dtaylor26 wrote:Disclaimer: I didn't read every detail of the previous 8 pages of forum posts, so this might conflict with what has been said there.
However, on 1/31/09 I was getting the firewall set up at our stake center. As I spoke with the GSD (it's necessary to call them to get your firewall working), I asked what the procedure was if we find there's a site we want to access. The kind young man on the phone indicated that all that was needed was for me, with Stake President approval, to contact the GSD and the site could be authorized through the firewall local to the building. I THEN asked, "So, is the site access rule script based on a master script that gets uploaded to each firewall, then tweaked by the GSD and reloaded as needed?" The answer was yes.
That last statement is basically correct, but it gives the impression that once the script has been uploaded, the list of allowed sites is only changed by the GSD reloading or updating the script for that particular firewall. I don't think that's the whole story, since we know that it is possible for Websense to change the categorization of a site, which can make that site accessible for all firewalls on a particular filtering access level. I doubt that a change to Websense categories (which happens every day) requires a modification of the script on every firewall, but rather that part of the filtering script accesses some Websense server for category information.
It is indeed helpful to know that the GSD can program individual exceptions. That might be the most expedient solution for certain sites, and I appreciate your taking the time to post this information.
But changing the categorization of a site at Websense, or having the GSD change the default script to allow or disallow whole categories, will benefit hundreds or thousands of installations. Having the GSD fix one firewall only helps one installation. So where there are obvious sites that should be allowed or disallowed for all installations using a particular filtering level, it would be helpful to the larger community if people would work through the more general solution, even though it may be a bit more work.