The firewall part won't work well because of certain sites having a ton of shared IP addresses!
Block any site that uses akamai for example and you'll find you block other good sites, too.
We tried to block facebook.com and ended up blocking walmart and bestbuy.com as well as Symantec.com!
That's because the same address can resolve to several things.......
And it's worse because the state, ICN, has their own akamai server provided by akamai, so it resolves here at this lower level, blocking a ton of sites when we try to block just one.
The IPS sigs work perfectly as you are looking IN the packets and filtering at that leve, however, if you get email alerts on IPS intrusions, you'll get tens of thousands of hits a week in your email because for example, we block twitter.com and facebook.com in the IPS custom sigs, and almost all sites out there like google.com and yahoo.com have faceboook and twitter ads, so that counts as a hit as the browser tries to reach out and load those ads!
For example, in the past 3 weeks, I have 13,376 email messages from IPS telling me of all the intrusions - almost all from facebook and twitter ads on other sites!
But, no one can get to facebook or twitter as any packets with those terms inside are blocked.
So it works like a charm, just turnoff email alerts LOL.
The firewall works, but you block a ton of stuff like I said thanks to akamai.............