Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,186

    Default

    You're worried about teen boys? I have one... my daughter is worse.

    And because Untangle finds all the normal stuff, she always finds the crazy stuff. And you can faff about on SSL inspector or whatever all you want... They'll find a way anyway.

    SSL is designed to stop what SSL inspector does... which is why I never used it. As time goes on things are going to get harder, not better.

    I catch them via reports, and alerts.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    928

    Default

    1) I misspoke above in that I was talking about SSL Inspector's default configuration while ignoring the default rules. That was misleading. By default, SSL Inspector is configured to inspect all SSL traffic. That's true. But by default, the rules largely subvert that configuration for ease of use, as a starting place for the admin (the number of broken things is limited to the default inspect rules—whew!). The default rules target high profile stuff and ignore everything else. Inspect this and inspect that, and ignore the rest by force of the last default rule. So no, the default rules will not accomplish your goal.
    2) Because rules are evaluated in order, "Inspect All Traffic" effectively ignores every rule below it, including the "Ignore Other Traffic" rule. The developers did this rule order elegantly and instructively. Ignores above, inspects below.
    3) I don't use the YouTube app even on mobile devices for reasons that don't matter here, but my wife does use Facebook apps of some sort and SSL Inspector breaks it/them. She gets her own SSL Inspector policy with the default "Inspect Facebook" rule unchecked and everything works. I wonder if unchecking the default "Inspect YouTube" rule in a policy specific to your son would fix that problem without affecting other scanning.

  3. #13
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    928

    Default

    Quote Originally Posted by sky-knight View Post
    You're worried about teen boys? I have one... my daughter is worse.
    Things have changed, haven't they.

  4. #14
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,186

    Default

    Quote Originally Posted by Sam Graf View Post
    Things have changed, haven't they.
    I don't think so... I think kids have always just been kids. We just ascribe the sexual bits of life to males disproportionately for some reason. You see the same thing in other places as well... Slut shaming is a thing. Meanwhile guys that get some action are treated how?

    Our culture stinks sometimes...
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #15
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    928

    Default

    Quote Originally Posted by sky-knight View Post
    I don't think so... I think kids have always just been kids.
    Could be, but for now we'll just disagree.

    We will agree about unpleasant odors coming from out culture sometimes.

  6. #16
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,306

    Default

    Quote Originally Posted by sky-knight View Post

    SSL is designed to stop what SSL inspector does... which is why I never used it. As time goes on things are going to get harder, not better.
    Sky, I've always thought it curious why others don't point out that if we have the capability to MITM to 'inspect' packets, do we really think the State doesn't without our knowledge? D'oh!
    Jim.Alles likes this.
    Vanguard Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM
    And building #7 didn't kill itself!

  7. #17
    Newbie
    Join Date
    Mar 2020
    Posts
    2

    Default

    Quote Originally Posted by sky-knight View Post
    I don't use SSL inspector at all, Web Filter contains my kids with just SNI on all their devices without messing with certificate chains. I've even got devices flagged with the kids' names, so I can route to policies based on the names in question.

    Got four rules in there in particular... one for each kid that shoves their traffic into the grounded rack... I'll give you one guess as to what that does!
    You mind sharing your rules. I'm just now getting mine setup and will need the Grounding rules sooner than later. ..

  8. #18
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,186

    Default

    Quote Originally Posted by MontanaGuy View Post
    You mind sharing your rules. I'm just now getting mine setup and will need the Grounding rules sooner than later. ..
    It's not that hard, rack named Black Hole, has the firewall module installed... one rule.. block protocol TCP and UDP.

    Have policies for each kid normally disabled up at the top of the policy list that shove traffic into the black hole.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #19
    Newbie
    Join Date
    Mar 2020
    Posts
    2

    Default

    Quote Originally Posted by sky-knight View Post
    It's not that hard, rack named Black Hole, has the firewall module installed... one rule.. block protocol TCP and UDP.

    Have policies for each kid normally disabled up at the top of the policy list that shove traffic into the black hole.
    Thanks a bunch. Still watching videos and some training to better learn the product.

  10. #20
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,186

    Default

    Quote Originally Posted by MontanaGuy View Post
    Thanks a bunch. Still watching videos and some training to better learn the product.
    Careful with the black hole, it'll also stop updates. It's not meant to be in place for a long time, especially around that 2nd Tuesday if the kids are on Windows devices.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2