Internet Related/Filtering/Firewall Thread, Smoothwall and LA filtering in Technical; How do you handle this? Putting Smoothwall in front of LA filtering seems a bit redundant so do you ask ...
17th February 2010, 04:46 PM #1
Smoothwall and LA filtering
How do you handle this? Putting Smoothwall in front of LA filtering seems a bit redundant so do you ask your LA to provide an unfiltered line?
17th February 2010, 04:48 PM #2
Yep! SWGfL use a completely unfiltered proxy for their SmartCache product, so we essentially requested access to it and filled in a change request etc.
The way it works with us is that we specified the IP address of the internal proxy (in this case Smoothwall) which is the only IP that has access to the smartcache unfiltered proxy.
Last edited by mb2k01; 17th February 2010 at 04:50 PM.
Reason: More info!
Thanks to mb2k01 from:
tom_newton (17th February 2010)
17th February 2010, 05:47 PM #3
Same here - we removed our ISP filtering and requested a 'clean' connection. All filtering is now governed in-house via the Smoothwall box.
Thanks to Sylv3r from:
tom_newton (17th February 2010)
17th February 2010, 05:56 PM #4
SEGfL provide a filtered and unfiltered proxy. Smoothwall goes through the unfiltered proxy
Thanks to Soulfish from:
tom_newton (17th February 2010)
17th February 2010, 06:20 PM #5
Double bagging filtering certainly is a bit of a pain - doable, but remember you have to block on only one, but unbvlocking can take 2. The "use an unrestricted upstream proxy" method described by the posters above (thanks!) is the best way.
17th February 2010, 06:39 PM #6
We use SW and LA filtering- both here and at the last school I worked at.
Anyone complains about a student visiting an inappropriate site- point them to the LA and explain that you're already utilising supplementary filtering on top of their "clean" feed.
Rationale is simple, the LA have legal experts and people who spend all day looking after filtering, we may want to provide more granular control and/or additional capabilities but don't have the resources to match that - nor wish the potential liability of attempting and failing to do so.
17th February 2010, 06:53 PM #7
No Broadband consortium/LA will provide a completely unfiltered feed. They will all filter on the IWF (Internet Watch Foundation) List.
17th February 2010, 07:14 PM #8
@chilbs - that's true of almost any ISP, LA or not.
As someone who browses a fair bit of.. dubious sites... as part of work, and I also know how to differentiate an IWF block, it happens VERY rarely, and I have never seen a significant overblock (the wikipedia problem wasnt particularly an OB... it caused other issues at ISP level). We are members of the IWF, and as such it is always on in smoothie - you cannot turn it off.
@pwds - as long as you understand and accept the problems of double bagging - thats all good
17th February 2010, 07:35 PM #9
No LA will want to give you an unfiltered (ie pretty much unfiltered but still including IWF list) without a darn good reason ... I know I don't anymore. It is all too easy to say you are relying on an in-house box without having an idea about what you are doing.
Don't take this as me slagging of NMs, or filtering products sold directly into schools ... it is more a case of you have to be accountable to someone for all of this and I hear all too often from Heads that it is because the NM/Tech wants it done that way ... without any explanation of how it would be managed, whether it is tied into how the schools manages what the users access and use it to educate them in using the internet safely (see recent OFSTED report on this).
In my LA we will only accept a signed form by the Head and Chair of Governors if a school wants to take local control ... and we are getting close to that time of year when we send letters out to schools to get a signature from the Head and CoG to say they are aware of their present filtering settings, accept the school's responsibility within this and are in control of it. Some schools will be challenged this year about what they are doing and they will have to justify it. A simple 'because the NM says so' will not cut it anymore ...
But ... away from my rant at the moment ... down to the nitty gritty of it.
No matter if you use the LA system, a mixture of LA and in-house or in-house on a clean(-ish) feed there are a few things to do with the management of filtering.
1 - Make sure you have the full awareness of SMT/SLT about filtering and what changes you are capable of making. Explain the types of categories that are on the filter system and explain which ones are blocked or not blocked ... and this may differ depending on age group, the curriculum, the 'niceness' of the kids and staff ... but get sign off from SMT (ultimately the Head).
2 - Sort out the process for making changes. Log the change and sort out a system so that the changes are reviewed by someone to cover your back, both on the grounds of safeguarding and on the education side. Remember that the games site you blocked for the history teacher yesterday might be used by the maths department today.
3 - Don't allow blocking things to be the big thing ... classroom management, educating the kids, making sure they are on task, etc ... these will make big changes to how much abuse of the internet there is.
A brief guide ... already covered before ... and without the above I don't think you should be asking for a clean feed / more control.
I'll do the technical post in a second.
2 Thanks to GrumbleDook:
Sylv3r (18th February 2010), tom_newton (18th February 2010)
17th February 2010, 07:45 PM #10
The technical / operational side now. This will vary from LA to LA, RBC to RBC, but there are a few things to remember. Tom will correct me on a few of these but this is how I remember it from conversations with Tom and co.
1 - Where possible make sure you stick your box in routing mode. Using your filter box / firewall to also NAT adds to the complication of things and might also affect access particular services within your RBC (ie those relying on an RBC assigned IP-based session ticket), it may affect aspects of SSO, etc.
2 - Make sure you have a 'Master' filter and a 'secondary' filter. This means that you always make changes on your master filter first. No exceptions. Make the change and then test. This means that you only blacklist on one filter, but might have to whitelist on both.
3 - Just because you have to whitelist on the secondary filter it doesn't mean that you have to turn off *all* filtering capabilities on the secondary filter. Only turn off what you really need.
I hope this helps ...
Thanks to GrumbleDook from:
tom_newton (18th February 2010)
17th February 2010, 10:49 PM #11
We have our smoothie on the end of the LA filter and the have got it fairly well open and we can tweak it but they still do have restrictions on us but we can do some white list and black lists with them to resolve some issues. Not 100% clean (bar IWF etc) but its probably 75% clean I'd say. Maybe Tom will put it to the test next week...
19th February 2010, 10:26 PM #12
We have a lea provided websence filter and our on network guardian, we ask the lea to unblock sites like facebook, youtube etc and we then block years 7-11 using our guardian.
We have disabled most of the built in Smoothwall filters and just have our own that we use.
Smoothwall gives you the power to use/control the use of sites such as Facebook, we allow Facebook for 6TH form but we have a custom filter than bans swearwords and staff names, you can also block certain facebook group pages using custom filters. I strongly advise searching this forum for Niles youtube thread he shows you how block youtube while allowing certain parts of it. It shows you how to create custom blocks and unblock for a particular site.
Our Facebook swear filter works by scoring like this
By linkazoid in forum Internet Related/Filtering/Firewall
Last Post: 17th January 2011, 10:51 AM
By Galway in forum Yorkshire & Humberside Grid for Learning (YHGfL)
Last Post: 27th June 2009, 02:43 PM
By ICTNUT in forum Internet Related/Filtering/Firewall
Last Post: 13th March 2009, 03:08 PM
By towen in forum Wireless Networks
Last Post: 12th November 2007, 03:03 PM
By Simcfc73 in forum Wireless Networks
Last Post: 30th June 2006, 06:55 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)