Idea Exchange For Business

Please consider using HTTPS for the web management of the GS1xxE line of switches. Especially the smaller models need a secure way to configure them as there are no real replacements for in-field deployments outside special technical rooms where is no room to fit an entire rack into...   As the current state of security of many of the embedded or IoT thingis is sub-optimal it is crucial to prevent login credential sniffing via other pOwnd network devices within the same subnet.   Thanks, Stefan Seide ... View more

In the client section of the Insight App, it would be useful to see additional information against each device, for instance, which channel frequency are they using 2.4 to 5Ghz, what channel are they using, what 802.11xx mode are they using, what WPA mode did they authenticate with, the RSSI signal strength, are they using a private MAC address (on a modern phone) - adding fields (and others) such as these into the Client's page would help with diagnosing connection problems.     Also would be good to be able to click on a client in the browser and see its history, so when it connect, disconnect, change AP if roamed, connect again etc, so we can see a history of the wireless client with relevant fields that will allow us to diagnose connectivity problems. ... View more

Limiting the antenna power to levels like 100%, 50%, 25%, etc. is ridiculous and severly limits fine tuning it to the local radio enviroment.  Please update to allow changing it to values from 1 dBm to 18 (20) dBm like a normal person. ... View more

Would you please allow the WAC720 access points to be usable on Insight?  Without Insight compatibility, impending discontinuation of Business Central will remove cloud management functionality from these devices that were purchased only 1 year ago.  Thank you in advance! ... View more

The GS110TP supports only a max SSL key length of 2048 bits. This is a real problem for modern PKI infrastructures where - at least - the CAs almost always use a 4096 bit key length.   Given that the GS110TP is still sold today I hope hat this could be corrected in a (near) future firmware update. ... View more

Please add support for TLS 1.2 to GS108Tv2 switch range.  Currently only TLS 1.0 is supported on firmware 5.4.2.35.  TLS 1.0 is  considered deprecated by IETF:   https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-12   <extract> 4. Do Not Use TLSv1.0   TLSv1.0 MUST NOT be used. Negotiation of TLSv1.0 from any version of TLS MUST NOT be permitted. Any other version of TLS is more secure than TLSv1.0. TLSv1.0 can be configured to prevent interception, though using the highest version available is preferable. Pragmatically, clients MUST NOT send a ClientHello with ClientHello.client_version set to {03,01}. Similarly, servers MUST NOT send a ServerHello with ServerHello.server_version set to {03,01}. Any party receiving a Hello message with the protocol version set to {03,01} MUST respond with a "protocol_version" alert message and close the connection. Historically, TLS specifications were not clear on what the record layer version number (TLSPlaintext.version) could contain when sending ClientHello. Appendix E of [RFC5246] notes that TLSPlaintext.version could be selected to maximize interoperability, though no definitive value is identified as ideal. That guidance is still applicable; therefore, TLS servers MUST accept any value {03,XX} (including {03,00}) as the record layer version number for ClientHello, but they MUST NOT negotiate TLSv1.0.   </extract> ... View more

I have two requests, 1) Being the most important and 2) being less important. 1) Per attached device real-time bandwidth monitor. Consider the scenario that a connect device is utilising too much bandwidth and slowing other users. You can’t easily identify the culprit at present. 2) Historical bandwidth and traffic stats, per attached device. Allowing you to identify large upload and downloads, etc., and View usage patterns. Thanks for the consideration. ... View more

As the core of LAN, L3 switch really needs DHCP reservation, which is indispensable. It's well-known that switch is the most stable hardware in network. It's more likely for a bare-metal server goes down than a switch does. If M4300 has DHCP reservation feature, we can transfer the DHCP server from a PC to the switch, which could enhance the stability and convenience for management of the network significantly.   At present, in "System-Services-DHCP Pool Configuration", I have to create ONE "manual_pool" for EACH MAC-IP mapping. It's REALLY tedious and boring. I think you can add at least two features to improve the situation.   1. Re-design "System-Services-DHCP Pool Configuration-Type of binding-manual" in the web-gui, and allow people to add multiple MAC-IP-GATEWAY-DNS-NETBIOS mappings to one 'manual_pool'. For example: https://i.loli.net/2020/04/03/lotb2NgSHzwpqIL.png  In this way, users can easily add or remove records by clicking the '+' or '-' button ahead of each line.   2. Add a new command to load an external text-based datebase which contains all the information stated above from a USB flash drive or tftp server. In this way, users can create and modify the text-based database using their favorite text-editor and then upload it to the switch.   It would be great if the developers can add the features I stated above to M4300.   Thanks a lot.   ... View more

