zag (6th May 2014)
ibpalle and I were working on should be released later this year. It won't address all of these points but it's a stepping stone towards it. Sometimes you have to change the fundamentals before you can make it pretty and we're working hard on getting the functionality there.
It would really help if you could take the time to pop your feedback into our UserVoice page as this is used by our product managers to build project scopes and user stories that our UI designer will use to build a user-friendly UI
Reporting: Hot (54 ideas)
zag (6th May 2014)
I tend to post on the Smoothwall direct support forum with lesser queries without much urgency (It is after all sponsored by Smoothwall..), I am a team of one at the school and rarely have time to spend on the phone with trivial issues and it's easier to post a quick forum post (with maybe input from other users not just Smoothwall), however the times that I have had urgency and logged / called Smoothwall the service has been excellent so that's not really the complaint.
Simple things like the firewall issue, shouldn't really be a problem but it was the interface that caused confusion - I understand what I needed to do and I just get frustrated when it doesn't work, the online documentation didn't give any examples just an explanation of each function.
After getting the outgoing ports thing sorted, the layer 7 app kindve works (It's stopping orbot / tor now) but other VPN traffic sails through without a problem - so I guess I'm going to have to be heavy handed and drop all ports except 80 and 443.
What are other manufacturers doing about application level filtering ?
I will pass your feedback re: the manual on to our new Technical Author as I know we are looking at the manual as a long term ongoing project so user feedback in addition to the observations of @ibpalle, me and the support team is always helpful. Don't be afraid to pop it onto uservoice either - anything related to the product is helpful. Personally I'm campaigning for popup helplets like you see on those insurance comparison websites but that's just one suggestion amongst many.
So there's really nothing that can be done about private/personal VPNs ? Its running rampant here and it's getting frustrating - I may as well not bother with filtering Latest apps are vpnexpress and onavo
Last edited by caffrey; 8th May 2014 at 12:52 PM.
Can you not block the applications from running? Do you use Impero or such like classroom management software?
It's BYOD and iPads, the school owned ones are MDM managed so that's not the problem - It's mainly the BYOD devices, Smoothwall on the main domain works great.
I can't even see the traffic on the realtime firewall logs
Software like VPNexpress won't go through the proxy anyway because it uses higher port ranges so blocking VPN applications is literally down to firewall and if you have any ports open for the subnet they're coming from then you start getting issues. I'd suggest your best course of action would be to subnet the LAN the pupils are using and lock down every single outgoing port. If this isn't feasible due to things like 'Skype' being required then I'm not sure what else to suggest. Under the 'Blocked services' in your default and applied port rules is 'VPN/Tunneling' ticked?
Sounds like I'm basically going to have to rely on the AUP for security for BYOD, everything else is managed and secure (domain network etc.) so I've no concerns, the wifi traffic is on a "guest" IP range and has no authentication (yet) so I could effectively shut down all the ports (1-65535) and see what happens ;p but it seems like it's going to be cat and mouse. It's much more of a safeguarding issue than a security issue (and I don't like hearing from 3rd parties that the students are boasting that they can get by the filter ;p)
There are currently 2 users browsing this thread. (0 members and 2 guests)