[PLUG] Netgear Closes Support Request Without Response

Mon Nov 28 22:24:03 UTC 2005

Rich Shepard (rshepard at appl-ecosys.com) typed this ...
> On Sun, 27 Nov 2005, Keith Lofstrom wrote:
> 
> >The metaproblem here is that you attempted to get a zillion features in one
> >box and you did not succeed. Had the Netgear box succeeded for you, you
> >would have still been faced with future re-configuration problems, the
> >inability to adapt to new protocols, and probably a windows-driven upgrade
> >path. 

OK, this is a little over the top. I normally enjoy your long and
detailed messages, but this one is a little too religious for my taste.

Let me point out my bias immediately: I suggested to Dr. Shepard that
the Netgear VPN box would be a nice safe replacement for his ancient (in
PC-years) firewall. In the last 9 years I have had one Netgear device
fail, and I have never had a reason to call their tech support. I
currently have 6 Netgear devices in my office, and a couple more in a
colo cabinet, and I support 4 of these FVS318s at clients' offices along
with many switches from 4 to 24 ports.

Future reconfiguration would be the same if a nice notebook-based
firewall/router failed and lost some critical component, like a hard
drive. The FVS318 has no moving parts, so the most common failure would
be the power brick. You can back up your configuration on any PC that
can run a browser with Javascript. This is not significantly different
from a *BSD-based firewall, except that you only have to back up one
file with the appliance, vs. many configuration files with a *BSD box.

Adapting to new protocols is as easy as a firmware update, unless you're
talking about experimental protocols, or those that are not yet widely
adopted. I don't see a problem with this for a device that is sitting on
the public internet, and whose sole purpose is to facilitate some work
that is NOT experimenting with networking protocols.

>   Actually, Keith. What I wanted was -- still is -- an effective firewall in
> a small, low-power, silent case. The internal switching and connection
> to the DSL bridge were bonuses. Also, the experience of PLUGgers using
> the same model gave me confidence that this solution would work.

This is what a firewall appliance provides, along with extremely low
maintenance. And this shopping list is what inspired me to suggest the
Netgear device. 

> >At the risk of wasting space and burning electricity on multiple boxes when
> >theoretically you could get by with only one, you probably want to break
> >the function up. A cheap internal multiport switch. A cheap external switch
> >if needed. An old laptop running Linux for your firewall. Reduced
> >expectations about stateful routing inside your secure zone. That is my
> >setup, and while configuring the Linux laptop is a small annoyance, it does
> >mean I am able to upgrade and add new features, and work in a familiar
> >environment.

Or he could spend a relatively large pile of money for a nice firewall
appliance like the Fortigate 60 (I have three in my office, 2 NIB and
for sale!) which runs Linux and has a nice non-browser-specific web UI,
but it will take several days to read the manual and figure out all the
access groups and firewall settings and WAN vs. DMZ vs. LAN settings and
all the stuff he'll have to deal with if he rolls his own.

I love to tinker, but there comes a point where I just want to surf the
web and read my mail without having to consider how many transistors are
involved with each and every keystroke or mouse click. That's why I buy
firewall appliances. Oh, and no fans!

--Kurt
-- 
----------------------------------------------------------------------
    Merlot Research Group, Inc               http://www.merlot.com
    kls[at]merlot.com       GPG key 82505A74      Jabber: MerlotQA