On the iPad: Settings > Control Panel > General > Network > WiFi > (Modify the SSID you want) HTTP Proxy > "Auto" (should work). I don't have an iPad so I can't actually verify this. But from what I've read online it sounds like it should work correctly. On Mon, Apr 11, 2011 at 12:20 PM, Seth Thompson <[log in to unmask]> wrote: > Ok, my question is: will iOS devices be able to connect to legitimate HTTPS > sites? I quickly looked through settings on an iPad and didn't see anything > about proxies or proxy discovery. > Thanks, > Seth > > On Mon, Apr 11, 2011 at 12:07 PM, Networkmaine <[log in to unmask]> wrote: >> >> Hi Seth, >> It doesn't matter if your trying to reach an HTTPS site from a >> computer, a phone, or a rock. As long as you're connecting through the >> Joebox and SSL is enabled, the traffic will be filtered. >> Anthony >> Networkmaine Support Center >> University of Maine System >> Maine School and Library Network >> Communications and Network Services >> (207) 561-3587 >> [log in to unmask] >> >> >> On Mon, Apr 11, 2011 at 11:51 AM, Seth Thompson <[log in to unmask]> >> wrote: >>> >>> Ray, >>> Do you know if MECGuard SSL will work with cell phones, iPads, etc? >>> Thanks, >>> Seth >>> >>> On Fri, Apr 8, 2011 at 12:49 PM, Ray Soucy <[log in to unmask]> wrote: >>>> >>>> No, "Force MECguard SSL" will block _all_ HTTPS traffic (the idea is >>>> that you check this box after you have your browsers setup to use >>>> MECguard for HTTPS as a proxy server to enforce it). >>>> >>>> On Fri, Apr 8, 2011 at 12:36 PM, Jaimie Moores <[log in to unmask]> wrote: >>>> > Does "Force MECGuard SSL" have to be checked in order for the closed >>>> > port >>>> > rules to work? >>>> > >>>> > Jaimie Moores >>>> > Technology Coordinator >>>> > PowerSchool Administrator >>>> > Machias Memorial High School >>>> > >>>> > >>>> > On Fri, Apr 8, 2011 at 11:34 AM, Ray Soucy <[log in to unmask]> wrote: >>>> >> >>>> >> Facebook currently has 2 IP networks: >>>> >> 1. MailScanner has detected a possible fraud attempt from >>>> >> "66.220.144.0" >>>> >> claiming to be MailScanner has detected a possible fraud attempt from >>>> >> "66.220.144.0" claiming to be 66.220.144.0/20 >>>> >> 2. MailScanner has detected a possible fraud attempt from >>>> >> "69.63.176.0" >>>> >> claiming to be MailScanner has detected a possible fraud attempt from >>>> >> "69.63.176.0" claiming to be 69.63.176.0/20 >>>> >> >>>> >> Steps for a Firewall block of Facebook (as opposed to MECguard): >>>> >> >>>> >> Step 1: Create two "Closed Port" rules with the following settings: >>>> >> >>>> >> Rule 1: >>>> >> >>>> >> Description: Facebook >>>> >> Rule Chain: FORWARD >>>> >> Source Type: Firewall Group >>>> >> Source Group: LAN (or whatever group you want blocked) >>>> >> Destination Type: IP/Hostname >>>> >> Destination IP/Hostname: MailScanner has detected a possible fraud >>>> >> attempt >>>> >> from "66.220.144.0" claiming to be MailScanner has detected a >>>> >> possible fraud attempt from "66.220.144.0" claiming to be 66.220.144.0/20 >>>> >> Protocol: TCP >>>> >> Closed Ports: 80,443 >>>> >> >>>> >> Rule 2: >>>> >> >>>> >> Description: Facebook >>>> >> Rule Chain: FORWARD >>>> >> Source Type: Firewall Group >>>> >> Source Group: LAN (or whatever group you want blocked) >>>> >> Destination Type: IP/Hostname >>>> >> Destination IP/Hostname: MailScanner has detected a possible fraud >>>> >> attempt >>>> >> from "69.63.176.0" claiming to be MailScanner has detected a possible >>>> >> fraud attempt from "69.63.176.0" claiming to be 69.63.176.0/20 >>>> >> Protocol: TCP >>>> >> Closed Ports: 80,443 >>>> >> >>>> >> On