HOWTOlabs Netgear SRX5308
firewall with near Gigabit speed throughput

2015-07-18, rickatech

Related
[ edit ]

The NETGEAR ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 has been around a while.  For those with modest Internet bandwdith (< 30 Mbps), this router/firewall's hefty network processing power is rather overkill.  However if you have access to fiber (e.g. AT&T GigaPower), suddenly it becomes a necessity.

This is a rather easy to configure device with two large drawbacks.

  1. Super buggy firmware upgrade process.
    Not a show stopper, but make sure you can rebuild your configuration/firewall rules from scratch if new firmware download comes out.  Mostly likely when it does, you may end up factory defaulting the firmware, then applying the latest firmware on top of that, then re-entering you configuration.
  2. HTTPS certificate warnings
    Much Netgear equipment has an admin HTTP interface, only secured by a simple password.  This unit uses HTTPS with a simple password, however as its has been on the market a while, the SSL Certificate eventually expires, and many browsers will vociferously complain, while some recent versions of Firefox will refuse to load any pages.

A particularly obscure but important firewall feature is secondary WAN addresses.  If you plan to use the Multi-NAT features to firewall more than a single public IP address, the router performs much more predictably if you cite all but the main public IP address as secondary WAN addresses.  Not doing this may result in strangely non-functioning firewall rules.

2015-08-10, rickatech - followup

The NETGEAR ProSafe SRX5308 clearly has significant firewall processing power, however after several weeks of use it definitely has traffic management quirks.  I have opened a ticket with Netgear to address frequent dropped packets, and stalled web requests.  I understand this device was probably conceived when 1.5 Mbps T1 was considered a lot of bandwidth, but with a solid 300 Mbps AT&T GigaPower fiber, the considerably higher traffic flow seems to overload this device.  Stay tuned for more details ...