Suggestions for Small Business network, filtering, etc

[beengone]

Advice, please. I set up a small business here with Windows Home Server, an ASUS RT-N66U, and a small unmanaged switch. They have a very large area to cover with wireless and that ASUS does it perfectly whereas their previous router only covered about 1/2 the area. There are about 8-10 organization machines. However, with phones, etc. there could be upwards of 50 devices on the guest wireless at any given time.

Here are my needs:

1. Log dhcp leases (ASUS firmware can't)
2. provide guest wireless limited to something like only ports 80 and 443.
3. provide 'registered' LAN and wireless for organization machines.
4. provide content filtering for the entire network that disallows adult content, gambling, etc.
5. prioritize the registered network for QoS

I'm told Merlin's firmware will do some of this and that may be an option, but would like to know what is most efficient and cheapest. I also wonder about Tomato and DD-WRT.

I'm familiar with ForitGate units, but never used them for content filtering. I'm also aware of OpenDNS, but think they may be a little pricey

Suggestions, please.

 

[MJMcMahon]

DHCP is fairly easy: move it to the Windows Home server.

Limiting the guest wireless to only HTTP/HTTPS and Content filtering, I'm unsure of...I'm just getting started with the Asus router and haven't touched that portion of it yet.

 

[beengone]

DHCP is fairly easy: move it to the Windows Home server.

Thought about that. Can I then separate out the two wireless networks in scope and permissions? If it's a simple AP, I don't know that WHS will know what devices are on the guest network.

 

[JPElectron]

Router suggestion: Zywall USG 50/100 depending on the size of your pipe from the ISP.

Can do multiple DHCP scopes, and logging, and reservations (different scopes per physical interface or VLAN)

Great firewall so you can limit outbound ports.

It has the ability to do content filtering, via a limited keywords list, or the ability to link with Commtouch or BlueCoat - personally I've never done that and use DNS Redirector (software) running on a server inside the LAN instead.

 

[beengone]

Zywall is another player in the game and comes in at a lower cost, but from what I see add-ons are still subscriptions, right? Is this better than a FortiGate?

Block pretty much everything for guests and require a Acceptable Use Policy. I'd also like to provide some king of captive portal that requires the person to enter their name and accept the AUP. that way I can track IPs to names (assuming they use their proper name). We know the people who might use this and if we find names we don't know of Seymour Butts shows up, we'll block MACs.

I'm trying to get in touch with Ubiquiti and Ruckus to see if they offer solutions for this entire project, including new wireless APs. If I can have one vendor for it all, great. If not, I'm really toying with setting up a pfSense firewall since they don't want to spend the cash for a FortiGate. If I'm going to learn something deeply it seems like FortiGate at the high-end and pfSense at the low end (price) are the two ends of the spectrum.

Certainly still open to advice.