Short one today. I’ve been having a few issues with phone calls here, so after getting a new circuit and all that the problem didn’t resolve, so i’m thinking it’s our T1 switch. I wanted to make a few notes on how to go about swapping them out.
Step 1 – First set up the switch in ShoreTel Director. You don’t need a new set of trunk groups or anything, just the new switch.
Set your switch up however you normally do, personally I use static IP addresses for my switches and program them through the serial port. Honestly you could set up DHCP reservations in your DHCP server too. You might have to enter the server IP through the console, but when it boots into the server the first time the server actually changes this, so it might not be necessary (I’ve seen it do it on a packet sniffer and yes it kept changing it to the wrong IP).
Step 2 – Make sure the T1 settings are the same on both switches as you are setting up a replacement, and you’ll be hooking the existing T1 into the new switch, not adding any additional capacity. It’s also not a bad idea to check with your phone company on these settings if you can.
You can just set up the first Trunk in the T1 switch and use “Fill Down”. Make sure they are set up on the existing trunk group, again it’s best if you don’t make a new trunk group as you’ll have to re-enter everything.
Step 3 – When you’re ready all you should have to do now is move the T1 from one to the other. I always like to unplug the old switch just to make it show “offline” and not “D-Channel Down” as that can freak out other people getting into the Director.
I like to leave the old settings in place in Director for several days when I do this just to make sure everything is fine. Once you determine the new switch works fine, just delete the old one. That’s really all there is to it.
If you have a Cyberoam appliance you know that you can actually manage content filtering for individuals, specific machines or just about any sort of granular criteria you can think of. So I went about unblocking Facebook for several people around the office so they can use it. When I did my boss told me that he was only able to see text in his Facebook page. I searched the internet for the problem and couldn’t find a decent answer for this. So I fired up the handy packet capture diagnostic tool and found that Facebook uses another domain name for its images in its CSS files. The Cyberoam will filter out the images from fbcdn.net and let the text through from facebook.com, just like it’s supposed to if you have DatingMatrimonials or whatever Facebook is categorized under now blocked.
So to unblock Facebook entirely you need to unblock both facebook.com and fbcdn.net.
How To Setup Blocked and Safe Site Lists In Cyberoam 10
Also just in addition to that bit of information on how I set up my white and black lists in Cyberoam. I’ve done this for the probably dozen of these appliances I’ve set up for people. It makes it much easier to manage. Please keep in mind this is not a default setup.
Step 1 – Determine and implement whatever method you use for individual Authentication. Personally I use the Clientless SSO method.
Step 2 – Open up the Web Filter Section and click on Policies.
Step 3 – Don’t use any of the Cyberoam pre-loaded Web Filtering Policies, make your own new one and use one of theirs as the template. Typically I’ll use the “General Corporate Policy” as the template because it covers most of the basic categories most companies want to filter out.
Step 4 – Hit OK to save the Policy, then click the little Manage icon to the right of it so you can edit the categories.
Step 5 – Add any other categories that are missing, and change any you want to implicitly allow to “Allow” instead of “Deny”. Anything not on the list is going to be allowed by default. For instance one company I set up for wanted Gambling specifically denied, and needed the Weapons category unblocked. My own company needed JobSearch unblocked. I typically will block Cricket just because I think it’s hilarious that Cricket is a category (yes one of my acquaintances at Cyberoam told me why, it’s doubly hilarious).
Step 6 – Go ahead and save your work now and move into the Categories section.
Step 7 – Typically here I will add two categories: “Safe Sites” and “Blocked Sites”. This is a very basic black and white list set up.
Step 8 – Go back and manage your new Policy and add SafeSites to your new Policy as “Allowed All the Time” and BlockedSites as “Denied All the Time”.
Step 9 – You could also add a few more categories like “BlockedUntilNoon” and add schedules to them obviously. For instance you might want Facebook only available from 11:00 until 1:00 or something.
Step 10 – Make sure this new policy is the policy for everyone in your organization that needs this type of content filtering.
Now all you need to do to block a specific site is add it to “BlockedSites” and if you want to explicitly unblock a site, add it to “SafeSites”. My favorite example of this is Budweiser, which is an employer here, needed to be unblocked, but Alcohol is a category blocked by Policy. I added the appropriate sites to the SafeSites category and it was unblocked, but CaptainMorgan.com is still blocked.
You could take this a step further and make a Global Safe Sites and a Global Blocked Sites and then say Accounting Safe Sites and Human Resources Blocked sites. This would get you a bit more control over things, like if HR needs Facebook but Accounting needs it blocked, but they everyone needs MySpace blocked. Then you’d have an “Accounting Policy” and an “HR Policy”.
One other thing I like to do is make a really locked down tight policy and add it to the Firewall Rule #1, which is the “#LAN_WAN_AnyTraffic” rule. The CIPA one is a pretty good one to use for this. Just select that as the default policy. That way anyone who’s not logged in uses that but still has some small amount of internet use.