Netgear DGN2000 – 802.11n router review

Netgear's DGN2000 offers draft-n wireless at an appealing price, but are the performance and features good enough for the business user?

IT Pro Verdict

If affordability, a well designed interface and good wireless performance are your main priorities, then the DGN2000 is a good choice, but if you require more advanced features and Gigabit networking, you should look elsewhere.

If you used to transferring large files quickly and easily in an office environment, it's only natural that you're going to want the same flexibility on those occasions when you're working from home.

The DGN2000 is part of Netgear's RangeMax series of ADSL routers and with Draft-N wireless transfer speeds and a wide range of security features it's an appealing choice.

Without the luxury of an IT department to assist you at home or in a smaller business it's good news that the interface includes a setup wizard to automatically detect your ADSL settings before prompting you for your ADSL account name and password.

The DGN2000 has a wider range of security options than many similarly priced routers. You can blacklist sites either by exact domain or by keywords, which is handy if you want to prevent users, from browsing Facebook during business hours. The blacklist can be linked to a schedule, so banned sites can be made available during lunch breaks or after office hours. Also useful is the ability to add a single trusted IP address that is allowed to access blocked sites.

Further control over incoming and outgoing traffic is available through Firewall Rules, which allow you to restrict access to specific IP address ranges and a selection of ports used by common services. You can add port ranges of your own, making it easy to block those commonly used for things such as peer-to-peer clients, and rules can be applied to all local machines or only those in a designated address range.

You can configure the router to email hourly, daily or weekly logs to a designated address. If you enable reports, the router can immediately send an alert if it detects a DoS attack, port scan or an attempt to access a blocked site. If you plan on administrating the server remotely, the Advanced settings let you limit remote access to a specific range of IP addresses for added security.

Unlike enterprise class routers that use an isolated Ethernet segment for their DMZ, which prevents machines inside it from accessing anything behind the firewall, the DGN2000's DMZ is not restricted from connecting to the rest of the local network. This means that, although you can enable the DMZ and put a machine in it to handle incoming service requests that don't match any of your existing firewall rules, it really isn't a very good idea to do so except for rare troubleshooting purposes.

The router has a SIP (Session Initiation Protocol) ALG (Application Gateway Layer) that enables it to handle voice or video calls from hardware or software VoIP phones and correctly initiate an internet telephony session that directs packets to the correct ports of both client and server. This can avoid VoIP routing problems associated with NAT firewalls but some SIP applications use their own workarounds for NAT problems. In case of such incompatibilities, Netgear has helpfully provided an option to disable SIP ALG in the Advanced WAN Setup options.

Most basic ADSL connections provide a dynamic IP address, which changes, if not every time you reconnect to your ISP, but on a regular basis. This means that, if you host a website locally, the DNS record linking your domain name to your IP address will have to be changed every time your IP address changes. To do this, many routers have built-in support for Dynamic DNS services that can notify the DNS servers that handle the routing of your domain name whenever your IP address changes. Unfortunately, the DGN2000 only supports a single DDNS provider: DynDNS, so if you use a different service you'll have to instead install a software notification client on a computer inside your network.

K.G. Orphanides

K.G. is a journalist, technical writer, developer and software preservationist. Alongside the accumulated experience of over 20 years spent working with Linux and other free/libre/open source software, their areas of special interest include IT security, anti-malware and antivirus, VPNs, identity and password management, SaaS infrastructure and its alternatives.

You can get in touch with K.G. via email at