SMB Security Router with URL/Content Filtering

[drebo]

I have a potential customer who currently uses a SonicWall TZ 170. It's a basic NAT router and has the ability to do URL blocking. They have roughly 30 users and their entire business relies on their internet connection, as their practice management software is web-based and hosted off-site.

They want to install a hosted PBX system. SonicWall's SMB products DO NOT support SIP passthrough, and thus are not compatible.

I know there are a number of relatively inexpensive NAT routers around, but I don't have experience with all of them. I need to offer them a <$1000 device that supports SIP passthrough and will allow them to continue using URL filtering.

I'd prefer a Cisco device, but the ASA5500 CSC editions start at like $4600, which is way more than they're going to want to spend, and the standard ASA5505s don't do URL filtering. I know that Draytek, Watchguard, and Juniper are popular in this market, but I'm not familiar with any of their products.

Can anyone provide a recommendation for a good quality router that supports SIP passthrough and will allow URL filtering?

Thanks in advance!

Couple things: I am not interested in a PC-based solution or one that involves flashing a router with anything other than stock firmware. This means no monowall, ipcop, tomato, ddwrt, smoothwall, mikrotik, etc.

 

[Crusty]

My ASA5505 Security+ can do URL Filtering with an external URL server(Websense/Secure Computing SmartFilter) and we use SIP passthrough for our VOIP phones.

Are you looking for other types of URL filtering that aren't supported?

 

[drebo]

We don't have access to any other types of servers to be able to utilize the websense or smartfilter features. Otherwise, that'd be the way I went.

We could employ ISA Server. I'm trying to sell them on a SBS Premium server, but don't know if they want to go to that expense.

 

[Jamsan]

The Juniper SSG5/20 would be a good option. You can get use the built-in web filtering to use for URL filtering (subscription based, around $150 a year, less if you do multi-year subscriptions). The main boxes aren't too expensive either (around $600 for the SSG-5). They also have wireless flavors available if that's a requirement. I believe they are mostly identical, except the SSG-20 has expansion capabilities (either an SFP or serial port).

 

[drebo]

Thanks for the info.

I'm not sure if anyone cares, but I think I've found my solution in the Adtran NetVanta 3120. I've used Adtran's Total Access IADs for a while for CPE for T1 circuits as well as functioning as SIP media gateways, and I've been suitably impressed with their overall function. The NetVanta 3120 supports the basic level of URL filtering that I think I need, and the price is comparable to a 10 user ASA 5505.

We'll see how well it works.