JOEBOX-L Archives

Joebox User

JOEBOX-L@LISTS.MAINE.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Eric Chellis <[log in to unmask]>
Reply To:
Joebox User <[log in to unmask]>
Date:
Wed, 22 Dec 2010 13:12:01 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (169 lines)
MSAD #60 will be willing to beta test

Eric Chellis
Network Manager
MSAD #60
21 Main St.
North Berwick, ME 03906

207.676.2234 x302 (Voice)
207.451.3296 (Cell)

Joebox User <[log in to unmask]> writes:
>Greetings, All.
>
>The new release of Joebox software from MECnet is finally looking like
>it's at a point where we can start doing production testing.
>
>We're still calling this a "beta" until we've verified that it is
>working well in a production K12 environment; so ideally we're looking
>for sites that are willing to work with us to troubleshoot and resolve
>any issues that come up due to the upgrade.
>
>If you're interested in being a "beta tester" for the new release,
>please drop me a note.
>Disclaimer: There will be a limited number of sites that get the beta
>software, so you may or may not get included.
>
>
>
>
>Here is a summary of what has changed in the new release.  As you can
>see there are a lot of major changes, so we may run into bugs that
>weren't caught in internal testing.
>
>FIREWALL ENGINE
>
>The JB Firewall Engine has been re-written.  The new engine
>dynamically adds, modifies, and removes rules without flushing and
>re-creating the entire policy (which is how the current version
>operates).  This should improve stability and make minor changes to
>the Joebox less disruptive to production traffic.
>
>Firewall groups and rules can now be ordered in the web UI.  The
>Joebox will now correctly respect ordering.  This resolves issues for
>sites using multiple groups.
>
>The Linux kernel used by the system has been upgraded to the long-term
>stable development tree (2.6.32).
>
>Additional kernel tuning to provide better support for large networks.
>
>Firewall rules now allow for ICMP protocol and type to be specified.
>
>SMTP filtering now provides an internal ACL field for IP addresses or
>networks that should be allowed to make outgoing SMTP connections.
>
>Policy Engineering for Low, Medium, and High policy levels has been
>re-worked.  The new policy will allow for rules to correctly filter
>between internal networks.
>
>WEB FILTERING
>
>MECguard has been upgrade to a new major version.  The new version of
>MECguard no longer resets active connections when changes are applied,
>making changes less disruptive.
>
>The TLD list has been replaced with global Allow and Block lists;
>which now works.  This makes the user interface a little more
>intuitive.
>
>A "soft allow" list has been added to ignore URLs that would be
>otherwise blocked as part of a filter category, but not be globally
>allowed (e.g. these sites will still go through the standard checks).
>For example, "youtube.com" is in the "Pornography" category list.  You
>likely wouldn't want to allow youtube.com as that would allow any
>request to the site without making any checks.  The soft allow removes
>youtube.com from the category list, but still allows for more
>fine-grain blocking via RTF or URL lists, for example blocking
>"youtube.com/signin" but not blocking all of youtube.com.
>
>RTF now correctly checks all keywords.  This fixes an obscure bug
>where some keywords would be checked and others would not be.  For
>example, the keyword "soucy" would always be ignored by RTF in the
>previous release.
>
>MECguard is now more respective of filter groups.  For example, blocks
>triggered by RTF will only be applied to the group that the block was
>triggers on.  Like the firewall engine, group order displayed is now
>respected by the system.  Group-level options to use global URL lists
>and RTF are correctly respected.
>
>MECguard performance has been improved.
>
>MECguard now makes use of 192.0.0.1 as its override login address
>instead of 172.31.255.1 which was a conflict for some networks.  The
>old address will remain valid until the next release to provide time
>to update block pages.
>
>A button to reset the MECguard block page to the system default has
>been added in the event you want to revert from a custom block page.
>
>MECguard access logs now correctly export.
>
>MECguard "top sites" log is now broken down by group.
>
>MECguard log viewer now includes a date widget.
>
>SECURE WEB FILTERING
>
>Major change here: MECguard SSL is now a proxy-based solution rather
>than a transparent one.  This means that in order to use MECguard SSL
>the system or browser will need to be configured to do so.  It also
>means, however, that MECguard will be able to block SSL websites by
>hostname and log requests without generating SSL certificate errors
>for allowed sites.
>
>A group-level "Force MECguard SSL" checkbox has been added which
>redirects any non-proxy HTTPS traffic for the group to a block page
>explaining that HTTPS is disabled unless using a proxy.  MECguard SSL
>can still be used without blocking non-proxy traffic if the option is
>not checked.
>
>The Joebox provides an automatic proxy configuration script at the URL
>"http://192.0.0.1/wpad.dat", this script includes the necessary
>exceptions to not filter private networks, and only direct HTTPS
>requests to the proxy server (also at 192.0.0.1).
>
>For browsers to auto-discover the proxy configuration URL, you can
>create a DNS record for wpad.domain (where domain is whatever domain
>name you assign to your hosts) which points to 192.0.0.1.  If using
>the Joebox as your DNS server in local mode (private IP addressing)
>the "wpad.local" DNS record will correctly respond without additional
>configuration.  Site's using their own DNS server and a domain name
>other than local will need to manually create the DNS record.
>
>Client systems may need to have automatic configuration enabled under
>Internet settings for WPAD to work.
>
>Sites running their own DHCP server may be able to provide the WPAD
>configuration URL using DHCP (we believe the DHCP method is Windows
>only).
>
>SYSTEM
>
>Reminder messages have been added reminding you to save your
>configuration if changes have been made, and to reboot your Joebox if
>software has been upgraded.
>
>Fix for a memory leak in UI causing load average to slowly rise.
>
>Local-mode DHCP server now correctly includes the "authoritative;"
>statement and will force clients to request a new lease if they
>attempt to renew an invalid lease.  This was causing significant
>address assignment problems for hosts that roam between different
>networks (such as wireless).
>
>System kernel has been upgraded to a more actively developed and
>maintained tree.
>
>-- 
>Ray Soucy
>
>Epic Communications Specialist
>
>Phone: +1 (207) 561-3526
>
>Networkmaine, a Unit of the University of Maine System
>http://www.networkmaine.net/

ATOM RSS1 RSS2