Ok, my question is: will iOS devices be able to connect to legitimate HTTPS
sites? I quickly looked through settings on an iPad and didn't see anything
about proxies or proxy discovery.

Thanks,
Seth

On Mon, Apr 11, 2011 at 12:07 PM, Networkmaine <[log in to unmask]> wrote:

> Hi Seth,
>
>     It doesn't matter if your trying to reach an HTTPS site from a
> computer, a phone, or a rock. As long as you're connecting through the
> Joebox and SSL is enabled, the traffic will be filtered.
>
> Anthony
> Networkmaine Support Center
> University of Maine System
> Maine School and Library Network
>    Communications and Network Services
> (207) 561-3587
> [log in to unmask]
>
>
>
> On Mon, Apr 11, 2011 at 11:51 AM, Seth Thompson <[log in to unmask]>wrote:
>
>> Ray,
>>
>> Do you know if MECGuard SSL will work with cell phones, iPads, etc?
>>
>> Thanks,
>> Seth
>>
>> On Fri, Apr 8, 2011 at 12:49 PM, Ray Soucy <[log in to unmask]> wrote:
>>
>>> No, "Force MECguard SSL" will block _all_ HTTPS traffic (the idea is
>>> that you check this box after you have your browsers setup to use
>>> MECguard for HTTPS as a proxy server to enforce it).
>>>
>>> On Fri, Apr 8, 2011 at 12:36 PM, Jaimie Moores <[log in to unmask]> wrote:
>>> > Does "Force MECGuard SSL" have to be checked in order for the closed
>>> port
>>> > rules to work?
>>> >
>>> > Jaimie Moores
>>> > Technology Coordinator
>>> > PowerSchool Administrator
>>> > Machias Memorial High School
>>> >
>>> >
>>> > On Fri, Apr 8, 2011 at 11:34 AM, Ray Soucy <[log in to unmask]> wrote:
>>> >>
>>> >> Facebook currently has 2 IP networks:
>>> >> 1. MailScanner has detected a possible fraud attempt from
>>> "66.220.144.0"
>>> >> claiming to be *MailScanner has detected a possible fraud attempt
>>> from "66.220.144.0" claiming to be* 66.220.144.0/20<http://66.220.144.0/20>
>>> >> 2. MailScanner has detected a possible fraud attempt from
>>> "69.63.176.0"
>>> >> claiming to be *MailScanner has detected a possible fraud attempt
>>> from "69.63.176.0" claiming to be* 69.63.176.0/20<http://69.63.176.0/20>
>>> >>
>>> >> Steps for a Firewall block of Facebook (as opposed to MECguard):
>>> >>
>>> >> Step 1: Create two "Closed Port" rules with the following settings:
>>> >>
>>> >> Rule 1:
>>> >>
>>> >> Description: Facebook
>>> >> Rule Chain: FORWARD
>>> >> Source Type: Firewall Group
>>> >> Source Group: LAN (or whatever group you want blocked)
>>> >> Destination Type: IP/Hostname
>>> >> Destination IP/Hostname: MailScanner has detected a possible fraud
>>> attempt
>>> >> from "66.220.144.0" claiming to be *MailScanner has detected a
>>> possible fraud attempt from "66.220.144.0" claiming to be*66.220.144.0/20<http://66.220.144.0/20>
>>> >> Protocol: TCP
>>> >> Closed Ports: 80,443
>>> >>
>>> >> Rule 2:
>>> >>
>>> >> Description: Facebook
>>> >> Rule Chain: FORWARD
>>> >> Source Type: Firewall Group
>>> >> Source Group: LAN (or whatever group you want blocked)
>>> >> Destination Type: IP/Hostname
>>> >> Destination IP/Hostname: MailScanner has detected a possible fraud
>>> attempt
>>> >> from "69.63.176.0" claiming to be *MailScanner has detected a
>>> possible fraud attempt from "69.63.176.0" claiming to be* 69.63.176.0/20<http://69.63.176.0/20>
>>> >> Protocol: TCP
>>> >> Closed Ports: 80,443
>>> >>
>>> >> On Fri, Apr 8, 2011 at 11:14 AM, Eric R. Warren <[log in to unmask]
>>> >
>>> >> wrote:
>>> >> > That's a useful trick!  Would you mind sharing those
>>> Facebook-blocking
>>> >> > settings with us?
