+ Post New Thread
Page 5 of 14 FirstFirst 123456789 ... LastLast
Results 61 to 75 of 210
Internet Related/Filtering/Firewall Thread, LGfL 2.0 Problems in Technical; Sorry, this was me having a rant but is nothing to do with the lgfl2 content of this thread so ...
  1. #61

    Join Date
    Jan 2007
    Location
    London
    Posts
    10
    Thank Post
    2
    Thanked 4 Times in 4 Posts
    Rep Power
    16
    Sorry, this was me having a rant but is nothing to do with the lgfl2 content of this thread so I shouldn't have posted it. It's been one of those days!
    FYI from this particular site (nothing to do with lgfl), all recursive dns requests from clients are blocked, submission/587 - No chance, IMAP won't work due to DNS being blocked and IMAP closed off at the firewall in any case. The requested port was for some offsite backup software to obtain a license from a central server.

    Anyway, apologies for the slight thread hijack. Back on track!

  2. #62
    maestromasada's Avatar
    Join Date
    Apr 2009
    Posts
    166
    Thank Post
    93
    Thanked 14 Times in 13 Posts
    Rep Power
    12
    Reading this thread makes me feel uncomfortable on my chair. We are migrating to LFfL2.0 over the summer, or at least this is what I hope (the provisional deadline keeps on moving) and though I knew about the ports blocking didn’t know they were that strict.
    I assume that the link for SLG will be operational under LGfL2.0, and that parents will be able to access our data, right???

  3. #63
    budgester's Avatar
    Join Date
    Jan 2006
    Location
    Enfield, Middlesex
    Posts
    485
    Thank Post
    4
    Thanked 37 Times in 30 Posts
    Rep Power
    24
    Well I've uploaded my mips request, first one was refused, after some backwards and forward support conversations, via the LGFL support site. I uploaded a new MIPS request.

    I have it in writing here now, that I can have inbound traffic to port 80 and 443 to multiple servers, i.e. email, vle, library etc.

    I can have IMAP/s and POP3/s ports open for my email server, and they will relay email to my mailserver.

    As usual it seems to be a case of getting the first line monkeys to actually talk to the people that know how the network is going to work rather than deailing with canned responses.

    Outbound traffic who knows what they will block, but I gotta assume most outbound traffic will be fine.

  4. #64

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,479
    Thank Post
    297
    Thanked 304 Times in 263 Posts
    Rep Power
    82
    Thought I'd update the thread and let you all know that we're terminating our LGfL2.0 connection as of this summer. We want to be able to do things that are currently against some of LGfL's security policies, and unfortunately due to some communication issues with LGfL just don't feel it's the service for us.

    To be fair the service hasn't been bad, and Atomwide are fine once you know how things work but we needed greater flexibility without the level of filtering that is currently applied.

  5. #65

    Join Date
    May 2011
    Posts
    28
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    7
    How did you manage this without having to pay £xx000? We don't have the service installed and are still been unable to cancel our contract?

  6. Thanks to esucmn from:

    talksr (20th April 2012)

  7. #66

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,479
    Thank Post
    297
    Thanked 304 Times in 263 Posts
    Rep Power
    82
    Quote Originally Posted by esucmn View Post
    How did you manage this without having to pay £xx000? We don't have the service installed and are still been unable to cancel our contract?
    I've dropped you a PM explaining. Unfortunately I doubt any other schools will be able to use the route we took

  8. #67

    Join Date
    Jan 2007
    Location
    London
    Posts
    10
    Thank Post
    2
    Thanked 4 Times in 4 Posts
    Rep Power
    16
    A quick update:

    School A: Waited three weeks after the system was supposedly 'live' to get a functional connection. I'm not talking about filtering or firewalling, I'm talking about any form of connection to the Internet. I lost count of the number of times I called Atomwide, and the number of promised call-backs that never materialised. I was completely ignored by the contact at Virgin Media.
    Two changes were required to the configuration of the Virgin router. I raised the ticket requesting the first of these on 29th March. It took over 3 weeks to carry out. I have no idea why it should have taken so long. School 'A' now has a working connection but are now starting the fun process of getting their email and other services unblocked.

    School B: Connection was installed 11 April. Onsite head of IT logged a call a few days later over the Easter break regarding services that no longer worked. The school rely on: Filemaker, email (IMAP & SMTP) and an offsite backup service (CrashPlan). The helpdesk keep coming back saying that the changes have been made but they haven't. The ports are still well and truly blocked. This is all outbound not inbound. The school's nominated contact asked the person on the support desk if she could pass the phone over to me and that she was giving me authorisation to talk to them about the problems. They refused so instead we put the phone on speakerphone, I told the head of IT what to ask them and she relayed it to the helpdesk. They could obviously hear what I was originally saying. It's absolutely insane.

