We have been having an issue with Infinite Campus. I don't think it is a Joebox issue, but if you have heard anything to contrary, any help would be appreciated. Any Mac running Snow Leopard has EXTREMELY slow response time with Campus (web-based SIS). Leopard and Tiger based Macs as well as any PC running any version of Windows or Linux have no issues. The only thing I have done is to try turning off filtering and allowing clear internet access, but this had no effect. Ideas? Thanks! H On 10/4/10 3:30 PM, "Ray Soucy" <[log in to unmask]> wrote: I wanted to drop everyone a note on some Joebox issues that we have been working with MECnet (the vendor) to resolve. I apologize in advance for the length of this email; apparently there is a lot to talk about. ;-) Restarting the Firewall or MECguard service will cause a brief but noticeable outage. This is a design oversight in the way the services were implemented, we have identified the cause and MECnet is working to re-engineer these services. The updates are in testing now, but give us a few weeks before we roll them out to make sure nothing breaks. For now, the work-around is to wait until the end of the day to restart MECguard or the Firewall if it's possible to minimize its impact. Many of you have called in with reports of problems accessing specific websites. Like the old Bess filter, MECguard is implemented as a transparent HTTP proxy service. This does indeed break the occasional website. The solution is to direct traffic around the proxy service so it never gets intercepted at all. This can be done using the "Web Filter" section of the Firewall. For example. If you wanted to bypass filtering for the website at 130.111.32.130 (networkmaine.net) you could add a new Web Filter rule with the following settings: Enable: Yes Description: networkmaine.net Rule Type: Don't Filter Destination Source Type: Firewall Group Group: Everyone Else Destination Type: IP/Hostname IP/Hostname: 130.111.32.130 Another common request is to block access to Facebook, as students quickly figure out that they can use HTTPS (which isn't filtered) in place of HTTP. To do this, we can create a few Closed Ports rules in the Firewall and block HTTPS to the IP addresses used by Facebook. The two IP networks currently used by Facebook appear to be "66.220.144.0/20" and "69.63.176.0/20". Note that this is may change every now and then if Facebook starts using more addresses. Here we would create two "Closed Ports" rules (one for each network) in the Firewall, below is an example of the settings for one of them. Enable Closed Port: Yes Description: Facebook Rule Chain: FORWARD Source Type: Firewall Group Group: LAN Destination Type: IP/Hostname IP/Hostname: 66.220.144.0/20 Protocol: TCP Port to be Closed: 443 Based on your policy, you may decide to block Facebook specifically, or SSL outright for everyone in a certain group. Any rules created in the "Open Ports" section of the Firewall are evaluated first. So if you wanted to give a specific group, for example "Teachers" unrestricted access to SSL websites (including Facebook) you could create an Open Port rule in the firewall to let that group through. Here is an example: Enable Open Port: Yes Description: Allow SSL for Teachers Rule Chain: FORWARD Source Type: Firewall Group Group: Teachers Destination Type: Firewall Group Group: Everyone Else Protocol: TCP Port to be Opened: 443 As always if you need assistance in setting this up, feel free to contact the Support Desk. Lastly, the current software available though software update is looking stable, and resolves a series of issues that have been around since the start of the school year. The support desk has been working with sites to upgrade everyone. If you are experiencing problems aside from the Firewall and MECguard restart issue mentioned above, you may want to call in and set up a time to upgrade your software. These updates (mostly) provide: Fix for routing engine so it is not dropping its default route when the firewall is restarted. Fix for UI bug that broke open or closed ports firewall rules if the protocol was set to "all". Fix for MECguard memory leak causing performance issues. Added automated nightly remote backup of configuration to Networkmaine (we keep the last 7 days of configuration backups). Minor UI fixes to correctly display service status. System kernel changes to handle networks larger than 512 addresses without causing performance issues. If you have been experiencing problems not addressed here I would like to hear from you (off-list) so we can take a look at your setup. The majority of the time that users are having a terrible experience with the Joebox turns out to be something easily corrected by making a configuration change. I'd also like to thank everyone, especially those of you who were unlucky enough to test some of the less-than-stable software updates leading up to this batch, for being patient as we work with MECnet to improve the Joebox for use in Maine schools. If you would like to share your questions, comments, joy, or frustration with us in person, a few of us from Networkmaine will be around at this year's ACTEM conference next week. I'll be giving a Joebox session there on the 14th, so if you haven't signed up yet, you might want to take a look. -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/