JOEBOX-L Archives

Joebox User

JOEBOX-L@LISTS.MAINE.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Ray Soucy <[log in to unmask]>
Reply To:
Joebox User <[log in to unmask]>
Date:
Mon, 11 Apr 2011 12:31:51 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (335 lines)
On the iPad:

Settings > Control Panel > General > Network > WiFi > (Modify the SSID
you want) HTTP Proxy > "Auto" (should work).

I don't have an iPad so I can't actually verify this.  But from what
I've read online it sounds like it should work correctly.

On Mon, Apr 11, 2011 at 12:20 PM, Seth Thompson <[log in to unmask]> wrote:
> Ok, my question is: will iOS devices be able to connect to legitimate HTTPS
> sites? I quickly looked through settings on an iPad and didn't see anything
> about proxies or proxy discovery.
> Thanks,
> Seth
>
> On Mon, Apr 11, 2011 at 12:07 PM, Networkmaine <[log in to unmask]> wrote:
>>
>> Hi Seth,
>>     It doesn't matter if your trying to reach an HTTPS site from a
>> computer, a phone, or a rock. As long as you're connecting through the
>> Joebox and SSL is enabled, the traffic will be filtered.
>> Anthony
>> Networkmaine Support Center
>> University of Maine System
>> Maine School and Library Network
>>    Communications and Network Services
>> (207) 561-3587
>> [log in to unmask]
>>
>>
>> On Mon, Apr 11, 2011 at 11:51 AM, Seth Thompson <[log in to unmask]>
>> wrote:
>>>
>>> Ray,
>>> Do you know if MECGuard SSL will work with cell phones, iPads, etc?
>>> Thanks,
>>> Seth
>>>
>>> On Fri, Apr 8, 2011 at 12:49 PM, Ray Soucy <[log in to unmask]> wrote:
>>>>
>>>> No, "Force MECguard SSL" will block _all_ HTTPS traffic (the idea is
>>>> that you check this box after you have your browsers setup to use
>>>> MECguard for HTTPS as a proxy server to enforce it).
>>>>
>>>> On Fri, Apr 8, 2011 at 12:36 PM, Jaimie Moores <[log in to unmask]> wrote:
>>>> > Does "Force MECGuard SSL" have to be checked in order for the closed
>>>> > port
>>>> > rules to work?
>>>> >
>>>> > Jaimie Moores
>>>> > Technology Coordinator
>>>> > PowerSchool Administrator
>>>> > Machias Memorial High School
>>>> >
>>>> >
>>>> > On Fri, Apr 8, 2011 at 11:34 AM, Ray Soucy <[log in to unmask]> wrote:
>>>> >>
>>>> >> Facebook currently has 2 IP networks:
>>>> >> 1. MailScanner has detected a possible fraud attempt from
>>>> >> "66.220.144.0"
>>>> >> claiming to be MailScanner has detected a possible fraud attempt from
>>>> >> "66.220.144.0" claiming to be 66.220.144.0/20
>>>> >> 2. MailScanner has detected a possible fraud attempt from
>>>> >> "69.63.176.0"
>>>> >> claiming to be MailScanner has detected a possible fraud attempt from
>>>> >> "69.63.176.0" claiming to be 69.63.176.0/20
>>>> >>
>>>> >> Steps for a Firewall block of Facebook (as opposed to MECguard):
>>>> >>
>>>> >> Step 1: Create two "Closed Port" rules with the following settings:
>>>> >>
>>>> >> Rule 1:
>>>> >>
>>>> >> Description: Facebook
>>>> >> Rule Chain: FORWARD
>>>> >> Source Type: Firewall Group
>>>> >> Source Group: LAN (or whatever group you want blocked)
>>>> >> Destination Type: IP/Hostname
>>>> >> Destination IP/Hostname: MailScanner has detected a possible fraud
>>>> >> attempt
>>>> >> from "66.220.144.0" claiming to be MailScanner has detected a
>>>> >> possible fraud attempt from "66.220.144.0" claiming to be 66.220.144.0/20
>>>> >> Protocol: TCP
>>>> >> Closed Ports: 80,443
>>>> >>
>>>> >> Rule 2:
>>>> >>
>>>> >> Description: Facebook
>>>> >> Rule Chain: FORWARD
>>>> >> Source Type: Firewall Group
>>>> >> Source Group: LAN (or whatever group you want blocked)
>>>> >> Destination Type: IP/Hostname
>>>> >> Destination IP/Hostname: MailScanner has detected a possible fraud
>>>> >> attempt
>>>> >> from "69.63.176.0" claiming to be MailScanner has detected a possible
