On Fri, Apr 8, 2011 at 11:14 AM, Eric R. Warren <
[log in to unmask]> wrote:
> That's a useful trick! Would you mind sharing those Facebook-blocking
> settings with us?
>
> Eric
> MSAD 45
>
> -----Original Message-----
> From: Joebox User [mailto:
[log in to unmask]] On Behalf Of Ray Soucy
> Sent: Friday, April 08, 2011 11:08 AM
> To:
[log in to unmask]
> Subject: Re: Joebox Updates
>
> Linda,
>
> If you were using the old "MECguard SSL" it would no longer be active
> after the upgrade (to my knowledge only a handful of people were
> trying to use it because of all the browser errors it would generate).
>
> The "Force MECguard SSL" option will block SSL requests unless made
> using a proxy server, but requires that browsers know about the proxy
> server (as described in the MECguard notes I posted a few days ago).
>
> Other than that, it shouldn't have changed.
>
> I've created two "Closed Port" rules in your Firewall that will block
> web access to the Facebook IP networks, but left them disabled. You
> can enable these rules and restart your firewall if you want to start
> blocking access to Facebook over HTTPS.
>
> I've noticed that you only have one Group for MECguard. If you block
> Facebook using the Firewall you might want to create a "Teachers"
> group with the IP addresses of teacher PCs so you can create a rule to
> not block Facebook for those users.
>
> Because you're running a "LOW" Firewall policy, you'll need to apply
> the 12.1 software update before Open Port rules to do this will work,
> the Software Update can be run at any time.
>
> Feel free to give support a call if you'd like us to do any of this
> for you:
1-888-367-6756
>
> Sorry about any disruption... The upgrade was a major change and
> required a manual process to apply. Future updates will be provided
> through the Software Update tool and be left up to you to apply.
>
> On Fri, Apr 8, 2011 at 9:38 AM, Linda Chaisson <
[log in to unmask]>
> wrote:
>> Ray:
>> Previously our students couldn’t get to facebook by adding the s to http
> and
>> now they can. Was anything changed?
>> Thanks,
>> Linda
>>
>>
>>
>> On 4/6/11 1:24 PM, "Ray Soucy" <
[log in to unmask]> wrote:
>>
>> We realize that for many of you it seems like you just upgraded, but
>> some of you have been running the code for over a month and have found
>> a bug or two. We have a minor update available.
>>
>> Feel free to apply this update using the "Software Update" tool on the
>> Joebox at your convince. This is a non-critical update and can be
>> applied at any time.
>>
>> As always, if you need help running the Software Update utility, or
>> encounter any problems, please give us a call:
1-888-367-6756
>>
>> New packages are labeled 12.1.
>>
>> Change Log:
>>
>> 1. A "Reinitialize Firewall" button has been added to the Firewall
>> options page. This button does a forced restart of the Firewall
>> service (all rules are flushed and re-added) to recover from the
>> Firewall Engine becoming out of sync. If you run into a situation
>> where using this button is the only way to "fix" your Joebox please
>> contact us so we can take a look at your configuration and track down
>> the invalid rule that is causing problems.
>>
>> 2. Port Forward rules with protocol "IP" weren't ignoring port fields
>> (causing invalid rules). This is now fixed.
>>
>> 3. Open Port rules were not being applied when a Firewall policy level
>> of LOW was in use. They should now be applied correctly.
>>
>> 4. In isolated circumstances, some traffic making use of TCP window
>> scaling was being marked as INVALID by connection state tracking and
>> being dropped by the Firewall. This was found to be affecting less
>> than 1% of traffic. This should now be fixed, as TCP window size is
>> no longer used to determine packet validity.
>>
>> 5. Minor update to SNMP to facilitate changes in Joebox monitoring by
>> Networkmaine.
>>
>> 6. Minor UI update to fix changing of static route to be applied without
>> reboot.
>>
>> 7. Minor UI update to allow DHCP service to be disable if in a failed
>> status (e.g. enabled without a valid configuration), mostly to get rid
>> of the "red" status indicator for sites not using DHCP on the Joebox.
>>
>> Linda Chaisson
>> Technology Coordinator
>> Regional School Unit 16
>> C/O PRHS - 1457 Maine Street
>> Poland, ME 04274
>>
207-998-5400 Ext 103
>>
[log in to unmask]
>>
>>
>
>
>
> --
> Ray Soucy
>
> Epic Communications Specialist
>
> Phone:
+1 (207) 561-3526
>
> Networkmaine, a Unit of the University of Maine System
>
http://www.networkmaine.net/
>
--
Ray Soucy
Epic Communications Specialist
Phone:
+1 (207) 561-3526
Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/