Technical Coordinators,
Please note: if your school or library does **not** currently have a Joebox
as your MSLN-provided router, you may disregard the remainder of this
message. Otherwise, please read.
As you are aware from our previous communication on this topic, the Joebox
devices are no longer being supported by the manufacturer, and are
therefore no longer receiving software updates. In the past this has meant
that the MECguard filtering service unique to the Joebox has become
unsupportable, though the other functionality continued to be reliable and
usable. However, as we continue in to another year with no software
updates, concerns regarding the security and stability of the Joebox
mount. For this reason we are discontinuing the Joebox as a supported
routing device, and will be retiring all existing Joeboxes in favor of
Edgerouter
Pros <http://www.networkmaine.net/msln/edgerouter/>. This will hopefully
be completed by the end of this summer, if time and equipment inventory
allow it.
Many Joeboxes have already been replaced with Edgerouters, and the process
has been going very well. There are a few differences between the Joebox
and the Edgerouters that you should be aware of, however. It is probably
self-evident that the Edgerouter does not support MECguard, as that is a
unique Joebox feature. Any site currently still using MECguard **must* *move
to an alternative filtering service. MSLN provides access to OpenDNS
<https://www.opendns.com/> at no charge, and fortunately it is a superior
service to MECguard in almost every way. Nevertheless, if you find that
OpenDNS will not work for your school for any reason, there are many third
party filtering solutions available in the marketplace.
The chief other difference is that there is no web interface on the
Edgerouter, so there will be no direct management access available to site
technical coordinators. The Edgerouters do still support basic firewall
services as well as NAT and DHCP, and so we will be able to replicate the
existing configuration of the Joebox on the replacement Edgerouter.
However, any changes to firewall rules or other similar services running on
the Edgerouter will need to be submitted to Networkmaine for action.
Therefore, we are advising any sites that make regular changes to their
firewall rules on the Joebox, or who wish for greater local control of
firewall services, to adopt their own firewall solution behind the
Edgerouter. Networkmaine can assist in transitioning from the Edgerouter
firewall to a local firewall (the Edgerouter will need to remain in place
for routing purposes of course).
The only other commonly used Joebox feature that is not supported on the
Edgerouters is VPN access. Due to the lack of hardware acceleration for
VPN connections on the Edgerouters, we are not able to allow them due to
the possibility of a negative performance impact caused by their use. We
advise setting up a VPN server behind the Edgerouter if VPN connectivity is
needed; there are free options available, such as OpenVPN, that can be
installed on any unused hardware on your LAN.
If you have any scheduling constraints for the summer that we would need to
work around for purposes of replacing your Joebox, please let us know so we
can make arrangements. Additionally, if you have any questions about the
Edgerouter <http://www.networkmaine.net/msln/edgerouter/> or the transition
process, please do not hesitate to contact us. Otherwise, we will be
contacting sites to work on replacing Joeboxes progressively over the
course of the summer.
Thank you for your assistance as we work to provide you with the best
possible equipment to continue delivering fast, reliable network service.
--
Andrew W. Henry
Networkmaine NOC Coordinator
University of Maine System
Maine School and Library Network
(207) 561-3587
[log in to unmask]
|