>>> >> >
>>> >> > Eric
>>> >> > MSAD 45
>>> >> >
>>> >> > -----Original Message-----
>>> >> > From: Joebox User [mailto:[log in to unmask]] On Behalf Of
>>> Ray
>>> >> > Soucy
>>> >> > Sent: Friday, April 08, 2011 11:08 AM
>>> >> > To: [log in to unmask]
>>> >> > Subject: Re: Joebox Updates
>>> >> >
>>> >> > Linda,
>>> >> >
>>> >> > If you were using the old "MECguard SSL" it would no longer be
>>> active
>>> >> > after the upgrade (to my knowledge only a handful of people were
>>> >> > trying to use it because of all the browser errors it would
>>> generate).
>>> >> >
>>> >> > The "Force MECguard SSL" option will block SSL requests unless made
>>> >> > using a proxy server, but requires that browsers know about the
>>> proxy
>>> >> > server (as described in the MECguard notes I posted a few days ago).
>>> >> >
>>> >> > Other than that, it shouldn't have changed.
>>> >> >
>>> >> > I've created two "Closed Port" rules in your Firewall that will
>>> block
>>> >> > web access to the Facebook IP networks, but left them disabled.  You
>>> >> > can enable these rules and restart your firewall if you want to
>>> start
>>> >> > blocking access to Facebook over HTTPS.
>>> >> >
>>> >> > I've noticed that you only have one Group for MECguard.  If you
>>> block
>>> >> > Facebook using the Firewall you might want to create a "Teachers"
>>> >> > group with the IP addresses of teacher PCs so you can create a rule
>>> to
>>> >> > not block Facebook for those users.
>>> >> >
>>> >> > Because you're running a "LOW" Firewall policy, you'll need to apply
>>> >> > the 12.1 software update before Open Port rules to do this will
>>> work,
>>> >> > the Software Update can be run at any time.
>>> >> >
>>> >> > Feel free to give support a call if you'd like us to do any of this
>>> >> > for you: 1-888-367-6756
>>> >> >
>>> >> > Sorry about any disruption... The upgrade was a major change and
>>> >> > required a manual process to apply.  Future updates will be provided
>>> >> > through the Software Update tool and be left up to you to apply.
>>> >> >
>>> >> > On Fri, Apr 8, 2011 at 9:38 AM, Linda Chaisson <
>>> [log in to unmask]>
>>> >> > wrote:
>>> >> >> Ray:
>>> >> >> Previously our students couldn’t get to facebook by adding the s to
>>> >> >> http
>>> >> > and
>>> >> >> now they can. Was anything changed?
>>> >> >> Thanks,
>>> >> >> Linda
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> On 4/6/11 1:24 PM, "Ray Soucy" <[log in to unmask]> wrote:
>>> >> >>
>>> >> >> We realize that for many of you it seems like you just upgraded,
>>> but
>>> >> >> some of you have been running the code for over a month and have
>>> found
>>> >> >> a bug or two.  We have a minor update available.
>>> >> >>
>>> >> >> Feel free to apply this update using the "Software Update" tool on
>>> the
>>> >> >> Joebox at your convince.  This is a non-critical update and can be
>>> >> >> applied at any time.
>>> >> >>
>>> >> >> As always, if you need help running the Software Update utility, or
>>> >> >> encounter any problems, please give us a call: 1-888-367-6756
>>> >> >>
>>> >> >> New packages are labeled 12.1.
