If you used to transferring large files quickly and easily in an office environment, it’s only natural that you’re going to want the same flexibility on those occasions when you’re working from home.
The DGN2000 is part of Netgear’s RangeMax series of ADSL routers and with Draft-N wireless transfer speeds and a wide range of security features it’s an appealing choice.
Without the luxury of an IT department to assist you at home or in a smaller business it’s good news that the interface includes a setup wizard to automatically detect your ADSL settings before prompting you for your ADSL account name and password.
The DGN2000 has a wider range of security options than many similarly priced routers. You can blacklist sites either by exact domain or by keywords, which is handy if you want to prevent users, from browsing Facebook during business hours. The blacklist can be linked to a schedule, so banned sites can be made available during lunch breaks or after office hours. Also useful is the ability to add a single trusted IP address that is allowed to access blocked sites.
Further control over incoming and outgoing traffic is available through Firewall Rules, which allow you to restrict access to specific IP address ranges and a selection of ports used by common services. You can add port ranges of your own, making it easy to block those commonly used for things such as peer-to-peer clients, and rules can be applied to all local machines or only those in a designated address range.
You can configure the router to email hourly, daily or weekly logs to a designated address. If you enable reports, the router can immediately send an alert if it detects a DoS attack, port scan or an attempt to access a blocked site. If you plan on administrating the server remotely, the Advanced settings let you limit remote access to a specific range of IP addresses for added security.
Unlike enterprise class routers that use an isolated Ethernet segment for their DMZ, which prevents machines inside it from accessing anything behind the firewall, the DGN2000's DMZ is not restricted from connecting to the rest of the local network. This means that, although you can enable the DMZ and put a machine in it to handle incoming service requests that don't match any of your existing firewall rules, it really isn't a very good idea to do so except for rare troubleshooting purposes.
The router has a SIP (Session Initiation Protocol) ALG (Application Gateway Layer) that enables it to handle voice or video calls from hardware or software VoIP phones and correctly initiate an internet telephony session that directs packets to the correct ports of both client and server. This can avoid VoIP routing problems associated with NAT firewalls but some SIP applications use their own workarounds for NAT problems. In case of such incompatibilities, Netgear has helpfully provided an option to disable SIP ALG in the Advanced WAN Setup options.
Most basic ADSL connections provide a dynamic IP address, which changes, if not every time you reconnect to your ISP, but on a regular basis. This means that, if you host a website locally, the DNS record linking your domain name to your IP address will have to be changed every time your IP address changes. To do this, many routers have built-in support for Dynamic DNS services that can notify the DNS servers that handle the routing of your domain name whenever your IP address changes. Unfortunately, the DGN2000 only supports a single DDNS provider: DynDNS, so if you use a different service you'll have to instead install a software notification client on a computer inside your network.
[pb/]
You'll probably want to use the router as a DHCP server to automatically assign local IP addresses to every device that connects to the network. However, if your office uses a network printer, NAS device or file server, you'll want their addresses to remain static, rather than changing every time they're connected. You can assign fixed IP addresses in the router's Advanced LAN Setup, where you can simply select any device currently connected to the network or manually enter the MAC address and desired IP of any device you wish to assign a static address to.
The DGN2000 enables you to implement MAC filtering through its Wireless Station Access List. When Access Control is enabled, only wireless devices on your trusted list will be able to connect to the router. This is by no means foolproof security but it's an additional line of defence. Of course, you'll need more than this to secure your wireless network against intruders. The router supports 64-bit and 128-bit WEP, WPA-PSK and WPA2-PSK encryption, as well as WPA-802.1x, which authenticates connection attempts against a RADIUS server located elsewhere on the LAN.
Its wireless transfer speeds were good. Tests using ours Centrino 2 notebook produced particularly strong results when compared to other wireless routers, like Belkin's similarly priced N+ Wireless ADSL Router. We were particularly impressed by a 22.3Mbit/s transfer speed at a distance of 25m, which means that this router should be powerful enough to provide fast and stable wireless access to users across even large offices.
Like all Certified 802.11 Draft N routers, the DGN2000's wireless radio is set to use only a single channel by default, which limits its speed to 130Mbit/s. We enabled channel bonding by switching to 270Mbit/s mode in the router's Wireless Settings. This produced speeds of 58.6Mbit/s at a distance of 15m when we used a Netgear RangeMax Wireless-N USB adaptor, compared to 51.4Mbit/s with channel-bonding disabled. However, channel-bonding can result in a less stable wireless signal that is more prone to interference. We were unable to get a consistent signal in channel-bonding mode at 25m. Fortunately, the practical speed difference between the two modes is negligible.
The DGN2000 provides enough security for business use and we were pleased by its range of security alert, logging and diagnostic options. However, it lacks a number of features that some businesses will class as essentials, like built-in VPN tunnelling capabilities, IPsec and support for multiple SSIDs and guest logins.
What’s more, the absence of Gigabit Ethernet could be a serious problem for businesses that shunt large amounts of data across their local network. This is disappointing given that almost all small enterprise NAS equipment supports 10/100/1000 Ethernet but is sadly typical of an ADSL router. Although almost every cable router on the market has Gigabit, only a handful of more expensive ADSL devices do, like Belkin’s N1 Vision, Netgear’s DG834N and Billion’s more business-oriented BiPAC 7402NX, which also has support for VPN tunnelling and a 3G failover. However, these are more than twice the price of the DGN2000 and neither performed as well in our wireless speed tests over distances of 25m.
Author: Kat Orphanides
Netgear DGN2000 – 802.11n router review