What if we could have a superuser network that could cut across network isolation? Scenarion: - wireless 1: owner's network (superuser) - wireless 2: a network for guests, with network isolation Disired outcome: - How can wireless 1 see devices on wireless 2? - How can we ensure wireless 2 has no visibility of devices on wireless 1? I want W2 guests to be able to access Sonos, lights, fans that would be on W2, but not devices set on W1. All this while enabling W1 (superuser) to see IoT devices on any network. ... View more

I purchased both a GS305E and two GS308E switches and really like the performance and configuration functionality, but it's missing a key feature -a Configurable Management VLAN. Please add this feature because otherwise I'm likely going to return these switches to get something that supports them from another vendor for the same price point. ... View more

Hi,   I just got a certificate which the hash algorithm is SHA256.   But my vpn firewall only allows SHA1.   Can you please fix this?   Thank you very much.   Best regards  ... View more

Please release an updated firmware with TLS 1.2/1.3 support, and the option to disable 1.0 and 1.1. ... View more

It would be really useful to be able to configure DHCP Snooping features within the web or mobile interfaces. Certain scenarios involving DHCP just make using managed mode impossible. ... View more

I really like the NetGear Equipment and the ease of use in the cloud tool.   But there is one major issue for an MSP.   There is no way to assign a specific license to a device!   I have a number of customers, who have purchased different duration of license.  If you have two customers that have expiring or near expiring license, and one of them decides on 3 years and another on 1 and you add the codes in all at the same time.  You can now only allocate a number of licenses.  So one customer may get 3 years when they paid for 1.   I think you seriously need to review your allocations tools, unless I am missing som ... View more

It would be great to drill down on the daily Content Filtering Report, to see which connected clients tried to visit blocked sites.     It would also be nice to offer parental controls for the device or connected client browsing history.    The system is amazaing however it needs some additional features to be a reasonable solution for a work from home user with children.    ... View more

Hi,    I know that the question was allreay asked, but I HAVE to use a local mangement mode, and I wanna use fast roaming.    I have a 3 floor house, with a very big garden, so I have 4 APs: - 2 WAX610 (AX1800) - 1 HPe E-MSM460 (J9590)  - 1 outdoor EnGenius ENH1750EXT   Both EnGenius and HPe support fast roaming.    Could we excpect to have this fonction implemented in local management mode? or NetGear will force to use cloud?   Thank you! Cheers,    Serguei  ... View more

Firmware V5.10.0.3   The old FVS338 had all of the below features and worked great.  I'm surprised and very disappointed they are missing from the BR500.   Custom services are always enabled unless deleted.  An enable/disable check box on each service would be very useful.  Currently you have to delete the custom service to disable and create the custom service from scratch to enable.  This extremely inconvenient.   There is a severe security problem with port forwarding custom services.  Open ports are exposed to the whole world.  The ability to limit port exposure to a specific external IP or a range of specific IPs would solve this security problem.  It is extremely important to implement this safeguard.   ... View more

While aggregated traffic monitoring is a nice feature, I’d like to request device level monitoring. I have several devices connected and have a need to see which one(s) are using so much data. Thanks ... View more

When building a guest network in Insight, it's important to be able to rate limit throughput per client so that no one client can consume all available bandwidth on that SSID/vLan.     It can be accomplished via QoS on the APs themselves, but Inisght will not recognize those configs and the config change wouldn't be replicated to other APs.  Additionally, the QoS config may be destroyed by Inisght upon config updates.   Instructions for configuring QoS at the AP level: https://community.netgear.com/t5/Business-Wireless/How-do-I-limit-bandwidth-per-device-on-a-WAC730/m-p/1767103     ... View more