Just had a Schools Portal missive that CLEO are going to implement the inter-school traffic blocking that they'd mentioned before unless signed requests from both schools.
It would have affected me with my web helpdesk but I moved it to an external server so its available from both schools and home.
regards
Simon
buzzard (14th September 2010)
Any idea when this is happening? I go between about 30 CLEO IP ranges, noone ever remembers to tell me these things!
Cheers
The document I got through, assuming SimpleSi got the same one, says that Cumbria are going to have the changes applied starting from October and the date for Lancashire has yet to be finalised but is expected to be completed over the Autumn term.
This link may help - Broadband : Secure ACL's
It makes good sense for them to do this as at the moment (depending upon what ports/protocols are allowed) it could be possible to spread malicious files between sites 'behind' the firewall. (NOT SAYING IT IS!!)
Back in my school days we were fortunate that our RBC blocked all site-site traffic on the router acls unless a specific agreement had been reached between schools (and signed off to the effect).
For those of you who do have arrangements in multiple schools I can appreciate this will be a headache, it might be worth asking whether you can have a VPN account that grants you access to schools which have signed off on it so you still retain the freedom necessary to function.
Good luck to those this affects and a pat on the back for CLEO taking local network security seriously.
its gonna be a PITA, now instead of taking 5 minutes in another school to reset a teachers password at another school by remote accessing in im going to have to find time in my timetable to go to the other school ASAP and do 5 minutes work.
Do CLEO not provide SGD? You could have an SGD account set up to publish rules to each of your supported school servers and use that internally & externally to get where you're after.
It's not just that. There are schools with shared support, intranets and other comms going on. To simply cut them off with little notice would cause a large level of disruption I think.
it was talked about at the last school tech meeting
School Technician Meetings | The Westfield Centre
Not good when you're using it to replicate AD traffic! Try getting AD ports opened through the firewall team!
AFAIK there should be no problem in getting any ports opened (as long as you are using them)Try getting AD ports opened through the firewall team!
The intention was to stop the complete lack of any barriers - having a lot of ports open between some schools would still be a vast improvement.
You are probably just coming up against the standard "the answer is no - what was the question?" mentality of the collective
As long as you've got both headteachers great-grandparents signatures in triplicate the drones will have to comply
regards
Simon
SecureACL exceptions for internal CLEO traffic are implemented by CLEO/LUNS and not at a county level, assuming you are talking about the Lancs firewall team. There should not be a problem opening AD ports between two sites which have a reciprocal agreement.Originally Posted by buzzard
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
