+ Post New Thread
Results 1 to 12 of 12
Internet Related/Filtering/Firewall Thread, Smoothwall and LA filtering in Technical; How do you handle this? Putting Smoothwall in front of LA filtering seems a bit redundant so do you ask ...
  1. #1

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,121
    Thank Post
    403
    Thanked 619 Times in 566 Posts
    Rep Power
    180

    Smoothwall and LA filtering

    How do you handle this? Putting Smoothwall in front of LA filtering seems a bit redundant so do you ask your LA to provide an unfiltered line?

  2. #2
    mb2k01's Avatar
    Join Date
    Jan 2007
    Posts
    1,130
    Thank Post
    189
    Thanked 227 Times in 193 Posts
    Rep Power
    92
    Yep! SWGfL use a completely unfiltered proxy for their SmartCache product, so we essentially requested access to it and filled in a change request etc.
    The way it works with us is that we specified the IP address of the internal proxy (in this case Smoothwall) which is the only IP that has access to the smartcache unfiltered proxy.
    Last edited by mb2k01; 17th February 2010 at 04:50 PM. Reason: More info!

  3. Thanks to mb2k01 from:

    tom_newton (17th February 2010)

  4. #3

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,203
    Thank Post
    372
    Thanked 376 Times in 334 Posts
    Rep Power
    147
    Same here - we removed our ISP filtering and requested a 'clean' connection. All filtering is now governed in-house via the Smoothwall box.

  5. Thanks to Sylv3r from:

    tom_newton (17th February 2010)

  6. #4

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,481
    Thank Post
    297
    Thanked 304 Times in 263 Posts
    Rep Power
    82
    SEGfL provide a filtered and unfiltered proxy. Smoothwall goes through the unfiltered proxy

  7. Thanks to Soulfish from:

    tom_newton (17th February 2010)

  8. #5


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Double bagging filtering certainly is a bit of a pain - doable, but remember you have to block on only one, but unbvlocking can take 2. The "use an unrestricted upstream proxy" method described by the posters above (thanks!) is the best way.

  9. #6
    pwds's Avatar
    Join Date
    Dec 2008
    Location
    Derby
    Posts
    279
    Thank Post
    73
    Thanked 48 Times in 38 Posts
    Rep Power
    20
    We use SW and LA filtering- both here and at the last school I worked at.

    Anyone complains about a student visiting an inappropriate site- point them to the LA and explain that you're already utilising supplementary filtering on top of their "clean" feed.

    Rationale is simple, the LA have legal experts and people who spend all day looking after filtering, we may want to provide more granular control and/or additional capabilities but don't have the resources to match that - nor wish the potential liability of attempting and failing to do so.

  10. #7

    Join Date
    Mar 2008
    Posts
    134
    Thank Post
    9
    Thanked 23 Times in 18 Posts
    Rep Power
    16
    No Broadband consortium/LA will provide a completely unfiltered feed. They will all filter on the IWF (Internet Watch Foundation) List.

    Chilbs

  11. #8


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    @chilbs - that's true of almost any ISP, LA or not.

    As someone who browses a fair bit of.. dubious sites... as part of work, and I also know how to differentiate an IWF block, it happens VERY rarely, and I have never seen a significant overblock (the wikipedia problem wasnt particularly an OB... it caused other issues at ISP level). We are members of the IWF, and as such it is always on in smoothie - you cannot turn it off.

    @pwds - as long as you understand and accept the problems of double bagging - thats all good

  12. #9

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    No LA will want to give you an unfiltered (ie pretty much unfiltered but still including IWF list) without a darn good reason ... I know I don't anymore. It is all too easy to say you are relying on an in-house box without having an idea about what you are doing.

    Don't take this as me slagging of NMs, or filtering products sold directly into schools ... it is more a case of you have to be accountable to someone for all of this and I hear all too often from Heads that it is because the NM/Tech wants it done that way ... without any explanation of how it would be managed, whether it is tied into how the schools manages what the users access and use it to educate them in using the internet safely (see recent OFSTED report on this).

    In my LA we will only accept a signed form by the Head and Chair of Governors if a school wants to take local control ... and we are getting close to that time of year when we send letters out to schools to get a signature from the Head and CoG to say they are aware of their present filtering settings, accept the school's responsibility within this and are in control of it. Some schools will be challenged this year about what they are doing and they will have to justify it. A simple 'because the NM says so' will not cut it anymore ...

