There it is! I just confirmed it on an iPad. Thanks, Ray.

On Mon, Apr 11, 2011 at 12:31 PM, Ray Soucy <[log in to unmask]> wrote:

> On the iPad:
>
> Settings > Control Panel > General > Network > WiFi > (Modify the SSID
> you want) HTTP Proxy > "Auto" (should work).
>
> I don't have an iPad so I can't actually verify this.  But from what
> I've read online it sounds like it should work correctly.
>
> On Mon, Apr 11, 2011 at 12:20 PM, Seth Thompson <[log in to unmask]>
> wrote:
> > Ok, my question is: will iOS devices be able to connect to legitimate
> HTTPS
> > sites? I quickly looked through settings on an iPad and didn't see
> anything
> > about proxies or proxy discovery.
> > Thanks,
> > Seth
> >
> > On Mon, Apr 11, 2011 at 12:07 PM, Networkmaine <[log in to unmask]>
> wrote:
> >>
> >> Hi Seth,
> >>     It doesn't matter if your trying to reach an HTTPS site from a
> >> computer, a phone, or a rock. As long as you're connecting through the
> >> Joebox and SSL is enabled, the traffic will be filtered.
> >> Anthony
> >> Networkmaine Support Center
> >> University of Maine System
> >> Maine School and Library Network
> >>    Communications and Network Services
> >> (207) 561-3587
> >> [log in to unmask]
> >>
> >>
> >> On Mon, Apr 11, 2011 at 11:51 AM, Seth Thompson <[log in to unmask]>
> >> wrote:
> >>>
> >>> Ray,
> >>> Do you know if MECGuard SSL will work with cell phones, iPads, etc?
> >>> Thanks,
> >>> Seth
> >>>
> >>> On Fri, Apr 8, 2011 at 12:49 PM, Ray Soucy <[log in to unmask]> wrote:
> >>>>
> >>>> No, "Force MECguard SSL" will block _all_ HTTPS traffic (the idea is
> >>>> that you check this box after you have your browsers setup to use
> >>>> MECguard for HTTPS as a proxy server to enforce it).
> >>>>
> >>>> On Fri, Apr 8, 2011 at 12:36 PM, Jaimie Moores <[log in to unmask]>
> wrote:
> >>>> > Does "Force MECGuard SSL" have to be checked in order for the closed
> >>>> > port
> >>>> > rules to work?
> >>>> >
> >>>> > Jaimie Moores
> >>>> > Technology Coordinator
> >>>> > PowerSchool Administrator
> >>>> > Machias Memorial High School
> >>>> >
> >>>> >
> >>>> > On Fri, Apr 8, 2011 at 11:34 AM, Ray Soucy <[log in to unmask]> wrote:
> >>>> >>
> >>>> >> Facebook currently has 2 IP networks:
> >>>> >> 1. MailScanner has detected a possible fraud attempt from
> >>>> >> "66.220.144.0"
> >>>> >> claiming to be MailScanner has detected a possible fraud attempt
> from
> >>>> >> "66.220.144.0" claiming to be 66.220.144.0/20
> >>>> >> 2. MailScanner has detected a possible fraud attempt from
> >>>> >> "69.63.176.0"
> >>>> >> claiming to be MailScanner has detected a possible fraud attempt
> from
> >>>> >> "69.63.176.0" claiming to be 69.63.176.0/20
> >>>> >>
> >>>> >> Steps for a Firewall block of Facebook (as opposed to MECguard):
> >>>> >>
> >>>> >> Step 1: Create two "Closed Port" rules with the following settings:
> >>>> >>
> >>>> >> Rule 1:
> >>>> >>
> >>>> >> Description: Facebook
> >>>> >> Rule Chain: FORWARD
> >>>> >> Source Type: Firewall Group
> >>>> >> Source Group: LAN (or whatever group you want blocked)
> >>>> >> Destination Type: IP/Hostname
> >>>> >> Destination IP/Hostname: MailScanner has detected a possible fraud
> >>>> >> attempt
> >>>> >> from "66.220.144.0" claiming to be MailScanner has detected a
> >>>> >> possible fraud attempt from "66.220.144.0" claiming to be
> 66.220.144.0/20
> >>>> >> Protocol: TCP
> >>>> >> Closed Ports: 80,443
> >>>> >>
> >>>> >> Rule 2:
> >>>> >>
> >>>> >> Description: Facebook
> >>>> >> Rule Chain: FORWARD
> >>>> >> Source Type: Firewall Group
> >>>> >> Source Group: LAN (or whatever group you want blocked)
> >>>> >> Destination Type: IP/Hostname
> >>>> >> Destination IP/Hostname: MailScanner has detected a possible fraud
> >>>> >> attempt
> >>>> >> from "69.63.176.0" claiming to be MailScanner has detected a
> possible
> >>>> >> fraud attempt from "69.63.176.0" claiming to be 69.63.176.0/20
> >>>> >> Protocol: TCP
> >>>> >> Closed Ports: 80,443
> >>>> >>
> >>>> >> On Fri, Apr 8, 2011 at 11:14 AM, Eric R. Warren
> >>>> >> <[log in to unmask]>
> >>>> >> wrote:
> >>>> >> > That's a useful trick!  Would you mind sharing those
> >>>> >> > Facebook-blocking
> >>>> >> > settings with us?
