Need a router with business grade filter/blocking capabilities

[modem]

Hello everyone!

 

I have a quick question here.  I'm looking for a router to use for one of my business clients that will provide complete blocking and filtering capabilities for anything except web, email, and possibly instant message.  Everything else especially and including all types of file sharing needs to be prohibited.

 

This is for a business retail location that offers free wifi to their customers.  Recently they were hit with a copy right infringement notice from their ISP.  They have a basic Netgear router that only has port forwarding available and after a bit of investigation it appears someone secretly living nearby or in the public nearby is leeching off their wifi getting movies, music, porn, etc.

 

For now the wifi has been temporarily shut off, but the owner wants free wifi back for customers.  However he wants it so that the web is open, ability for guests to use email apps on their phones (smtp, etc) is open, but that is about it.  He explicitly wants everything else to be blocked.

 

What router would do this?  Hes willing to pay the cost of a router that offers these features.  I looked into DD-WRT which can do this... with IPTables.  I'd like to have something a lot less complicated and built natively into a routers firmware directly.

 

Any suggestions?

[xendrome]

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

[modem]

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

Thanks for that link.  Tho having a firewall appliance at that price is a bit more than what they were wanting to pay for.  I seem to remember either D-Link or Netgear offered some router the other year that has the features i was looking for for this customer, but i can't find it tho.

[StrikedOut]

Take a look at www.draytek.com. These routers are reasonably priced but with some high end features.

[#Michael]

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

I second this.  The TZ series are great. And while you do need a good working knowledge of networking the UI is very well laid out and pretty straight forward.

[farmeunit]

Get a Buffalo Router or something that run DD-WRT or Tomato.  You can block websites.

 

Another option, get a cheap desktop and run Untangle on it or another disto like IPCop.  They have plugins for filtering and such.

[Hum]

This is for a business retail location that offers free wifi to their customers.  Recently they were hit with a copy right infringement notice from their ISP.  They have a basic Netgear router that only has port forwarding available and after a bit of investigation it appears someone secretly living nearby or in the public nearby is leeching off their wifi getting movies, music, porn, etc.

Why is the business owner responsible for others leeching ?

[Roger H. Veteran]

You connection means you are responsible for all the activity on it, illegal or not.

[primexx]

You connection means you are responsible for all the activity on it, illegal or not.

 

only in backward parts of the world where the MAFIAA reigns supreme (which now is most of the western world, i guess).

[Lezard]

http://www.amazon.com/WatchGuard-5-Port-Firewall-Appliance-WG025001/dp/B0077EY6KM/ref=zg_bs_3012924011_15

[modem]

Get a Buffalo Router or something that run DD-WRT or Tomato.  You can block websites.

 

Another option, get a cheap desktop and run Untangle on it or another disto like IPCop.  They have plugins for filtering and such.

 

Actually I mentioned this above, I'm trying to avoid DD-WRT just because it's configuration time with IPtables is more complex and takes more time.  The customer wants simple.  Also the desktop option isn't available because this is for a retail establishment and this will be in a back office where only a patch panel mounting area is available.

[modem]

Why is the business owner responsible for others leeching ?

 

That is the ISP's policy.  Some one in the area has been abusing this business owners free public wifi by downloading pirated material and the ISP is getting copy right infringement notices for this business establishment.  The ISP threatened to disconnect them if there wasn't some security measures provided.

[farmeunit]

Actually I mentioned this above, I'm trying to avoid DD-WRT just because it's configuration time with IPtables is more complex and takes more time.  The customer wants simple.  Also the desktop option isn't available because this is for a retail establishment and this will be in a back office where only a patch panel mounting area is available.

You don't do anything with IPTables if you don't want to.  Everything is GUI.  You just need to enter the sites or keywords you want to block.

 

It uses IPTables in the background, just like every other firewall distro based on Linux.  Even a lot of commercial firewalls use Linux as a backend, they just use different interfaces and do things a little differently.

 

Someone posted a Watchguard box, that should do exactly what you need.  Just get it. 

[modem]

You don't do anything with IPTables if you don't want to.  Everything is GUI.  You just need to enter the sites or keywords you want to block.

 

It uses IPTables in the background, just like every other firewall distro based on Linux.  Even a lot of commercial firewalls use Linux as a backend, they just use different interfaces and do things a little differently.

 

Someone posted a Watchguard box, that should do exactly what you need.  Just get it. 

 

Actually the GUI within DD-WRT doesn't do what this customer needs.  The customer needs everything blocked, all services, ports, etc (except http, smtp, and probably imap).  DD-WRT blocks everything, but doesn't offer exclusions to that blanket block that he needs.

[bnelsonjax]

For a business user, there is only 3 that i recommend to my clients: Sonicwall, Cisco, WatchGuard. I personally perfer the WatchGuard because they are very user friendly. I own an IT company and if you decide to purchase a Sonicwall or Watchguard let me know and I can help you configure it for your client.

[farmeunit]

Set up the IPTables for him then.  There shouldn't be anything he has to do if you're only going to allow HTTP, HTTPS, etc..

 

You set it once, it's done.  If you don't want to do that manually, then buy a solution that works, which has already been mentioned.

[CLontario]

Get the RouterBoard RB2011UAS-2HnD-IN:

 

http://routerboard.com/RB2011UAS-2HnD-IN

 

The RB2011 is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UAS-2HnD has most features and interfaces from all our Wireless routers. It?s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2192-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.

[modem]

For a business user, there is only 3 that i recommend to my clients: Sonicwall, Cisco, WatchGuard. I personally perfer the WatchGuard because they are very user friendly. I own an IT company and if you decide to purchase a Sonicwall or Watchguard let me know and I can help you configure it for your client.

 

bnelsonjax, I sent you a private message.

[CLontario]

Get the RouterBoard RB2011UAS-2HnD-IN:

 

http://routerboard.com/RB2011UAS-2HnD-IN

 

The RB2011 is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UAS-2HnD has most features and interfaces from all our Wireless routers. It?s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2192-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.

 

 

Here's a hi-res image of the above mentioned router:

 

[sc302 Veteran]

pfsense or untangle can do what you need.  pfsense would be the cheaper out of the two being that you just need a spare computer...something old would work just fine or the ability of a vm environment.

[ESC@PE]

Get the RouterBoard RB2011UAS-2HnD-IN:

 

http://routerboard.com/RB2011UAS-2HnD-IN

 

The RB2011 is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UAS-2HnD has most features and interfaces from all our Wireless routers. It?s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2192-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.

 

Wow. Never heard of that before but I really like it. Thanks for the tip.

[CLontario]

The router itself looks ugly, but it's not about looks as it's one of the most powerful or feature-rich routers on the planet.

[Squuiid]

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

 

I second this.  The TZ series are great. And while you do need a good working knowledge of networking the UI is very well laid out and pretty straight forward.

 

+1. I know you said it's a little more than you want to spend, but my suggestion is to save up. The Sonicwall TZ-215 and NSA 220 devices are excellent and worth the extra cash IMO.

[CLontario]

And the RouterBoard one I posted about does all that and is only $130!

[modem]

For anyone who is a Watchguard expert or has experience, please message me.  I've got some WatchGuard XTM 25 firewalls that I have some questions over.  Thanks!