Fri, Apr 8, 2011 at 11:14 AM, Eric R. Warren >>>> >> <[log in to unmask]> >>>> >> wrote: >>>> >> > That's a useful trick! Would you mind sharing those >>>> >> > Facebook-blocking >>>> >> > settings with us? >>>> >> > >>>> >> > Eric >>>> >> > MSAD 45 >>>> >> > >>>> >> > -----Original Message----- >>>> >> > From: Joebox User [mailto:[log in to unmask]] On Behalf Of >>>> >> > Ray >>>> >> > Soucy >>>> >> > Sent: Friday, April 08, 2011 11:08 AM >>>> >> > To: [log in to unmask] >>>> >> > Subject: Re: Joebox Updates >>>> >> > >>>> >> > Linda, >>>> >> > >>>> >> > If you were using the old "MECguard SSL" it would no longer be >>>> >> > active >>>> >> > after the upgrade (to my knowledge only a handful of people were >>>> >> > trying to use it because of all the browser errors it would >>>> >> > generate). >>>> >> > >>>> >> > The "Force MECguard SSL" option will block SSL requests unless made >>>> >> > using a proxy server, but requires that browsers know about the >>>> >> > proxy >>>> >> > server (as described in the MECguard notes I posted a few days >>>> >> > ago). >>>> >> > >>>> >> > Other than that, it shouldn't have changed. >>>> >> > >>>> >> > I've created two "Closed Port" rules in your Firewall that will >>>> >> > block >>>> >> > web access to the Facebook IP networks, but left them disabled. >>>> >> > You >>>> >> > can enable these rules and restart your firewall if you want to >>>> >> > start >>>> >> > blocking access to Facebook over HTTPS. >>>> >> > >>>> >> > I've noticed that you only have one Group for MECguard. If you >>>> >> > block >>>> >> > Facebook using the Firewall you might want to create a "Teachers" >>>> >> > group with the IP addresses of teacher PCs so you can create a rule >>>> >> > to >>>> >> > not block Facebook for those users. >>>> >> > >>>> >> > Because you're running a "LOW" Firewall policy, you'll need to >>>> >> > apply >>>> >> > the 12.1 software update before Open Port rules to do this will >>>> >> > work, >>>> >> > the Software Update can be run at any time. >>>> >> > >>>> >> > Feel free to give support a call if you'd like us to do any of this >>>> >> > for you: 1-888-367-6756 >>>> >> > >>>> >> > Sorry about any disruption... The upgrade was a major change and >>>> >> > required a manual process to apply. Future updates will be >>>> >> > provided >>>> >> > through the Software Update tool and be left up to you to apply. >>>> >> > >>>> >> > On Fri, Apr 8, 2011 at 9:38 AM, Linda Chaisson >>>> >> > <[log in to unmask]> >>>> >> > wrote: >>>> >> >> Ray: >>>> >> >> Previously our students couldn’t get to facebook by adding the s >>>> >> >> to >>>> >> >> http >>>> >> > and >>>> >> >> now they can. Was anything changed? >>>> >> >> Thanks, >>>> >> >> Linda >>>> >> >> >>>> >> >> >>>> >> >> >>>> >> >> On 4/6/11 1:24 PM, "Ray Soucy" <[log in to unmask]> wrote: >>>> >> >> >>>> >> >> We realize that for many of you it seems like you just upgraded, >>>> >> >> but >>>> >> >> some of you have been running the code for over a month and have >>>> >> >> found >>>> >> >> a bug or two. We have a minor update available. >>>> >> >> >>>> >> >> Feel free to apply this update using the "Software Update" tool on >>>> >> >> the >>>> >> >> Joebox at your convince. This is a non-critical update and can be >>>> >> >> applied at any time. >>>> >> >> >>>> >> >> As always, if you need help running the Software Update utility, >>>> >> >> or >>>> >> >> encounter any problems, please give us a call: 1-888-367-6756 >>>> >> >> >>>> >> >> New packages are labeled 12.1. >>>> >> >> >>>> >> >> Change Log: >>>> >> >> >>>> >> >> 1. A "Reinitialize Firewall" button has