I did those things. Thanks Tom.
I finally had enough time to play with one. Though there is a default policy option of denying all, you can't then allow certain sites. The policy page can have certain sites blocked or certain PCs blocked from everything. Cisco has it covered when it comes to blocking things, but not when you want to allow sites unless it's everything. I don't see any way to block all but specified sites. Guess that's how it comes with the low end. The upper end, rv180 say, can list certain "trusted domains". We've already deployed 110s at all branches. Can't very well ask the owner to buy all 180s.
If anyone knows better than I see, please respond.
Addition: I did successfully allow a site by address through the access table, but that isn't very useful unless you know all the IPs a site uses. Say, I wanted to add google.com, how many IPs would that need!? The site I added was our corporate (franchiser) email site that only uses 1 IP.