Sign in to follow this  

Need a router with business grade filter/blocking capabilities

Recommended Posts

modem    2

Hello everyone!

 

I have a quick question here.  I'm looking for a router to use for one of my business clients that will provide complete blocking and filtering capabilities for anything except web, email, and possibly instant message.  Everything else especially and including all types of file sharing needs to be prohibited.

 

This is for a business retail location that offers free wifi to their customers.  Recently they were hit with a copy right infringement notice from their ISP.  They have a basic Netgear router that only has port forwarding available and after a bit of investigation it appears someone secretly living nearby or in the public nearby is leeching off their wifi getting movies, music, porn, etc.

 

For now the wifi has been temporarily shut off, but the owner wants free wifi back for customers.  However he wants it so that the web is open, ability for guests to use email apps on their phones (smtp, etc) is open, but that is about it.  He explicitly wants everything else to be blocked.

 

What router would do this?  Hes willing to pay the cost of a router that offers these features.  I looked into DD-WRT which can do this... with IPTables.  I'd like to have something a lot less complicated and built natively into a routers firmware directly.

 

Any suggestions?

Share this post


Link to post
Share on other sites
xendrome    4,378

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

Share this post


Link to post
Share on other sites
modem    2

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

Thanks for that link.  Tho having a firewall appliance at that price is a bit more than what they were wanting to pay for.  I seem to remember either D-Link or Netgear offered some router the other year that has the features i was looking for for this customer, but i can't find it tho.

Share this post


Link to post
Share on other sites
StrikedOut    125

Take a look at www.draytek.com. These routers are reasonably priced but with some high end features.

Share this post


Link to post
Share on other sites
#Michael    207

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

I second this.  The TZ series are great. And while you do need a good working knowledge of networking the UI is very well laid out and pretty straight forward.

Share this post


Link to post
Share on other sites
farmeunit    453

Get a Buffalo Router or something that run DD-WRT or Tomato.  You can block websites.

 

Another option, get a cheap desktop and run Untangle on it or another disto like IPCop.  They have plugins for filtering and such.

  • Like 1

Share this post


Link to post
Share on other sites
Hum    6,929
This is for a business retail location that offers free wifi to their customers.  Recently they were hit with a copy right infringement notice from their ISP.  They have a basic Netgear router that only has port forwarding available and after a bit of investigation it appears someone secretly living nearby or in the public nearby is leeching off their wifi getting movies, music, porn, etc.

Why is the business owner responsible for others leeching ?

Share this post


Link to post
Share on other sites
Roger H.    773

You connection means you are responsible for all the activity on it, illegal or not.

  • Like 1

Share this post


Link to post
Share on other sites
primexx    372

You connection means you are responsible for all the activity on it, illegal or not.

 

only in backward parts of the world where the MAFIAA reigns supreme (which now is most of the western world, i guess).

Share this post


Link to post
Share on other sites
modem    2

Get a Buffalo Router or something that run DD-WRT or Tomato.  You can block websites.

 

Another option, get a cheap desktop and run Untangle on it or another disto like IPCop.  They have plugins for filtering and such.

 

Actually I mentioned this above, I'm trying to avoid DD-WRT just because it's configuration time with IPtables is more complex and takes more time.  The customer wants simple.  Also the desktop option isn't available because this is for a retail establishment and this will be in a back office where only a patch panel mounting area is available.

Share this post


Link to post
Share on other sites
modem    2

Why is the business owner responsible for others leeching ?

 

That is the ISP's policy.  Some one in the area has been abusing this business owners free public wifi by downloading pirated material and the ISP is getting copy right infringement notices for this business establishment.  The ISP threatened to disconnect them if there wasn't some security measures provided.

  • Like 1

Share this post


Link to post
Share on other sites
farmeunit    453

Actually I mentioned this above, I'm trying to avoid DD-WRT just because it's configuration time with IPtables is more complex and takes more time.  The customer wants simple.  Also the desktop option isn't available because this is for a retail establishment and this will be in a back office where only a patch panel mounting area is available.

You don't do anything with IPTables if you don't want to.  Everything is GUI.  You just need to enter the sites or keywords you want to block.

 

It uses IPTables in the background, just like every other firewall distro based on Linux.  Even a lot of commercial firewalls use Linux as a backend, they just use different interfaces and do things a little differently.

 

Someone posted a Watchguard box, that should do exactly what you need.  Just get it. 

  • Like 1

Share this post


Link to post
Share on other sites
modem    2

You don't do anything with IPTables if you don't want to.  Everything is GUI.  You just need to enter the sites or keywords you want to block.

 

It uses IPTables in the background, just like every other firewall distro based on Linux.  Even a lot of commercial firewalls use Linux as a backend, they just use different interfaces and do things a little differently.

 

Someone posted a Watchguard box, that should do exactly what you need.  Just get it. 