> >>>> >> >
> >>>> >> > Eric
> >>>> >> > MSAD 45
> >>>> >> >
> >>>> >> > -----Original Message-----
> >>>> >> > From: Joebox User [mailto:[log in to unmask]] On Behalf Of
> >>>> >> > Ray
> >>>> >> > Soucy
> >>>> >> > Sent: Friday, April 08, 2011 11:08 AM
> >>>> >> > To: [log in to unmask]
> >>>> >> > Subject: Re: Joebox Updates
> >>>> >> >
> >>>> >> > Linda,
> >>>> >> >
> >>>> >> > If you were using the old "MECguard SSL" it would no longer be
> >>>> >> > active
> >>>> >> > after the upgrade (to my knowledge only a handful of people were
> >>>> >> > trying to use it because of all the browser errors it would
> >>>> >> > generate).
> >>>> >> >
> >>>> >> > The "Force MECguard SSL" option will block SSL requests unless
> made
> >>>> >> > using a proxy server, but requires that browsers know about the
> >>>> >> > proxy
> >>>> >> > server (as described in the MECguard notes I posted a few days
> >>>> >> > ago).
> >>>> >> >
> >>>> >> > Other than that, it shouldn't have changed.
> >>>> >> >
> >>>> >> > I've created two "Closed Port" rules in your Firewall that will
> >>>> >> > block
> >>>> >> > web access to the Facebook IP networks, but left them disabled.
> >>>> >> >  You
> >>>> >> > can enable these rules and restart your firewall if you want to
> >>>> >> > start
> >>>> >> > blocking access to Facebook over HTTPS.
> >>>> >> >
> >>>> >> > I've noticed that you only have one Group for MECguard.  If you
> >>>> >> > block
> >>>> >> > Facebook using the Firewall you might want to create a "Teachers"
> >>>> >> > group with the IP addresses of teacher PCs so you can create a
> rule
> >>>> >> > to
> >>>> >> > not block Facebook for those users.
> >>>> >> >
> >>>> >> > Because you're running a "LOW" Firewall policy, you'll need to
> >>>> >> > apply
> >>>> >> > the 12.1 software update before Open Port rules to do this will
> >>>> >> > work,
> >>>> >> > the Software Update can be run at any time.
> >>>> >> >
> >>>> >> > Feel free to give support a call if you'd like us to do any of
> this
> >>>> >> > for you: 1-888-367-6756
> >>>> >> >
> >>>> >> > Sorry about any disruption... The upgrade was a major change and
> >>>> >> > required a manual process to apply.  Future updates will be
> >>>> >> > provided
> >>>> >> > through the Software Update tool and be left up to you to apply.
> >>>> >> >
> >>>> >> > On Fri, Apr 8, 2011 at 9:38 AM, Linda Chaisson
> >>>> >> > <[log in to unmask]>
> >>>> >> > wrote:
> >>>> >> >> Ray:
> >>>> >> >> Previously our students couldn’t get to facebook by adding the s
> >>>> >> >> to
> >>>> >> >> http
> >>>> >> > and
> >>>> >> >> now they can. Was anything changed?
> >>>> >> >> Thanks,
> >>>> >> >> Linda
> >>>> >> >>
> >>>> >> >>
> >>>> >> >>
> >>>> >> >> On 4/6/11 1:24 PM, "Ray Soucy" <[log in to unmask]> wrote:
> >>>> >> >>
> >>>> >> >> We realize that for many of you it seems like you just upgraded,
> >>>> >> >> but
> >>>> >> >> some of you have been running the code for over a month and have
> >>>> >> >> found
> >>>> >> >> a bug or two.  We have a minor update available.
> >>>> >> >>
> >>>> >> >> Feel free to apply this update using the "Software Update" tool
> on
> >>>> >> >> the
> >>>> >> >> Joebox at your convince.  This is a non-critical update and can
> be
> >>>> >> >> applied at any time.
> >>>> >> >>
> >>>> >> >> As always, if you need help running the Software Update utility,
> >>>> >> >> or
> >>>> >> >> encounter any problems, please give us a call: 1-888-367-6756
> >>>> >> >>
> >>>> >> >> New packages are labeled 12.1.