been added to the Firewall >>>> >> >> options page. This button does a forced restart of the Firewall >>>> >> >> service (all rules are flushed and re-added) to recover from the >>>> >> >> Firewall Engine becoming out of sync. If you run into a situation >>>> >> >> where using this button is the only way to "fix" your Joebox >>>> >> >> please >>>> >> >> contact us so we can take a look at your configuration and track >>>> >> >> down >>>> >> >> the invalid rule that is causing problems. >>>> >> >> >>>> >> >> 2. Port Forward rules with protocol "IP" weren't ignoring port >>>> >> >> fields >>>> >> >> (causing invalid rules). This is now fixed. >>>> >> >> >>>> >> >> 3. Open Port rules were not being applied when a Firewall policy >>>> >> >> level >>>> >> >> of LOW was in use. They should now be applied correctly. >>>> >> >> >>>> >> >> 4. In isolated circumstances, some traffic making use of TCP >>>> >> >> window >>>> >> >> scaling was being marked as INVALID by connection state tracking >>>> >> >> and >>>> >> >> being dropped by the Firewall. This was found to be affecting >>>> >> >> less >>>> >> >> than 1% of traffic. This should now be fixed, as TCP window size >>>> >> >> is >>>> >> >> no longer used to determine packet validity. >>>> >> >> >>>> >> >> 5. Minor update to SNMP to facilitate changes in Joebox monitoring >>>> >> >> by >>>> >> >> Networkmaine. >>>> >> >> >>>> >> >> 6. Minor UI update to fix changing of static route to be applied >>>> >> >> without >>>> >> >> reboot. >>>> >> >> >>>> >> >> 7. Minor UI update to allow DHCP service to be disable if in a >>>> >> >> failed >>>> >> >> status (e.g. enabled without a valid configuration), mostly to get >>>> >> >> rid >>>> >> >> of the "red" status indicator for sites not using DHCP on the >>>> >> >> Joebox. >>>> >> >> >>>> >> >> Linda Chaisson >>>> >> >> Technology Coordinator >>>> >> >> Regional School Unit 16 >>>> >> >> C/O PRHS - 1457 Maine Street >>>> >> >> Poland, ME 04274 >>>> >> >> 207-998-5400 Ext 103 >>>> >> >> [log in to unmask] >>>> >> >> >>>> >> >> >>>> >> > >>>> >> > >>>> >> > >>>> >> > -- >>>> >> > Ray Soucy >>>> >> > >>>> >> > Epic Communications Specialist >>>> >> > >>>> >> > Phone: +1 (207) 561-3526 >>>> >> > >>>> >> > Networkmaine, a Unit of the University of Maine System >>>> >> > http://www.networkmaine.net/ >>>> >> > >>>> >> >>>> >> >>>> >> >>>> >> -- >>>> >> Ray Soucy >>>> >> >>>> >> Epic Communications Specialist >>>> >> >>>> >> Phone: +1 (207) 561-3526 >>>> >> >>>> >> Networkmaine, a Unit of the University of Maine System >>>> >> http://www.networkmaine.net/ >>>> > >>>> > The information transmitted herein is intended only for the person or >>>> > entity >>>> > to which it is addressed and may contain confidential material. Any >>>> > review, >>>> > retransmission, dissemination or other use of, or taking of any action >>>> > in >>>> > reliance upon, this information by persons or entities other than the >>>> > intended recipient is prohibited. If you received this in error, >>>> > please >>>> > contact the sender and delete the e-mail and any attachments from any >>>> > computer. >>>> > >>>> > >>>> >>>> >>>> >>>> -- >>>> Ray Soucy >>>> >>>> Epic Communications Specialist >>>> >>>> Phone: +1 (207) 561-3526 >>>> >>>> Networkmaine, a Unit of the University of Maine System >>>> http://www.networkmaine.net/ >>> >>> >>> >>> -- >>> Seth H. Thompson >>> Technology Director >>> Regional School Unit No. 5 >>> 207-865-4706 x232 >>> >>> >> > > > > -- > Seth H. Thompson > Technology Director > Regional School Unit No. 5 > 207-865-4706 x232 > > > -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/