    But ... away from my rant at the moment ... down to the nitty gritty of it.

    No matter if you use the LA system, a mixture of LA and in-house or in-house on a clean(-ish) feed there are a few things to do with the management of filtering.

    1 - Make sure you have the full awareness of SMT/SLT about filtering and what changes you are capable of making. Explain the types of categories that are on the filter system and explain which ones are blocked or not blocked ... and this may differ depending on age group, the curriculum, the 'niceness' of the kids and staff ... but get sign off from SMT (ultimately the Head).

    2 - Sort out the process for making changes. Log the change and sort out a system so that the changes are reviewed by someone to cover your back, both on the grounds of safeguarding and on the education side. Remember that the games site you blocked for the history teacher yesterday might be used by the maths department today.

    3 - Don't allow blocking things to be the big thing ... classroom management, educating the kids, making sure they are on task, etc ... these will make big changes to how much abuse of the internet there is.

    A brief guide ... already covered before ... and without the above I don't think you should be asking for a clean feed / more control.

    I'll do the technical post in a second.

  13. 2 Thanks to GrumbleDook:

    Sylv3r (18th February 2010), tom_newton (18th February 2010)

  14. #10

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    The technical / operational side now. This will vary from LA to LA, RBC to RBC, but there are a few things to remember. Tom will correct me on a few of these but this is how I remember it from conversations with Tom and co.

    1 - Where possible make sure you stick your box in routing mode. Using your filter box / firewall to also NAT adds to the complication of things and might also affect access particular services within your RBC (ie those relying on an RBC assigned IP-based session ticket), it may affect aspects of SSO, etc.

    2 - Make sure you have a 'Master' filter and a 'secondary' filter. This means that you always make changes on your master filter first. No exceptions. Make the change and then test. This means that you only blacklist on one filter, but might have to whitelist on both.

    3 - Just because you have to whitelist on the secondary filter it doesn't mean that you have to turn off *all* filtering capabilities on the secondary filter. Only turn off what you really need.

    I hope this helps ...

  15. Thanks to GrumbleDook from:

    tom_newton (18th February 2010)

  16. #11

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,513
    Thank Post
    1,493
    Thanked 1,050 Times in 919 Posts
    Rep Power
    302
    We have our smoothie on the end of the LA filter and the have got it fairly well open and we can tweak it but they still do have restrictions on us but we can do some white list and black lists with them to resolve some issues. Not 100% clean (bar IWF etc) but its probably 75% clean I'd say. Maybe Tom will put it to the test next week...

  17. #12

    Join Date
    Oct 2005
    Location
    Bangkok
    Posts
    235
    Thank Post
    15
    Thanked 32 Times in 23 Posts
    Rep Power
    23
    We have a lea provided websence filter and our on network guardian, we ask the lea to unblock sites like facebook, youtube etc and we then block years 7-11 using our guardian.

    We have disabled most of the built in Smoothwall filters and just have our own that we use.
    Smoothwall gives you the power to use/control the use of sites such as Facebook, we allow Facebook for 6TH form but we have a custom filter than bans swearwords and staff names, you can also block certain facebook group pages using custom filters. I strongly advise searching this forum for Niles youtube thread he shows you how block youtube while allowing certain parts of it. It shows you how to create custom blocks and unblock for a particular site.

    Our Facebook swear filter works by scoring like this

    (facebook |)(99)
    (facebook -)(99)
    (fuck)(2)

SHARE:
+ Post New Thread

Similar Threads

  1. smoothwall filtering problems
    By linkazoid in forum Internet Related/Filtering/Firewall
    Replies: 14
    Last Post: 17th January 2011, 10:51 AM
  2. Filtering !!!!
    By Galway in forum Yorkshire & Humberside Grid for Learning (YHGfL)
    Replies: 5
    Last Post: 27th June 2009, 02:43 PM
  3. Smoothwall Citrix Filtering
    By ICTNUT in forum Internet Related/Filtering/Firewall
    Replies: 10
    Last Post: 13th March 2009, 03:08 PM
  4. eMail filtering?
    By towen in forum Wireless Networks
    Replies: 3
    Last Post: 12th November 2007, 03:03 PM
  5. Goodbye Smoothwall Hello Smoothwall
    By Simcfc73 in forum Wireless Networks
    Replies: 2
    Last Post: 30th June 2006, 06:55 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •