Need a router with business grade filter/blocking capabilities


Recommended Posts

Hello everyone!

 

I have a quick question here.  I'm looking for a router to use for one of my business clients that will provide complete blocking and filtering capabilities for anything except web, email, and possibly instant message.  Everything else especially and including all types of file sharing needs to be prohibited.

 

This is for a business retail location that offers free wifi to their customers.  Recently they were hit with a copy right infringement notice from their ISP.  They have a basic Netgear router that only has port forwarding available and after a bit of investigation it appears someone secretly living nearby or in the public nearby is leeching off their wifi getting movies, music, porn, etc.

 

For now the wifi has been temporarily shut off, but the owner wants free wifi back for customers.  However he wants it so that the web is open, ability for guests to use email apps on their phones (smtp, etc) is open, but that is about it.  He explicitly wants everything else to be blocked.

 

What router would do this?  Hes willing to pay the cost of a router that offers these features.  I looked into DD-WRT which can do this... with IPTables.  I'd like to have something a lot less complicated and built natively into a routers firmware directly.

 

Any suggestions?

Link to comment
Share on other sites

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

Thanks for that link.  Tho having a firewall appliance at that price is a bit more than what they were wanting to pay for.  I seem to remember either D-Link or Netgear offered some router the other year that has the features i was looking for for this customer, but i can't find it tho.

Link to comment
Share on other sites

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

I second this.  The TZ series are great. And while you do need a good working knowledge of networking the UI is very well laid out and pretty straight forward.

Link to comment
Share on other sites

Get a Buffalo Router or something that run DD-WRT or Tomato.  You can block websites.

 

Another option, get a cheap desktop and run Untangle on it or another disto like IPCop.  They have plugins for filtering and such.

Link to comment
Share on other sites

This is for a business retail location that offers free wifi to their customers.  Recently they were hit with a copy right infringement notice from their ISP.  They have a basic Netgear router that only has port forwarding available and after a bit of investigation it appears someone secretly living nearby or in the public nearby is leeching off their wifi getting movies, music, porn, etc.

Why is the business owner responsible for others leeching ?

Link to comment
Share on other sites

You connection means you are responsible for all the activity on it, illegal or not.

 

only in backward parts of the world where the MAFIAA reigns supreme (which now is most of the western world, i guess).

Link to comment
Share on other sites

Get a Buffalo Router or something that run DD-WRT or Tomato.  You can block websites.

 

Another option, get a cheap desktop and run Untangle on it or another disto like IPCop.  They have plugins for filtering and such.

 

Actually I mentioned this above, I'm trying to avoid DD-WRT just because it's configuration time with IPtables is more complex and takes more time.  The customer wants simple.  Also the desktop option isn't available because this is for a retail establishment and this will be in a back office where only a patch panel mounting area is available.

Link to comment
Share on other sites

Why is the business owner responsible for others leeching ?

 

That is the ISP's policy.  Some one in the area has been abusing this business owners free public wifi by downloading pirated material and the ISP is getting copy right infringement notices for this business establishment.  The ISP threatened to disconnect them if there wasn't some security measures provided.

Link to comment
Share on other sites

Actually I mentioned this above, I'm trying to avoid DD-WRT just because it's configuration time with IPtables is more complex and takes more time.  The customer wants simple.  Also the desktop option isn't available because this is for a retail establishment and this will be in a back office where only a patch panel mounting area is available.

You don't do anything with IPTables if you don't want to.  Everything is GUI.  You just need to enter the sites or keywords you want to block.

 

It uses IPTables in the background, just like every other firewall distro based on Linux.  Even a lot of commercial firewalls use Linux as a backend, they just use different interfaces and do things a little differently.

 

Someone posted a Watchguard box, that should do exactly what you need.  Just get it. 

Link to comment
Share on other sites

You don't do anything with IPTables if you don't want to.  Everything is GUI.  You just need to enter the sites or keywords you want to block.

 

It uses IPTables in the background, just like every other firewall distro based on Linux.  Even a lot of commercial firewalls use Linux as a backend, they just use different interfaces and do things a little differently.

 

Someone posted a Watchguard box, that should do exactly what you need.  Just get it. 

 

Actually the GUI within DD-WRT doesn't do what this customer needs.  The customer needs everything blocked, all services, ports, etc (except http, smtp, and probably imap).  DD-WRT blocks everything, but doesn't offer exclusions to that blanket block that he needs.

Link to comment
Share on other sites

For a business user, there is only 3 that i recommend to my clients: Sonicwall, Cisco, WatchGuard. I personally perfer the WatchGuard because they are very user friendly. I own an IT company and if you decide to purchase a Sonicwall or Watchguard let me know and I can help you configure it for your client.

Link to comment
Share on other sites

Set up the IPTables for him then.  There shouldn't be anything he has to do if you're only going to allow HTTP, HTTPS, etc..

 

You set it once, it's done.  If you don't want to do that manually, then buy a solution that works, which has already been mentioned.

Link to comment
Share on other sites

Get the RouterBoard RB2011UAS-2HnD-IN:

 

http://routerboard.com/RB2011UAS-2HnD-IN

 

The RB2011 is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UAS-2HnD has most features and interfaces from all our Wireless routers. It?s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2192-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.

Link to comment
Share on other sites

For a business user, there is only 3 that i recommend to my clients: Sonicwall, Cisco, WatchGuard. I personally perfer the WatchGuard because they are very user friendly. I own an IT company and if you decide to purchase a Sonicwall or Watchguard let me know and I can help you configure it for your client.

 

bnelsonjax, I sent you a private message.

Link to comment
Share on other sites

Get the RouterBoard RB2011UAS-2HnD-IN:

 

http://routerboard.com/RB2011UAS-2HnD-IN

 

The RB2011 is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UAS-2HnD has most features and interfaces from all our Wireless routers. It?s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2192-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.

 

 

Here's a hi-res image of the above mentioned router:

 

523_hi_res.jpg

  • Like 2
Link to comment
Share on other sites

pfsense or untangle can do what you need.  pfsense would be the cheaper out of the two being that you just need a spare computer...something old would work just fine or the ability of a vm environment.

  • Like 3
Link to comment
Share on other sites

Get the RouterBoard RB2011UAS-2HnD-IN:

 

http://routerboard.com/RB2011UAS-2HnD-IN

 

The RB2011 is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UAS-2HnD has most features and interfaces from all our Wireless routers. It?s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2192-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.

 

Wow. Never heard of that before but I really like it. Thanks for the tip.

Link to comment
Share on other sites

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

 

I second this.  The TZ series are great. And while you do need a good working knowledge of networking the UI is very well laid out and pretty straight forward.

 

+1. I know you said it's a little more than you want to spend, but my suggestion is to save up. The Sonicwall TZ-215 and NSA 220 devices are excellent and worth the extra cash IMO.

Link to comment
Share on other sites

  • 1 month later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.