We had quite an ambitious but not unreasonable plan today of switching over our broadband at school to LGfL 2.0 by the end of the day. We nearly managed it, but with several large stumbling blocks.
We started out tackling our admin network, as they only have 13 computers and a server. This was working quite well until we realised that users could browse the internet but couldn’t access any services from the server (such as shared documents and databases etc.). Not good. This is because LGfL 2.0 does web filtering by requiring each computer to use a given external DNS rather than a local one, or something like 126.96.36.199 from Google. If you set the external DNS first, then you can’t see the server; if you set the internal DNS first, then you can’t see the Internet. Aaarrrghhhh!
After several fraught conversations with Atomwide we eventually got it to work by getting the server’s DNS to forward external requests to the external DNS. We had tried this previously, but we only got it to work by completely rebuilding the DNS.
After doing a second sweep of the Admin computers to check they worked properly, we moved onto the Curriculum network. At first, this seemed pretty straightforward as the old proxy server could be turned off on the PCs with a judicial tweak of the Group Policies and the Macs could be adjusted by pushing out the following commands using Apple Remote Desktop:
networksetup -setwebproxystate Ethernet off
networksetup -setsecurewebproxystate Ethernet off
Bargain. Changing the DNS settings on the server seemed to be a little more straightforward and soon the Internet was up and running successfully.
Sophos on OSX proved a little more tricky to fix, as I couldn’t convince it to change its preferences with Workgroup Manager. Instead I had to log onto each machine and put in the new update URL, which is now as follows:
The next big problem then struck, in that the Internet connection was flaking out. It would sometimes connect, but would then timeout repeatedly. We tracked down the problem to the fact that both the Curriculum and Admin networks were plugged in at the same time (not unreasonable!). We’re still awaiting a fix on this from Atomwide, so in the meantime we’ve switched the Curriculum back to our old provider.