SurfControl – Blocking Webmail

Don’t ask me why this is. BUT we have a rule that blocks webmail by category for anyone if the previous rule does not allow them to webmail category sites based on being in a special user group. Note that both these rules apply to the webmail category and ANY protocol. Yet, a lot of HTTPS webmail traffic gets through. So I added one more rule that blocks webmail https specifically. Strangely it works much better at stopping almost all webmail traffic now. Encrypted or not. Even though the category webmial protocol any rule should have been good enough.


Cisco – Fast etherchannel for redundant fiber links

I love Cisco fast etherchannel. Over the Christmas break we turned up a second fiber link between our two buildings here in town. When we built the second building I made sure that there were two six strand fiber pulls each in their own interduct and that inside one large interduct under the ground between the buildings. So bond one pair from each pull and you have a pretty good chance of the link staying up even if they snag the main interduct with a backhoe. Not to mention with dual supervisor cards in the main 4506R we bonded the first gig port from each sup card to make this channel. So basically if a card goes, we stay up. If a gbic burns out we stay up. And if they partially break the fiber in the ground the odds are we stay up. And in the mean time we get the benefit of both fiber links being active. By default it is load balancing by source IP.  Sort of a round robin deal.

Early in 2008 we are going to mount up a wireless bridge and set it up with spanning tree values to stay down unless the entire fiber bonded link is lost. Pretty cool.

Uploaded with Skitch!


APC – AP9612TH and AP9617 in a APC Symmetra UPS

Today I tried to figure out why our Symmetra was not seeing the AP9612TH environmental card that was installed over the Christmas shutdown at work.  I did read a document about what order the cards must be installed based on slot number.  Unfortunately with the cards installed there is no slot numbering visible.  So after a few quick emails with APC/MGE tech support I found out the following.

On our Symmetra one slot is by itself to the left.  The other two are stacked vertically on the right.  This orientation is based on facing the back of the unit where the slots are.  According to support the slot by itself to the left is the third slot, so that makes the top right the first slot.  They also told me thankfully that the symmetra card slots are hot swappable.  Normally on UPS Smart UPS units they are not and you had best power down the unit first before tampering with any smartslot cards.

So, tomorrow we shall see if this works.  I just have to swap the 9617 Management card and the 9612TH environmental card.  After a minute for the management card to reboot I should then be able to see the environmental sensor and setup our temperature and humidity alerts.


SurfControl – Microsoft Domain Groups

If you work in an Enterprise and use Domain user groups in your rule set make sure you schedule the Network Groups Update. Just go into the SurfControl scheduler, add an item and pull down to pick the Network Groups Update. Pick the schedule that best fits your environment.


SurfControl – Rules Checking

Rulescheck.exe is a tool to run through the rules database and ensure all data is valid. Like any database things can become inconsistent with lots of changes. The tool is located in your Program Files\SurfControl\WebFilter folder. Just stop the webfilter service first then run that program. Let it fix any found errors and restart your webfilter service.


SurfControl – Tools say Server Still Running

If you have a need to run a surfcontrol tool like rulescheck.exe it requires you stop the web filter service.  If you stop the service and the tool says it is still running this is an entry stuck in the local sql database.  Here is how you quickly clear it out.  Make sure you stopped the surfcontrol web filter service FIRST.

  1. On the surfcontrol box console, open  the Microsoft SQL Server Management Studio Express console.
  2. Expand the databases tree, expand the SurfControl_WebFilter database
  3. Expand the Tables section and right click on dbo._REGISTERED_SERVER_C table
  4. Choose Open Table
  5.  Right click ALL rows where you see an ID and Server name populated and choose delete.
  6. This table should be empty if the service is stopped.  If it has a listing then it got stuck and any tools will think the service is still running.
  7. Once you clear out the rows close the console and run your desired tool again.