> >>>> >> >>
> >>>> >> >> Change Log:
> >>>> >> >>
> >>>> >> >> 1. A "Reinitialize Firewall" button has been added to the
> Firewall
> >>>> >> >> options page.  This button does a forced restart of the Firewall
> >>>> >> >> service (all rules are flushed and re-added) to recover from the
> >>>> >> >> Firewall Engine becoming out of sync.  If you run into a
> situation
> >>>> >> >> where using this button is the only way to "fix" your Joebox
> >>>> >> >> please
> >>>> >> >> contact us so we can take a look at your configuration and track
> >>>> >> >> down
> >>>> >> >> the invalid rule that is causing problems.
> >>>> >> >>
> >>>> >> >> 2. Port Forward rules with protocol "IP" weren't ignoring port
> >>>> >> >> fields
> >>>> >> >> (causing invalid rules).   This is now fixed.
> >>>> >> >>
> >>>> >> >> 3. Open Port rules were not being applied when a Firewall policy
> >>>> >> >> level
> >>>> >> >> of LOW was in use.  They should now be applied correctly.
> >>>> >> >>
> >>>> >> >> 4. In isolated circumstances, some traffic making use of TCP
> >>>> >> >> window
> >>>> >> >> scaling was being marked as INVALID by connection state tracking
> >>>> >> >> and
> >>>> >> >> being dropped by the Firewall.  This was found to be affecting
> >>>> >> >> less
> >>>> >> >> than 1% of traffic.  This should now be fixed, as TCP window
> size
> >>>> >> >> is
> >>>> >> >> no longer used to determine packet validity.
> >>>> >> >>
> >>>> >> >> 5. Minor update to SNMP to facilitate changes in Joebox
> monitoring
> >>>> >> >> by
> >>>> >> >> Networkmaine.
> >>>> >> >>
> >>>> >> >> 6. Minor UI update to fix changing of static route to be applied
> >>>> >> >> without
> >>>> >> >> reboot.
> >>>> >> >>
> >>>> >> >> 7. Minor UI update to allow DHCP service to be disable if in a
> >>>> >> >> failed
> >>>> >> >> status (e.g. enabled without a valid configuration), mostly to
> get
> >>>> >> >> rid
> >>>> >> >> of the "red" status indicator for sites not using DHCP on the
> >>>> >> >> Joebox.
> >>>> >> >>
> >>>> >> >> Linda Chaisson
> >>>> >> >> Technology Coordinator
> >>>> >> >> Regional School Unit 16
> >>>> >> >> C/O PRHS - 1457 Maine Street
> >>>> >> >> Poland, ME 04274
> >>>> >> >> 207-998-5400 Ext 103
> >>>> >> >> [log in to unmask]
> >>>> >> >>
> >>>> >> >>
> >>>> >> >
> >>>> >> >
> >>>> >> >
> >>>> >> > --
> >>>> >> > Ray Soucy
> >>>> >> >
> >>>> >> > Epic Communications Specialist
> >>>> >> >
> >>>> >> > Phone: +1 (207) 561-3526
> >>>> >> >
> >>>> >> > Networkmaine, a Unit of the University of Maine System
> >>>> >> > http://www.networkmaine.net/
> >>>> >> >
> >>>> >>
> >>>> >>
> >>>> >>
> >>>> >> --
> >>>> >> Ray Soucy
> >>>> >>
> >>>> >> Epic Communications Specialist
> >>>> >>
> >>>> >> Phone: +1 (207) 561-3526
> >>>> >>
> >>>> >> Networkmaine, a Unit of the University of Maine System
> >>>> >> http://www.networkmaine.net/
> >>>> >
> >>>> > The information transmitted herein is intended only for the person
> or
> >>>> > entity
> >>>> > to which it is addressed and may contain confidential material. Any
> >>>> > review,
> >>>> > retransmission, dissemination or other use of, or taking of any
> action
> >>>> > in
> >>>> > reliance upon, this information by persons or entities other than
> the
> >>>> > intended recipient is prohibited. If you received this in error,
> >>>> > please
> >>>> > contact the sender and delete the e-mail and any attachments from
> any
> >>>> > computer.
> >>>> >
> >>>> >
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Ray Soucy
> >>>>
> >>>> Epic Communications Specialist
> >>>>
> >>>> Phone: +1 (207) 561-3526
> >>>>
> >>>> Networkmaine, a Unit of the University of Maine System
> >>>> http://www.networkmaine.net/
> >>>
> >>>
> >>>
> >>> --
> >>> Seth H. Thompson
> >>> Technology Director
> >>> Regional School Unit No. 5
> >>> 207-865-4706 x232
> >>>
> >>>
> >>
> >
> >
> >
> > --
> > Seth H. Thompson
> > Technology Director
> > Regional School Unit No. 5
> > 207-865-4706 x232
> >
> >
> >
>
>
>
> --
> Ray Soucy
>
> Epic Communications Specialist
>
> Phone: +1 (207) 561-3526
>
> Networkmaine, a Unit of the University of Maine System
> http://www.networkmaine.net/
>



-- 
Seth H. Thompson
Technology Director
Regional School Unit No. 5
207-865-4706 x232