NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
How old is the BR200
I am in Canada. I was going to buy the BR500 from my distributor and they said that it was discontinued and replaced with the BR200. Is the BR200 better then the BR500? How long has the 200 been m...
BR200 is a lower price product versus BR500. BR200 OpenVPN supports the same way as BR500, only as an OpenVPN server, there is no site-2-site option with OpenVPN on either BR200 or BR500.
You can set up site-2-site on two BR200 routers with IPSec.
Got it, but that's not my point. Speaking about IPSec site-2-site VPN, it's not possible to use an industry good practice hash algorithm with BR200. Corret me, if I'm wrong.
The strongest algorithm BR200 offers is SHA-1, but it's already discouraged to use this one.
See for example:
Guide to IPsec VPNs (nist.gov)
(https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-77r1.pdf)
Page VII: SHA-1 is legacy. Page 34: When migrating from IKEv1 to IKEv2, an upgrade of the algorithms used is strongly recommended. 3DES, MD5, SHA-1, and DH Groups 2 and 5 should not be used. Instead, AES-CBC with HMAC-SHA-2 or AES-GCM with either DH group 14 or an ECDH group (19, 20, or 21) should be used.
Hence my question if there will be a firmware update for that business product?
Thank you for reporting this, this is a local device GUI issue on BR200. A workaround is to use Insight to config IPsec and get access to all IKEv2 options including sha-256 and beyond.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
