My firewall provides antivirus/spyware protection for my network and 2 years of configuration work, going with Joebox firewall now creates a lot of problems that are better solved during the summer. Overrides at the moment do not take place during school hours at all, which will have to continue I guess for now. I'd rather have the same rules and policies for everyone anyway.....Not all networks are the same, this device will provide better security for some, so far, I don't see it as being a significant improvement unless I make some network changes. It does work faster, that's a big plus..... thanks, Dana ----- Original Message ----- From: "Ray Soucy" <[log in to unmask]> To: <[log in to unmask]> Sent: Wednesday, October 13, 2010 9:20 AM Subject: Re: MECguard block page broken? > When you use the Override in MECguard it will ask you if you want it > to override filtering for just you or everyone on your network (if you > grant the user permission to do so). You can also select to override > only the page, the entire website, or all websites (though you can not > override all websites for everyone). > > We have a handful of sites using their own firewall behind the Joebox. > It's not something we recommend. When the Joebox is acting as the > firewall for your site it has visibility of your private IPs and can > provide per-host override functionality even when private addressing > is used. Of course, if you are using a firewall- an override will > effect everyone just like Bess did. > > Note that the current override system does interrupt web traffic > briefly for other users. This will be fixed with an upgrade due in a > few weeks. > > The only sites you need to use IP addresses to block are SSL websites > (same as with Bess). To block SSL you must block it in the firewall > rather than through MECguard since SSL can't be transparently filtered > without breaking the security chain. > > For normal HTTP websites, you have an allow list and block list of > URLs that can be configured on the Joebox. The groups are there to > facilitate more advanced filtering, but nothing prevents you from just > using one group for everyone. > > On Wed, Oct 13, 2010 at 8:07 AM, Dana Rioux > <[log in to unmask]> wrote: > > I just got the new Joebox hooked up yesterday, I don't work much with HTML > > and I think your block hosting idea centrally is a good idea, we do have a > > few faculty people that want an override option at times. Can you detail > > your directions a bit more to do this? > > > > Since we assign IP's locally, an individual override opens it up for > > everyone within our network...It must work that way as well with this new > > filter.Creating IP groups is good idea but not if we are assigning > > dynamically... > > > > I use my own Firewall so I was also wondering where to list the allow and > > blocked sites in MecGuard, I had a long block list in the smartfilter that > > worked well. It wouldn't be wise to use the Joebox firewall if I already > > have one that works well. If that is where the white and blacklist must be, > > then I'll have to put them in my own firewall.....Smartfilter had a an allow > > and blocked option... > > > > Dana Rioux/MSAD25 > > Stacyville, Me > > > > ----- Original Message ----- > > From: "Ray Soucy" <[log in to unmask]> > > To: <[log in to unmask]> > > Sent: Thursday, October 07, 2010 4:51 PM > > Subject: MECguard block page broken? > > > > > >> Recently MECnet modified their website and no longer has the images > >> referenced by the default block page available. > >> > >> We've had a few requests to fix this. > >> > >> The intension of the block page is that it would be replaced with a > >> custom block page for your school. A few of you already have. > >> > >> This can be done by uploading an HTML file using the "upload > >> customized page" button in MECguard options on the Joebox. > >> > >> The important components of the block page are the following variables > >> (which get replaced when the page is presented to the user): > >> > >> The URL of the page blocked: %u > >> The client IP: %i > >> The email address of the MECguard administrator: %w > >> > >> If you make use of the override ability, you should include a link to > >> the login page which should be written as > >> "http://172.31.255.1:10001/index.php?URL='%u'&Client=%i". > >> > >> One of the comments we received is that the email link for review > >> doesn't do much good since most PCs don't have an email client > >> configured. One option here is to make an HTML form on your block > >> page and submit it to a web server where you could process the request > >> how you see fit. > >> > >> Another solution we're considering is hosting the form target > >> centrally on Networkmaine.net, and then sending out email notification > >> to you from here, bug logging the request at the same time. > >> > >> The advantage would be for us to see review requests centrally (for > >> those who opt-in) and perhaps come up with a better default whitelist. > >> Is there any interest in this sort of service? > >> > >> I have something mocked up if anyone would like to give it a try. > >> > >> Please note that the "download page" button is broken (it's on the > >> list of things to fix). As a workaround, you can get the same result > >> by clicking on "display current page" and then viewing the page > >> source. > >> > >> Maybe to have a little fun, if you create a custom page that you think > >> is pretty good, why not provide a link to a screenshot (no attachments > >> please) so we can have a contest to see who has the nicest block page? > >> I think I'll go ahead and say there is a free Networkmaine t-shirt in > >> it for the winner. > >> > >> As always, if you need help our support staff is ready to give you a hand. > >> > >> -- > >> Ray Soucy > >> > >> Epic Communications Specialist > >> > >> Phone: +1 (207) 561-3526 > >> > >> Networkmaine, a Unit of the University of Maine System > >> http://www.networkmaine.net/ > > > > > > -- > Ray Soucy > > Epic Communications Specialist > > Phone: +1 (207) 561-3526 > > Networkmaine, a Unit of the University of Maine System > http://www.networkmaine.net/