 

Actually the GUI within DD-WRT doesn't do what this customer needs.  The customer needs everything blocked, all services, ports, etc (except http, smtp, and probably imap).  DD-WRT blocks everything, but doesn't offer exclusions to that blanket block that he needs.

  • Like 1

Share this post


Link to post
Share on other sites
bnelsonjax    1

For a business user, there is only 3 that i recommend to my clients: Sonicwall, Cisco, WatchGuard. I personally perfer the WatchGuard because they are very user friendly. I own an IT company and if you decide to purchase a Sonicwall or Watchguard let me know and I can help you configure it for your client.

  • Like 1

Share this post


Link to post
Share on other sites
farmeunit    453

Set up the IPTables for him then.  There shouldn't be anything he has to do if you're only going to allow HTTP, HTTPS, etc..

 

You set it once, it's done.  If you don't want to do that manually, then buy a solution that works, which has already been mentioned.

  • Like 1

Share this post


Link to post
Share on other sites
CLontario    4

Get the RouterBoard RB2011UAS-2HnD-IN:

 

http://routerboard.com/RB2011UAS-2HnD-IN

 

The RB2011 is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UAS-2HnD has most features and interfaces from all our Wireless routers. It?s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2192-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.

Share this post


Link to post
Share on other sites
modem    2

For a business user, there is only 3 that i recommend to my clients: Sonicwall, Cisco, WatchGuard. I personally perfer the WatchGuard because they are very user friendly. I own an IT company and if you decide to purchase a Sonicwall or Watchguard let me know and I can help you configure it for your client.

 

bnelsonjax, I sent you a private message.

Share this post


Link to post
Share on other sites
CLontario    4

Get the RouterBoard RB2011UAS-2HnD-IN:

 

http://routerboard.com/RB2011UAS-2HnD-IN

 

The RB2011 is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UAS-2HnD has most features and interfaces from all our Wireless routers. It?s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2192-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.

 

 

Here's a hi-res image of the above mentioned router:

 

523_hi_res.jpg

  • Like 2

Share this post


Link to post
Share on other sites
sc302    1,384

pfsense or untangle can do what you need.  pfsense would be the cheaper out of the two being that you just need a spare computer...something old would work just fine or the ability of a vm environment.

  • Like 3

Share this post


Link to post
Share on other sites
###    150

Get the RouterBoard RB2011UAS-2HnD-IN:

 

http://routerboard.com/RB2011UAS-2HnD-IN

 

The RB2011 is a low cost multi port device series. Designed for indoor use, and available in many different cases, with a multitude of options.

The RB2011 is powered by RouterOS, a fully featured routing operating system which has been continuously improved for fifteen years. Dynamic routing, hotspot, firewall, MPLS, VPN, advanced quality of service, load balancing and bonding, real-time configuration and monitoring - just a few of the vast number of features supported by RouterOS.

RouterBOARD 2011UAS-2HnD has most features and interfaces from all our Wireless routers. It?s powered by the new Atheros 600MHz 74K MIPS network processor, has 128MB RAM, five Gigabit LAN ports, five Fast Ethernet LAN ports and SFP cage (SFP module not included!). Also, it features powerful 1000mW dual chain 2.4Ghz (2192-2732MHz depending on country regulations) 802.11bgn wireless AP, RJ45 serial port, microUSB port and RouterOS L5 license, as well as desktop case with power supply, two 4dBi Omni antennas and LCD panel- all this for only $129!

Tested and recommended to use with MikroTik SFP modules: S-85DLC05D, S-31DLC20D and S-35/53LC20D (not included)

RouterBOARD 2011UAS-2HnD-IN comes with desktop enclosure, LCD panel and power supply.

Wall mount kit (product code RBWMK) for network closet is available for purchase as an optional accessory.

 

Wow. Never heard of that before but I really like it. Thanks for the tip.

Share this post


Link to post
Share on other sites
CLontario    4

The router itself looks ugly, but it's not about looks as it's one of the most powerful or feature-rich routers on the planet.

Share this post


Link to post
Share on other sites
Squuiid    63

Sonicwall TZ-215 can do everything you want, but if you've never used one before you need to have at least an advanced knowledge of networking configuration.

 

 

I second this.  The TZ series are great. And while you do need a good working knowledge of networking the UI is very well laid out and pretty straight forward.

 

+1. I know you said it's a little more than you want to spend, but my suggestion is to save up. The Sonicwall TZ-215 and NSA 220 devices are excellent and worth the extra cash IMO.

Share this post


Link to post
Share on other sites
CLontario    4

And the RouterBoard one I posted about does all that and is only $130!

Share this post


Link to post
Share on other sites
modem    2

For anyone who is a Watchguard expert or has experience, please message me.  I've got some WatchGuard XTM 25 firewalls that I have some questions over.  Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.