Introduction & Routing Features
NETGEAR Cable/DSL Prosafe 802.11b Wireless Firewall (FM114P) | |
---|---|
Summary | Wi-Fi certified 802.11b wireless router, w/ 4 port 10/100switch & print server. Bundled with zer0knowledge’s Freedom Security and Privacy suite. |
Update | None |
Pros | • Schedulable firewall rules • Scheduled, emailed logs & alerts • Can disable wireless Access to LAN • Built-in parallel-port printserver with LPR and bi-directional printer support |
Cons | • Cyclical variation in wireless throughput |
The FM114P is essentially an FR114P with a built-in 802.11b access point. Since I previously reviewed the FR114P, please refer to that review for most of the routing details. In my checkout, however, I did notice some changes added by the Rev 1.4 Release 06 BETA firmware that I downloaded from NETGEAR’s site that are worth mentioning:
-
This release adds UPnP support. It is enabled by default, but can be disabled via a checkbox on the LAN IP Setup screen. Passed my NAT Traversal test by automatically opening ports when I launched Microsoft Messenger, and closing them when I quit it. But the Internet Connection Status reports an 8.0Mbps speed, which should be 10Mbps.
-
The “Blocked Sites” feature now works for Newsgroups as well as websites.
-
The login “loopholes” seem to have been fixed.
-
Logging features have been enhanced and logging to a syslog server has been added. You can selectively log the following events:
- All incoming and outgoing traffic
- Router operation (start up, get time etc)
- Connections to the Web-based interface of the router
- Traffic to the router
- ICMP traffic
- Other IP packet traffic
- Known DoS attacks and Port Scans
- Attempted access to blocked sites
Although I applaud the added logging features (especially the ability to log normal website traffic), NETGEAR still has some work to do here. Some of these checkboxes seem like duplicates and were confusing to me, and the log was filled with “Administrator Interface Connecting…” messages which looked like some sort of keep-alive from the computer that the admin interface was running from. Syslog logging seemed to work fine, though.
Routing Performance
Routing performance was typical of SPI+NAT routers, with lower, but still adequate, throughput in the LAN-WAN direction – a by-product of the SPI’s activity. Interesting to note, however, that UDP streaming performance in both directions was the same, and showed no throughput or data loss at my 500kbps stream rate.
Routing Performance Test Results
Test Description | Transfer Rate (Mbps) | Response Time (msec) | UDP stream | |
---|---|---|---|---|
Throughput (kbps) | Lost data (%) | |||
WAN – LAN | 16.5 | 49 (avg) 334 (max) |
499 | 0 |
LAN – WAN | 2.6 | 306 (avg) 677 (max) |
500 | 0 |
Firmware Version | V1.4 Release 06 BETA |
See details of how we test.
Wireless Details
The FM114P uses a ZCom XI-325 PC card radio, which is based on the Intersil PRISM 2.5 chipset. The radio is completely self-contained and is plugged into a connector in the router’s main board, and cabled to the removable single-dipole external antenna via a miniature snap-on RF connector.
The external antenna connector is a reverse SMA type, which will mate nicely with many of the antennas that D-Link offers as part of their wireless line. (NETGEAR does not offer any accessory antennas.)
As Figure 1 shows, the wireless feature set is very basic, letting you set just( E)SSID, and channel. Security features include 64 or 128 bit WEP, MAC address Association control, and the ability to disable bridging between wireless and wired LAN clients.
Figure 1: Wireless settings
(click on the image for a full-sized view)
This last feature is something I haven’t seen in other Access Points or routers and would be handy for folks who want to wirelessly share their broadband connection with anyone within range, but keep them off their wired LAN.
The latest firmware (1.4 Release 06) also adds the ability to disable SSID broadcast, which will keep the FM114P from showing up in WinXP’s “Available Wireless Networks” display in most cases (assuming you change the SSID to something non-obvious!).
Note that wireless client monitoring features are pretty much non-existent.
Wireless Performance
On the surface, the wireless throughput numbers look fine, with about 4Mbps performance in all four test locations. I think part of this, however, is due to the excellent 802.11b section in the NETGEAR WAB501 Dual-Band card [reviewed here] that I used as a wireless test client.
When you look at the Ixia Chariot plots shown in Figure 2, however, a different picture emerges.
Figure 2: Wireless Performance
(click on the image for a full-sized view)
The plots confirm the good average throughput numbers, but you can see a consistent pattern of wide variation in throughput, under both strong and weak signal conditions. I also experienced long delays before many of my Response Time tests completed (note the Condition 2 results) that seemed like the AP went to sleep for awhile. This effect was pretty consistent in all test locations, and is probably linked to the same mechanism that is causing the throughput swings.
On a postitive note, WEP-enabled throughput was virtually indistinguishable from non-WEP operation, although it was difficult to tell for sure, given the wide throughput variation.
802.11b Wireless Performance Test Results
Test Conditions
– WEP encryption: DISABLED |
Firmware/Driver Versions
AP f/w: |
||||
---|---|---|---|---|---|
Test Description | Signal Quality (%) | Transfer Rate (Mbps) | Response Time (msec) | UDP stream | |
Throughput (kbps) | Lost data (%) | ||||
Client to AP – Condition 1 | 96 | 4 [No WEP] 4.1 [w/ WEP] |
3 (avg) 4 (max) |
424 | 0 |
Client to AP – Condition 2 | 62 | 3.9 | 278 (avg) 5296 (max) |
425 | 0 |
Client to AP – Condition 3 | 69 | 4 | 3 (avg) 7 (max) |
410 | 0 |
Client to AP – Condition 4 | 55 | 3.8 | 3 (avg) 4 (max) |
419 | 0 |
See details of how we test.
Closing thoughts
The FM114P is a pretty well-rounded little box, and should be a decent seller for NETGEAR due to its routing feature set, built-in parallel-port print server, sturdy “blue-box” package, and ability to accept higher-gain antennas.
And although most users probably won’t notice the wide variation in wireless throughput (unless they move a lot of large files to and from wireless clients), I’d feel better if it weren’t there!