>>>> >> fraud attempt from "69.63.176.0" claiming to be 69.63.176.0/20
>>>> >> Protocol: TCP
>>>> >> Closed Ports: 80,443
>>>> >>
>>>> >> On Fri, Apr 8, 2011 at 11:14 AM, Eric R. Warren
>>>> >> <[log in to unmask]>
>>>> >> wrote:
>>>> >> > That's a useful trick!  Would you mind sharing those
>>>> >> > Facebook-blocking
>>>> >> > settings with us?
>>>> >> >
>>>> >> > Eric
>>>> >> > MSAD 45
>>>> >> >
>>>> >> > -----Original Message-----
>>>> >> > From: Joebox User [mailto:[log in to unmask]] On Behalf Of
>>>> >> > Ray
>>>> >> > Soucy
>>>> >> > Sent: Friday, April 08, 2011 11:08 AM
>>>> >> > To: [log in to unmask]
>>>> >> > Subject: Re: Joebox Updates
>>>> >> >
>>>> >> > Linda,
>>>> >> >
>>>> >> > If you were using the old "MECguard SSL" it would no longer be
>>>> >> > active
>>>> >> > after the upgrade (to my knowledge only a handful of people were
>>>> >> > trying to use it because of all the browser errors it would
>>>> >> > generate).
>>>> >> >
>>>> >> > The "Force MECguard SSL" option will block SSL requests unless made
>>>> >> > using a proxy server, but requires that browsers know about the
>>>> >> > proxy
>>>> >> > server (as described in the MECguard notes I posted a few days
>>>> >> > ago).
>>>> >> >
>>>> >> > Other than that, it shouldn't have changed.
>>>> >> >
>>>> >> > I've created two "Closed Port" rules in your Firewall that will
>>>> >> > block
>>>> >> > web access to the Facebook IP networks, but left them disabled.
>>>> >> >  You
>>>> >> > can enable these rules and restart your firewall if you want to
>>>> >> > start
>>>> >> > blocking access to Facebook over HTTPS.
>>>> >> >
>>>> >> > I've noticed that you only have one Group for MECguard.  If you
>>>> >> > block
>>>> >> > Facebook using the Firewall you might want to create a "Teachers"
>>>> >> > group with the IP addresses of teacher PCs so you can create a rule
>>>> >> > to
>>>> >> > not block Facebook for those users.
>>>> >> >
>>>> >> > Because you're running a "LOW" Firewall policy, you'll need to
>>>> >> > apply
>>>> >> > the 12.1 software update before Open Port rules to do this will
>>>> >> > work,
>>>> >> > the Software Update can be run at any time.
>>>> >> >
>>>> >> > Feel free to give support a call if you'd like us to do any of this
>>>> >> > for you: 1-888-367-6756
>>>> >> >
>>>> >> > Sorry about any disruption... The upgrade was a major change and
>>>> >> > required a manual process to apply.  Future updates will be
>>>> >> > provided
>>>> >> > through the Software Update tool and be left up to you to apply.
>>>> >> >
>>>> >> > On Fri, Apr 8, 2011 at 9:38 AM, Linda Chaisson
>>>> >> > <[log in to unmask]>
>>>> >> > wrote:
>>>> >> >> Ray:
>>>> >> >> Previously our students couldn’t get to facebook by adding the s
>>>> >> >> to
>>>> >> >> http
>>>> >> > and
>>>> >> >> now they can. Was anything changed?
>>>> >> >> Thanks,
>>>> >> >> Linda
>>>> >> >>
>>>> >> >>
>>>> >> >>
>>>> >> >> On 4/6/11 1:24 PM, "Ray Soucy" <[log in to unmask]> wrote:
>>>> >> >>
>>>> >> >> We realize that for many of you it seems like you just upgraded,
>>>> >> >> but
>>>> >> >> some of you have been running the code for over a month and have
>>>> >> >> found
>>>> >> >> a bug or two.  We have a minor update available.
>>>> >> >>
>>>> >> >> Feel free to apply this update using the "Software Update" tool on
>>>> >> >> the
>>>> >> >> Joebox at your convince.  This is a non-critical update and can be
>>>> >> >> applied at any time.
>>>> >> >>
>>>> >> >> As always, if you need help running the Software Update utility,
>>>> >> >> or
>>>> >> >> encounter any problems, please give us a call: 1-888-367-6756
>>>> >> >>
>>>> >> >> New packages are labeled 12.1.
>>>> >> >>
>>>> >> >> Change Log:
>>>> >> >>
>>>> >> >> 1. A "Reinitialize Firewall" button has been added to the Firewall
>>>> >> >> options page.  This button does a forced restart of the Firewall
>>>> >> >> service (all rules are flushed and re-added) to recover from the
>>>> >> >> Firewall Engine becoming out of sync.  If you run into a situation
>>>> >> >> where using this button is the only way to "fix" your Joebox
>>>> >> >> please
>>>> >> >> contact us so we can take a look at your configuration and track
>>>> >> >> down
>>>> >> >> the invalid rule that is causing problems.
>>>> >> >>
>>>> >> >> 2. Port Forward rules with protocol "IP" weren't ignoring port
>>>> >> >> fields
>>>> >> >> (causing invalid rules).   This is now fixed.
>>>> >> >>
>>>> >> >> 3. Open Port rules were not being applied when a Firewall policy
>>>> >> >> level
>>>> >> >> of LOW was in use.  They should now be applied correctly.
>>>> >> >>
>>>> >> >> 4. In isolated circumstances, some traffic making use of TCP
>>>> >> >> window
>>>> >> >> scaling was being marked as INVALID by connection state tracking
>>>> >> >> and
>>>> >> >> being dropped by the Firewall.  This was found to be affecting
>>>> >> >> less
>>>> >> >> than 1% of traffic.  This should now be fixed, as TCP window size
>>>> >> >> is
>>>> >> >> no longer used to determine packet validity.
>>>> >> >>
>>>> >> >> 5. Minor update to SNMP to facilitate changes in Joebox monitoring
>>>> >> >> by
>>>> >> >> Networkmaine.
>>>> >> >>
>>>> >> >> 6. Minor UI update to fix changing of static route to be applied
>>>> >> >> without
>>>> >> >> reboot.
>>>> >> >>
>>>> >> >> 7. Minor UI update to allow DHCP service to be disable if in a
>>>> >> >> failed
>>>> >> >> status (e.g. enabled without a valid configuration), mostly to get
>>>> >> >> rid
>>>> >> >> of the "red" status indicator for sites not using DHCP on the
>>>> >> >> Joebox.
>>>> >> >>
>>>> >> >> Linda Chaisson
>>>> >> >> Technology Coordinator
>>>> >> >> Regional School Unit 16
>>>> >> >> C/O PRHS - 1457 Maine Street
>>>> >> >> Poland, ME 04274
>>>> >> >> 207-998-5400 Ext 103
>>>> >> >> [log in to unmask]
>>>> >> >>
>>>> >> >>
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> > --
>>>> >> > Ray Soucy
>>>> >> >
>>>> >> > Epic Communications Specialist
>>>> >> >
>>>> >> > Phone: +1 (207) 561-3526
>>>> >> >
>>>> >> > Networkmaine, a Unit of the University of Maine System
>>>> >> > http://www.networkmaine.net/
>>>> >> >
>>>> >>
>>>> >>
>>>> >>
>>>> >> --
>>>> >> Ray Soucy
>>>> >>
>>>> >> Epic Communications Specialist
>>>> >>
>>>> >> Phone: +1 (207) 561-3526
>>>> >>
>>>> >> Networkmaine, a Unit of the University of Maine System
>>>> >> http://www.networkmaine.net/
>>>> >
>>>> > The information transmitted herein is intended only for the person or
>>>> > entity
>>>> > to which it is addressed and may contain confidential material. Any
>>>> > review,
>>>> > retransmission, dissemination or other use of, or taking of any action
>>>> > in
>>>> > reliance upon, this information by persons or entities other than the
>>>> > intended recipient is prohibited. If you received this in error,
>>>> > please
>>>> > contact the sender and delete the e-mail and any attachments from any
>>>> > computer.
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> Ray Soucy
>>>>
>>>> Epic Communications Specialist
>>>>
>>>> Phone: +1 (207) 561-3526
>>>>
>>>> Networkmaine, a Unit of the University of Maine System
>>>> http://www.networkmaine.net/
>>>
>>>
>>>
>>> --
>>> Seth H. Thompson
>>> Technology Director
>>> Regional School Unit No. 5
>>> 207-865-4706 x232
>>>
>>>
>>
>
>
>
> --
> Seth H. Thompson
> Technology Director
> Regional School Unit No. 5
> 207-865-4706 x232
>
>
>



-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

ATOM RSS1 RSS2