  9. Thanks to sramdeen from:

    talksr (25th April 2012)

  10. #68

    Join Date
    Jan 2007
    Location
    London
    Posts
    10
    Thank Post
    2
    Thanked 4 Times in 4 Posts
    Rep Power
    16
    And now for something positive
    I thought it might be useful to list a few common OUTBOUND ports that most schools rely on. Perhaps others could contribute to this list?
    The format is source, destination, protocol, description:

    Source IP(s) Destination IP(s) Port(s) Protocol (TCP/UDP/Both) Description
    Any Any 2195, 2196, 5223 TCP Apple Push Notification (iMessage, app updates, app notifications, etc)
    Any Any 25, 110, 143, 587, 993 TCP Email access via email client e.g Outlook, Apple Mail, Android, iPhone etc


    Other things to think about: Offsite backup, other apps that don't use ports 80 or 443 such as video conferencing, databases etc.

  11. Thanks to sramdeen from:

    talksr (25th April 2012)

  12. #69

    Join Date
    May 2011
    Posts
    28
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    7
    Let me get this straight.... they're blocking OUTBOUND connections??!?

  13. #70

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,479
    Thank Post
    297
    Thanked 304 Times in 263 Posts
    Rep Power
    82
    Quote Originally Posted by esucmn View Post
    Let me get this straight.... they're blocking OUTBOUND connections??!?
    Yes, but will unblock if requested and if it doesn't conflict with their security guidance.

  14. #71

    Join Date
    May 2011
    Posts
    28
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    7
    Oh this just gets worse!

  15. #72

    Join Date
    Jan 2007
    Location
    London
    Posts
    10
    Thank Post
    2
    Thanked 4 Times in 4 Posts
    Rep Power
    16
    Quote Originally Posted by Soulfish View Post
    Yes, but will unblock if requested and if it doesn't conflict with their security guidance.
    What annoys me is that this policy wasn't mentioned to schools in the technical literature that went out before the schools signed the contract. I'm sure most people would have presumed the firewalling policies would have been the same or very similar to Synetrix's.
    They do seem to be unblocking ports as requested but are reluctant to do so when the destination is listed as 'any' rather than to a specific IP address. In most cases limiting access to a range of addresses just isn't viable. Most large scale stuff is delivered via content delivery networks that are forever adding servers in different geographic locations as and when the load changes. For example, It's all well and good to unblock all of 17.0.0.0/8 (Apple) but when Apple use Akamai's CDN then what do you do?
    Same goes for many offsite backup providers. Host names are often round robin'd and are subject to change. I hope they relax this policy as it's causing some pain at the mo.

    Soulfish, do you happen to know or have in writing what their 'security guidance' is? Otherwise it's fairly ambiguous.

  16. Thanks to sramdeen from:

    talksr (27th April 2012)

  17. #73

    Join Date
    May 2011
    Posts
    28
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    7
    Quote Originally Posted by sramdeen View Post
    What annoys me is that this policy wasn't mentioned to schools in the technical literature that went out before the schools signed the contract. I'm sure most people would have presumed the firewalling policies would have been the same or very similar to Synetrix's.
    EXACTLY!! They hoodwinked us into a long contract we cant get out of and that irks me even more than their rediculously impractical policies.

  18. #74

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    8,872
    Thank Post
    589
    Thanked 1,907 Times in 1,320 Posts
    Blog Entries
    19
    Rep Power
    806
    Quote Originally Posted by esucmn View Post
    EXACTLY!! They hoodwinked us into a long contract we cant get out of and that irks me even more than their rediculously impractical policies.
    Claim false advertising... or misleading advertising.

    That should help you get out of a contract... Or get them to change it to what it was supposed to be.

  19. #75

    Join Date
    Feb 2010
    Location
    UK
    Posts
    271
    Thank Post
    177
    Thanked 4 Times in 4 Posts
    Rep Power
    9

    Angry

    Quote Originally Posted by sramdeen View Post
    What annoys me is that this policy wasn't mentioned to schools in the technical literature that went out before the schools signed the contract. I'm sure most people would have presumed the firewalling policies would have been the same or very similar to Synetrix's.
    Too true, and something I feel very strongly about. If this was me personally (say taking out a mobile phone contract), I would have no hesitation in pulling out immediately. I feel tricked, because as you say; these restrictions were never mentioned in the sign up documents. It was only after signing up to a lengthy contract, that we were told.

    Both the head and myself at my school are of the view point that if we experience any negative issues with the new connection other than minor teething issues as to be expected, that have any impact on the current levels of support that the school receives, we will be passing the cost on to LGFL. If they are unprepared to reimburse, we will be only to happy to deduct it from our yearly payments for the service.

    I have read some quite worrying horror stories on this forum so I am not looking forward to the day when we are switched across in any way.

SHARE:
+ Post New Thread
Page 5 of 14 FirstFirst 123456789 ... LastLast

Similar Threads

  1. LGFL South london problems
    By nicholab in forum London Grid for Learning (LGfL)
    Replies: 0
    Last Post: 21st May 2010, 01:51 PM
  2. Intermitent problems with logging on
    By alexknight in forum Wireless Networks
    Replies: 27
    Last Post: 22nd August 2005, 04:01 AM
  3. Problems with Google Earth
    By Dos_Box in forum Educational Software
    Replies: 8
    Last Post: 19th August 2005, 02:32 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •