(I did a search for content filter on forum and google before writing this post. All the google results are for landing pages of companies that sell this service)
So, we've been using OPNSense on Protectli boxes for a while without too many problems. And a variety of content filtering options that are available for that platform.
I'm strongly considering switching to being a Mikrotik shop, especially with native Wireguard support. But the primary thing stopping me is a viable content filtering solution, whether it's paid or not. I don't care if it costs money, I'm not paying for it, end users are.
That being said, we've been using Sensei/ZenArmor on the OPNSense platform and it works pretty good for the most part.
What options are there for managed content filtering / etc, and does anyone know if either of them are any good?
Our requirements are as follows:
1) White/Black list IP Ranges and Domains
2) Category style content filtering, with multiple profiles, and a way to use the captive portal to elevate permissions beyond a default profile which is of course used by default if a person does not login to the captive portal. Blocking should function on a DNS Level / as well as an actual site/content level if possible. If I just wanted a DNS Based solution, there are TONS of those out there. Over the years we have used about 4 different ones, and they have been poor at best. Phishing / Malicious websites protection would be necessary including stopping 0-day phishing sites and malicious sites, etc.
3) A configuration for NOT requiring a portal login to use the default profile is required, so that our remote software and a small subset of websites -always- works without login. If I have to start explaining to people they have to open a browser and login or accept a splash page every so often, just so I can remote in, and help them figure out why they can't use the internet, ohhh because you didn't login to the portal, I will loose my mind, lol.
4) Config Backups to the service pulled form the Mikrotik would be nice, so I don't have to hook our Mikrotik's into multiple services and pay multiple people to manage each Mikrotik.
5) Notifications when a RouterOS upgrade is available would be nice but not required.
Thanks,
Matt