JOEBOX-L Archives

Joebox User

JOEBOX-L@LISTS.MAINE.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
"Eric R. Warren" <[log in to unmask]>
Reply To:
Joebox User <[log in to unmask]>
Date:
Fri, 8 Apr 2011 11:14:05 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (125 lines)
That's a useful trick!  Would you mind sharing those Facebook-blocking
settings with us?

Eric
MSAD 45

-----Original Message-----
From: Joebox User [mailto:[log in to unmask]] On Behalf Of Ray Soucy
Sent: Friday, April 08, 2011 11:08 AM
To: [log in to unmask]
Subject: Re: Joebox Updates

Linda,

If you were using the old "MECguard SSL" it would no longer be active
after the upgrade (to my knowledge only a handful of people were
trying to use it because of all the browser errors it would generate).

The "Force MECguard SSL" option will block SSL requests unless made
using a proxy server, but requires that browsers know about the proxy
server (as described in the MECguard notes I posted a few days ago).

Other than that, it shouldn't have changed.

I've created two "Closed Port" rules in your Firewall that will block
web access to the Facebook IP networks, but left them disabled.  You
can enable these rules and restart your firewall if you want to start
blocking access to Facebook over HTTPS.

I've noticed that you only have one Group for MECguard.  If you block
Facebook using the Firewall you might want to create a "Teachers"
group with the IP addresses of teacher PCs so you can create a rule to
not block Facebook for those users.

Because you're running a "LOW" Firewall policy, you'll need to apply
the 12.1 software update before Open Port rules to do this will work,
the Software Update can be run at any time.

Feel free to give support a call if you'd like us to do any of this
for you: 1-888-367-6756

Sorry about any disruption... The upgrade was a major change and
required a manual process to apply.  Future updates will be provided
through the Software Update tool and be left up to you to apply.

On Fri, Apr 8, 2011 at 9:38 AM, Linda Chaisson <[log in to unmask]>
wrote:
> Ray:
> Previously our students couldn’t get to facebook by adding the s to http
and
> now they can. Was anything changed?
> Thanks,
> Linda
>
>
>
> On 4/6/11 1:24 PM, "Ray Soucy" <[log in to unmask]> wrote:
>
> We realize that for many of you it seems like you just upgraded, but
> some of you have been running the code for over a month and have found
> a bug or two.  We have a minor update available.
>
> Feel free to apply this update using the "Software Update" tool on the
> Joebox at your convince.  This is a non-critical update and can be
> applied at any time.
>
> As always, if you need help running the Software Update utility, or
> encounter any problems, please give us a call: 1-888-367-6756
>
> New packages are labeled 12.1.
>
> Change Log:
>
> 1. A "Reinitialize Firewall" button has been added to the Firewall
> options page.  This button does a forced restart of the Firewall
> service (all rules are flushed and re-added) to recover from the
> Firewall Engine becoming out of sync.  If you run into a situation
> where using this button is the only way to "fix" your Joebox please
> contact us so we can take a look at your configuration and track down
> the invalid rule that is causing problems.
>
> 2. Port Forward rules with protocol "IP" weren't ignoring port fields
> (causing invalid rules).   This is now fixed.
>
> 3. Open Port rules were not being applied when a Firewall policy level
> of LOW was in use.  They should now be applied correctly.
>
> 4. In isolated circumstances, some traffic making use of TCP window
> scaling was being marked as INVALID by connection state tracking and
> being dropped by the Firewall.  This was found to be affecting less
> than 1% of traffic.  This should now be fixed, as TCP window size is
> no longer used to determine packet validity.
>
> 5. Minor update to SNMP to facilitate changes in Joebox monitoring by
> Networkmaine.
>
> 6. Minor UI update to fix changing of static route to be applied without
> reboot.
>
> 7. Minor UI update to allow DHCP service to be disable if in a failed
> status (e.g. enabled without a valid configuration), mostly to get rid
> of the "red" status indicator for sites not using DHCP on the Joebox.
>
> Linda Chaisson
> Technology Coordinator
> Regional School Unit 16
> C/O PRHS - 1457 Maine Street
> Poland, ME 04274
> 207-998-5400 Ext 103
> [log in to unmask]
>
>



-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

ATOM RSS1 RSS2