
|Total Simultaneous||918 Mbps||56 Mbps|
|Maximum Simultaneous Connections||23,478||200|
Table 3: Routing throughput
The FVS336Gv3's performance improvement over the original model is huge! The newer model's unidirectional throughput is at least 700 Mbps faster than the previous model, as shown in the plot below. The variation shown is typical of what we see on most of today's routers.
Unidirectional ThroughputSimultaneous up/downlink router throughput is shown in the plot below. We measured simultaneous throughput on the FVS336Gv3 at 918 Mbps, a massive increase over the original FVS336G's 56.3 Mbps.
|Test Description||FVS336G-300||Linksys LRT224||Cisco RV320|
|WAN - LAN||800 Mbps||797 Mbps||887 Mbps|
|LAN - WAN||766 Mbps||721 Mbps||746 Mbps|
|Total Simultaneous||918 Mbps||805 Mbps||832 Mbps|
|Maximum Simultaneous Connections||23,478||30,467||32,249|
Table 4: VPN Router comparison
The NETGEAR comes in as the most expensive of the three at $230 (Amazon.com). From a feature standpoint, all three routers are similar, with multiple WAN ports, Gigabit LAN ports and support for IPsec, PPTP, and SSL VPN tunnels. From a router performance standpoint, all three routers are close on WAN-LAN and LAN-WAN throughput.
The FVS336Gv3 differentiates itself by adding L2TP VPNs to the mix, and clearly leading the other two routers on Total Simultaneous throughput. In addition, while all three routers offer a limited lifetime warranty, NETGEAR goes one step further and offers Next Business Day Replacement in the event of device failure.
Overall, the FVS336Gv3 is certainly a performance upgrade over the older FVS336G. I think the reliance on Windows'Virtual Passage SSL adapter holds the FVS336Gv3 back a bit, compared to other SSL VPN solutions, such as Open VPN. On the whole, though, the FVS336G-300 is a fast and highly configurable Dual WAN VPN Router.