Blocking using ACL's always has its limitations and the more you want to block, the longer and more unmanageable the lists tend to become.
You will find that lots of things use different ports to try and avoid detection so blocking by destination port is good to a point but simply cannot block everything.
I would look at getting something which is good at application level blocking.
We use PA-200 units in our branch offices and they work great, the GUI makes it much easier to manage. They are the baby of the PA appliances so definitely not Data Centre grade but you can spend more and get beefier units.