+ Post New Thread
Results 1 to 12 of 12
CLEO Thread, CLEO blocking inter-school access in Regional Broadband Consortiums (RBC); Just had a Schools Portal missive that CLEO are going to implement the inter-school traffic blocking that they'd mentioned before ...
  1. #1

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,829
    Thank Post
    1,476
    Thanked 595 Times in 446 Posts
    Rep Power
    170

    CLEO blocking inter-school access

    Just had a Schools Portal missive that CLEO are going to implement the inter-school traffic blocking that they'd mentioned before unless signed requests from both schools.

    It would have affected me with my web helpdesk but I moved it to an external server so its available from both schools and home.

    regards

    Simon

  2. Thanks to SimpleSi from:

    buzzard (14th September 2010)

  3. #2
    buzzard's Avatar
    Join Date
    May 2006
    Location
    North West
    Posts
    311
    Thank Post
    106
    Thanked 28 Times in 24 Posts
    Rep Power
    25
    Any idea when this is happening? I go between about 30 CLEO IP ranges, noone ever remembers to tell me these things!

    Cheers

  4. #3
    Cache's Avatar
    Join Date
    Apr 2008
    Location
    Cumbria
    Posts
    1,283
    Thank Post
    477
    Thanked 188 Times in 182 Posts
    Blog Entries
    3
    Rep Power
    67
    The document I got through, assuming SimpleSi got the same one, says that Cumbria are going to have the changes applied starting from October and the date for Lancashire has yet to be finalised but is expected to be completed over the Autumn term.

  5. #4

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,422
    Thank Post
    1,531
    Thanked 1,066 Times in 931 Posts
    Rep Power
    305
    This link may help - Broadband : Secure ACL's

  6. #5


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,701
    Thank Post
    352
    Thanked 805 Times in 720 Posts
    Rep Power
    348
    It makes good sense for them to do this as at the moment (depending upon what ports/protocols are allowed) it could be possible to spread malicious files between sites 'behind' the firewall. (NOT SAYING IT IS!!)

    Back in my school days we were fortunate that our RBC blocked all site-site traffic on the router acls unless a specific agreement had been reached between schools (and signed off to the effect).

    For those of you who do have arrangements in multiple schools I can appreciate this will be a headache, it might be worth asking whether you can have a VPN account that grants you access to schools which have signed off on it so you still retain the freedom necessary to function.

    Good luck to those this affects and a pat on the back for CLEO taking local network security seriously.

  7. #6
    Arcath's Avatar
    Join Date
    Feb 2009
    Location
    Lancashire
    Posts
    980
    Thank Post
    103
    Thanked 117 Times in 102 Posts
    Rep Power
    74
    its gonna be a PITA, now instead of taking 5 minutes in another school to reset a teachers password at another school by remote accessing in im going to have to find time in my timetable to go to the other school ASAP and do 5 minutes work.

  8. #7


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,701
    Thank Post
    352
    Thanked 805 Times in 720 Posts
    Rep Power
    348
    Do CLEO not provide SGD? You could have an SGD account set up to publish rules to each of your supported school servers and use that internally & externally to get where you're after.

  9. #8

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,342
    Thank Post
    676
    Thanked 2,271 Times in 1,047 Posts
    Blog Entries
    23
    Rep Power
    673
    It's not just that. There are schools with shared support, intranets and other comms going on. To simply cut them off with little notice would cause a large level of disruption I think.

  10. #9
    ticker's Avatar
    Join Date
    Mar 2006
    Location
    Waterfoot, Rossendale
    Posts
    308
    Thank Post
    70
    Thanked 26 Times in 20 Posts
    Rep Power
    22
    it was talked about at the last school tech meeting

    School Technician Meetings | The Westfield Centre

  11. #10
    buzzard's Avatar
    Join Date
    May 2006
    Location
    North West
    Posts
    311
    Thank Post
    106
    Thanked 28 Times in 24 Posts
    Rep Power
    25
    Not good when you're using it to replicate AD traffic! Try getting AD ports opened through the firewall team!

  12. #11

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,829
    Thank Post
    1,476
    Thanked 595 Times in 446 Posts
    Rep Power
    170
    Try getting AD ports opened through the firewall team!
    AFAIK there should be no problem in getting any ports opened (as long as you are using them)

    The intention was to stop the complete lack of any barriers - having a lot of ports open between some schools would still be a vast improvement.

    You are probably just coming up against the standard "the answer is no - what was the question?" mentality of the collective

    As long as you've got both headteachers great-grandparents signatures in triplicate the drones will have to comply

    regards

    Simon

  13. #12

    Join Date
    Mar 2009
    Posts
    6
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by buzzard View Post
    Not good when you're using it to replicate AD traffic! Try getting AD ports opened through the firewall team!
    SecureACL exceptions for internal CLEO traffic are implemented by CLEO/LUNS and not at a county level, assuming you are talking about the Lancs firewall team. There should not be a problem opening AD ports between two sites which have a reciprocal agreement.



SHARE:
+ Post New Thread

Similar Threads

  1. Outlook Web Access Via CLEO
    By john in forum CLEO
    Replies: 6
    Last Post: 6th January 2009, 10:48 AM
  2. Lancsngfl Webmail and CLEO Remote Access Down?
    By newdawnfades in forum CLEO
    Replies: 9
    Last Post: 31st December 2008, 05:33 PM
  3. Blocking Internet Access
    By jcollings in forum How do you do....it?
    Replies: 29
    Last Post: 24th January 2008, 10:24 AM
  4. CLEO blocking sendmail in PHP?
    By woody in forum Web Development
    Replies: 11
    Last Post: 20th October 2006, 09:28 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •