Hi guys I need to supply a hardware firewall that can block specific websites such as facebook. I will also be adding the same to other branches so VPN capabilities are also needed (3 branches). I dont need built in malware and AV scanning as that requires a subscription and we have that covered anyway. Should be simple to do, and please no home brew suggestions. Budget is around £350-£400 per box. Something like this.... https://www.businessdirect.bt.com/p...wall-usg40-eu0101f-9HXK.html?q=zyxel firewall
Remember that the yearly subscription to a content filtering service provides the updates to the filtering categories. There's no point having filtering if new sites are not filtered without you having to manually go through the logs everyday and add each site to a category. Manually blocking the huge list of 'proxy' websites (that your staff will find to access facebook if the main url is blocked) is not feasible.
I came here to recommend Meraki too. You do need a yearly subscription but that also includes same business day hardware replacement. Just had a quote in for us (let me know if you need a good contact for a decent reseller) - although please do bear in mind that this is bid pricing for our large deal so you might not get so cheap: Meraki MX64 hardware only £245 3 years advanced security license £495 (so expect one year to be ~£165) Yeah the security license pushes your budget a bit, but honestly, it's so simple to use, and you'll get the following: - IPS and network level anti-malware - Client VPN if you need it - Full traffic profiling and control; if someone sends a packet you'll know and can block, prioritise, de-prioritise, scan or whatever you want basically - Auto mesh VPN, you just set the firewalls to be in a system and it just happens, no manual config - So much more Before you say a straight no, go on one of their webinars. The next security/firewall one is on February 24th at 4pm and you'll also qualify for a free access point. https://meraki.cisco.com/webinars/signup/1276/introduction-to-cloud-managed-security/4932 You can also attend a webinar about switches and also get a free 8 port gigabit PoE switch. Next one in english is 17th Feb at 6pm UK (10am PST). https://meraki.cisco.com/webinars/s...he-next-generation-of-ethernet-switching/4884 You'll love it!
If the number of sites that are allowed is small it might be easier to go with some form of white-listing. I can't remember off the top of my head if Dryateks can do that sort of thing, but I can confirm they're rock solid, well supported and they work great for site to site VPNs. (just don't forget to leave external access open on a non-standard port so you can still get to them if the VPN goes down, learn from my fail.)