>>> >> >>
>>> >> >> Change Log:
>>> >> >>
>>> >> >> 1. A "Reinitialize Firewall" button has been added to the Firewall
>>> >> >> options page.  This button does a forced restart of the Firewall
>>> >> >> service (all rules are flushed and re-added) to recover from the
>>> >> >> Firewall Engine becoming out of sync.  If you run into a situation
>>> >> >> where using this button is the only way to "fix" your Joebox please
>>> >> >> contact us so we can take a look at your configuration and track
>>> down
>>> >> >> the invalid rule that is causing problems.
>>> >> >>
>>> >> >> 2. Port Forward rules with protocol "IP" weren't ignoring port
>>> fields
>>> >> >> (causing invalid rules).   This is now fixed.
>>> >> >>
>>> >> >> 3. Open Port rules were not being applied when a Firewall policy
>>> level
>>> >> >> of LOW was in use.  They should now be applied correctly.
>>> >> >>
>>> >> >> 4. In isolated circumstances, some traffic making use of TCP window
>>> >> >> scaling was being marked as INVALID by connection state tracking
>>> and
>>> >> >> being dropped by the Firewall.  This was found to be affecting less
>>> >> >> than 1% of traffic.  This should now be fixed, as TCP window size
>>> is
>>> >> >> no longer used to determine packet validity.
>>> >> >>
>>> >> >> 5. Minor update to SNMP to facilitate changes in Joebox monitoring
>>> by
>>> >> >> Networkmaine.
>>> >> >>
>>> >> >> 6. Minor UI update to fix changing of static route to be applied
>>> >> >> without
>>> >> >> reboot.
>>> >> >>
>>> >> >> 7. Minor UI update to allow DHCP service to be disable if in a
>>> failed
>>> >> >> status (e.g. enabled without a valid configuration), mostly to get
>>> rid
>>> >> >> of the "red" status indicator for sites not using DHCP on the
>>> Joebox.
>>> >> >>
>>> >> >> Linda Chaisson
>>> >> >> Technology Coordinator
>>> >> >> Regional School Unit 16
>>> >> >> C/O PRHS - 1457 Maine Street
>>> >> >> Poland, ME 04274
>>> >> >> 207-998-5400 Ext 103
>>> >> >> [log in to unmask]
>>> >> >>
>>> >> >>
>>> >> >
>>> >> >
>>> >> >
>>> >> > --
>>> >> > Ray Soucy
>>> >> >
>>> >> > Epic Communications Specialist
>>> >> >
>>> >> > Phone: +1 (207) 561-3526
>>> >> >
>>> >> > Networkmaine, a Unit of the University of Maine System
>>> >> > http://www.networkmaine.net/
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Ray Soucy
>>> >>
>>> >> Epic Communications Specialist
>>> >>
>>> >> Phone: +1 (207) 561-3526
>>> >>
>>> >> Networkmaine, a Unit of the University of Maine System
>>> >> http://www.networkmaine.net/
>>> >
>>> > The information transmitted herein is intended only for the person or
>>> entity
>>> > to which it is addressed and may contain confidential material. Any
>>> review,
>>> > retransmission, dissemination or other use of, or taking of any action
>>> in
>>> > reliance upon, this information by persons or entities other than the
>>> > intended recipient is prohibited. If you received this in error, please
>>> > contact the sender and delete the e-mail and any attachments from any
>>> > computer.
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>> Ray Soucy
>>>
>>> Epic Communications Specialist
>>>
>>> Phone: +1 (207) 561-3526
>>>
>>> Networkmaine, a Unit of the University of Maine System
>>> http://www.networkmaine.net/
>>>
>>
>>
>>
>> --
>> Seth H. Thompson
>> Technology Director
>> Regional School Unit No. 5
>> 207-865-4706 x232
>>
>>
>>
>


-- 
Seth H. Thompson
Technology Director
Regional School Unit No. 5
207-865-4706 x232