Block download specific extensions over the network
L7 filters in mikrotik
HTTP✔️HTTPS✖️done properly wouldnt use 100% of cpu, but will use a ton. so for small routers or huge networks is a no go
Suitable for: SOHO only
WEB proxy in mikrotik
HTTP✔️HTTPS✖️Done properly wouldnt use 100% of cpu, but will use a ton. so for small routers or huge networks is a no go
Suitable for: SOHO only
Dedicated proxy server
HTTP✔️HTTPS✔️You could route all traffic to the server from mikrotik, so you dont have to manually set each computer
Setup would be something like this
[Mikrotik] => [Proxy] => [Internet]
i would use an Nginx server
Suitable for: Small bussines
Dedicated NGFW
HTTP✔️HTTPS✔️(is a dedicated appliance like a Fortigate, Meraki or sophos)
could be deployed in virtual, using a PC with 2 LANs or using Vlans with the mikrotik
Is expensive cause the filtering rules are constantly updated, but will block websites by categorys and also with your specific rules like mp4 files or exe or whatever extension you want.
Suitable for: Goverment and Corporate
---SIDE NOTE for https---
in order to get https proxy working you have to deploy a Cert Autority in the enpoints, pcs or cellphones, otherwise you will get errors saying untrusted cert in every site---SIDE NOTE to choose one---
The Mikrotik L7 and web proxy are good for testing and learningThe proxy server is a pain to get it working and mantain, but rock solid.
The NGFW is Powerful and widely supported