recommendation for small school router

[stapf79]

I'm an IT admin at a small non-profit private school. We're setting up a new network to support about 100-150 wired/wireless devices and 15 VOIP phones. I already have a bunch of Ubiquit Unifi AP's for the wireless. What I really need is a good recommendation on the firewall/router that would support this network.
A - I'd like to keep things simple and keep all of the devices/phones on a single IP range (no VPN's because I'm not familiar with managing that)
B - I'd like a simple management UI for the router...something web-based.
C - Needs to be cost effective

The VOIP provider I'm talking to mentioned this router:
http://edgewaternetworks.com/products-services/edgemarc/edgemarc-4550/

Any recommendation or comments on the above router would be much appreciated.

 

[Alabalcho]

Being a school, you should also consider firewall policies. You don't want your students staying on FB during class, or watching XXXtube. You better check the regulations in that area, they will drive your choice for firewall and router.

 

[stapf79]

Being a school, you should also consider firewall policies. You don't want your students staying on FB during class, or watching XXXtube. You better check the regulations in that area, they will drive your choice for firewall and router.

Thanks. I already use Dyndns to do web filtering for any device on our network.

 

[stapf79]

I think I'm considering 1 of these 3 right now:

Sonicwall TZ300 ($600) - http://www.sonicwall.com/us/en/products/TZ300.html
Ubiquiti Edgerouter Pro ($400) - https://www.ubnt.com/edgemax/edgerouter-pro/

Anyone have thoughts on those 2 for my scenario?

 

[nimbah_52]

Depending on what kind of internet lines you have I would recommend a Dryatek Firewall/Router. You'd still need some sort of protection from the outside etc.

 

[bill001g]

What will make the firewall expensive is if you attempt to do content filtering. Almost any firewall will protect against most the standard attacks and allow you to do simple port filtering.

The expensive part is when you must pay for subscription lists. These keep track of all the new forbidden sites without you having to constantly keep up with it. The worst offenders are VPN sites. Almost all students know very well how to use proxy and vpn to bypass any restrictions you attempt to place on them.

dyndns is a complete waste of time to use as a security measure. Until very recently you type dyndns in google and the recommended second search was "bypass". dyndns is trivial to bypass and the kids will find this is in 2 seconds. It really only protects people who want to be protected not to stop someone who want to make even a tiny effort.

Problem is it takes huge firewall power to filter content even if you can get inexpensive lists. The sonicwall you list can take these lists but it is extremely hard to predict how much traffic it can pass when it is actually looking at the strings inside a HTTP request.

 

[gerr]

What about a Cisco ASA? They do make a GUI for them if you are not confortable with the CLI.