+ Post New Thread
Results 1 to 12 of 12
CLEO Thread, CLEO blocking inter-school access in Regional Broadband Consortiums (RBC); Just had a Schools Portal missive that CLEO are going to implement the inter-school traffic blocking that they'd mentioned before ...
  1. #1

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,720
    Thank Post
    1,451
    Thanked 580 Times in 434 Posts
    Rep Power
    165

    CLEO blocking inter-school access

    Just had a Schools Portal missive that CLEO are going to implement the inter-school traffic blocking that they'd mentioned before unless signed requests from both schools.

    It would have affected me with my web helpdesk but I moved it to an external server so its available from both schools and home.

    regards

    Simon

  2. Thanks to SimpleSi from:

    buzzard (14th September 2010)

  3. #2
    buzzard's Avatar
    Join Date
    May 2006
    Location
    North West
    Posts
    291
    Thank Post
    99
    Thanked 27 Times in 23 Posts
    Rep Power
    24
    Any idea when this is happening? I go between about 30 CLEO IP ranges, noone ever remembers to tell me these things!

    Cheers

  4. #3
    Cache's Avatar
    Join Date
    Apr 2008
    Location
    Cumbria
    Posts
    1,116
    Thank Post
    414
    Thanked 149 Times in 147 Posts
    Blog Entries
    3
    Rep Power
    59
    The document I got through, assuming SimpleSi got the same one, says that Cumbria are going to have the changes applied starting from October and the date for Lancashire has yet to be finalised but is expected to be completed over the Autumn term.

  5. #4

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,439
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    This link may help - Broadband : Secure ACL's

  6. #5


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,657
    Thank Post
    350
    Thanked 789 Times in 710 Posts
    Rep Power
    344
    It makes good sense for them to do this as at the moment (depending upon what ports/protocols are allowed) it could be possible to spread malicious files between sites 'behind' the firewall. (NOT SAYING IT IS!!)

    Back in my school days we were fortunate that our RBC blocked all site-site traffic on the router acls unless a specific agreement had been reached between schools (and signed off to the effect).

    For those of you who do have arrangements in multiple schools I can appreciate this will be a headache, it might be worth asking whether you can have a VPN account that grants you access to schools which have signed off on it so you still retain the freedom necessary to function.

    Good luck to those this affects and a pat on the back for CLEO taking local network security seriously.

  7. #6
    Arcath's Avatar
    Join Date
    Feb 2009
    Location
    Lancashire
    Posts
    935
    Thank Post
    99
    Thanked 107 Times in 95 Posts
    Rep Power
    72
    its gonna be a PITA, now instead of taking 5 minutes in another school to reset a teachers password at another school by remote accessing in im going to have to find time in my timetable to go to the other school ASAP and do 5 minutes work.

  8. #7


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,657
    Thank Post
    350
    Thanked 789 Times in 710 Posts
    Rep Power
    344
    Do CLEO not provide SGD? You could have an SGD account set up to publish rules to each of your supported school servers and use that internally & externally to get where you're after.

  9. #8

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,464
    Thank Post
    524
    Thanked 1,993 Times in 932 Posts
    Blog Entries
    23
    Rep Power
    575
    It's not just that. There are schools with shared support, intranets and other comms going on. To simply cut them off with little notice would cause a large level of disruption I think.

  10. #9
    ticker's Avatar
    Join Date
    Mar 2006
    Location
    Waterfoot, Rossendale
    Posts
    283
    Thank Post
    42
    Thanked 13 Times in 12 Posts
    Rep Power
    19
    it was talked about at the last school tech meeting

    School Technician Meetings | The Westfield Centre

  11. #10
    buzzard's Avatar
    Join Date
    May 2006
    Location
    North West
    Posts
    291
    Thank Post
    99
    Thanked 27 Times in 23 Posts
    Rep Power
    24
    Not good when you're using it to replicate AD traffic! Try getting AD ports opened through the firewall team!

  12. #11

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,720
    Thank Post
    1,451
    Thanked 580 Times in 434 Posts
    Rep Power
    165
    Try getting AD ports opened through the firewall team!
    AFAIK there should be no problem in getting any ports opened (as long as you are using them)

    The intention was to stop the complete lack of any barriers - having a lot of ports open between some schools would still be a vast improvement.

    You are probably just coming up against the standard "the answer is no - what was the question?" mentality of the collective

    As long as you've got both headteachers great-grandparents signatures in triplicate the drones will have to comply

    regards

    Simon

  13. #12

    Join Date
    Mar 2009
    Posts
    6
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by buzzard View Post
    Not good when you're using it to replicate AD traffic! Try getting AD ports opened through the firewall team!
    SecureACL exceptions for internal CLEO traffic are implemented by CLEO/LUNS and not at a county level, assuming you are talking about the Lancs firewall team. There should not be a problem opening AD ports between two sites which have a reciprocal agreement.

SHARE:
+ Post New Thread

Similar Threads

  1. Outlook Web Access Via CLEO
    By john in forum CLEO
    Replies: 6
    Last Post: 6th January 2009, 09:48 AM
  2. Lancsngfl Webmail and CLEO Remote Access Down?
    By newdawnfades in forum CLEO
    Replies: 9
    Last Post: 31st December 2008, 04:33 PM
  3. Blocking Internet Access
    By jcollings in forum How do you do....it?
    Replies: 29
    Last Post: 24th January 2008, 09:24 AM
  4. CLEO blocking sendmail in PHP?
    By woody in forum Web Development
    Replies: 11
    Last Post: 20th October 2006, 08:28 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •