Check the order of your Groups. It sounds like you have them backwords if it's blocking a group that shouldn't be denied access to those ports. Vincent Vanier, Technology Coordinator Madawaska School Department [log in to unmask] (207)728-3371x408 On Mon, Jan 9, 2012 at 2:08 PM, James Jalbert <[log in to unmask]> wrote: > I am in hopes that someone out there can help me with this, here is the > issue > > First off the easy one, I have a group that I would like completely open > on both filtering and firewall. This network has its own filter, and > firewall in place, and I want to make sure that NOTHING is blocked to or > from this site? I am assuming that an open port rule of Everyone Else to > "this Group" allowing all protocols is what I want? I also assume that I > will need one for "this Group" to Everyone Else to allow all out? By the > way, our firewall is still at low, but looking to move it to medium, for > everyone but "this group". > > Second, and I think this is more complicated, Thanks to Vince for > providing me with the Facebook Networks, so I can block all https traffic > to their servers, this has worked great! How ever, I did set this up using > a Facebook group with the network as members. Set a closed port rule to say > all source from Private Lan to Facebook on tcp 443 is blocked. Now my issue > comes in that we are looking to create a group for admins to allow them to > get to facebook. The issue I am having is that when I create the group, > enter in the IPs for the machines, then test it, i get the following > results. Facebook is unblocked, I am able to get to the login site, I login > to facebook, and my browser just spins, and spins, and spins...., then I > get the connection time out page. My thought is that the content filter is > going down the list of groups, finds me in my test group, and runs that > content filter allowing me to facebook, but then is seeing my ip in the > Private Lan group, which has port 443 to facebook closed? Does this sound > right? Why is the firewall blocking me on a group that has no closed port > rule associated to it? Any thoughts on this would be great. What would my > best way around this issue be? > > Thanks in advance everyone. > > > > James Jalbert > Network Administrator > Eastern Aroostook RSU #39 > Phone: 207-493-4246 > E-Mail: [log in to unmask] > >