General Information

Schools and Programs

Adult & Continuing Education

Office of Technology
  -Email Gateway

Student Resources

Parent Resources

Educator Resources
  -Calendar

Job Opportunities

Projects & Collaborations
  -Grants
  -International Bridges

Here is a basic primer on school internet filtering:

  • New York City Public Schools get internet access through a Board of Ed initiative called Project Connect.
  • Most of the funding for this initiative comes from a Federal program called the Universal Service Fund (also called E-Rate).
  • Congress passed a law called the Childrens Internet Protection Act (CIPA) that requires schools who recieve Federal funding for internet access to use filtering software.
  • Project Connect elected to use a software package that was originally called I-Gear but is now known as Symantec Web Security (SWS).
  • To find out what the settings are at any BOE computer, go to http://proxy:8002/ShowSettings
    (you may also have to turn off the proxy settings for this to work)

**********************************************************
Some errors people make
**********************************************************

- typing "http://proxy port 8002" instead of "proxy port 8002"

- using "proxy.nycboe.org port 8002" (guaranteed slow service)

- typing "http://proxy.nycboe.org/proxy.pac port 8002" as your http proxy

- setting all protocols to be proxied (i.e ftp:proxy port 8002)

- checking the box that says "use web proxy for all"

- using a username/password for the proxy

**********************************************************
automatic configuration script
**********************************************************

The easiest way to set up proxy settings is to use an automatic configuration script. This will only work if you have a browser that has a box for an auto config script. This almost always works on Windows machinces with Explorer. Other browsers and platforms are more likely to need manual proxy settings. You should type the following into that box:

http://proxy.nycboe.org/proxy.pac

The auto config script tells your computer to

1) bypass the proxy for ftp

2) bypass the proxy for BOE servers (speeds up loading of boe home page)

3) to use proxy:8002 (or proxy.nycboe.org:8002 as a backup) for everything else

IMPORTANT: if your computer does not find "proxy" it will use "proxy.nycboe.org" and you will have a very slow connection. "proxy" is the MDF in your building and it handles you and no one else. "proxy.nycboe.org" is a citywide backup and is used by lots of people. Go to the command prompt on a PC and type "ping proxy". If you don't get a response, you should NOT use the auto config script option.

**********************************************************
manual proxy
**********************************************************

You should use a manual proxy setting if

- your browser does not have a space to enter an auto config script

- you cannot ping "proxy"

- things aren't working the way you expect them to

- you want better control of your network

- you don't want students to get ftp files

If you are going to use manual proxy settings, you can at times get away with using "proxy port 8002", but you might as well go by IP address. To get the IP address of your proxy server, go to the following URL, select district 78 and then your school. You need the IP address of your server (it will start with "10." and end with ".100")

http://www.nycenet.edu/project_connect/integration/revised/school_data.htm

You then set your browser to use manual proxies as follows:

http (AKA web proxy): 10.xx.xx.100 port:8002

https (AKA secure AKA SSL): 10.xx.xx.100 port:8002

except you use your IP instead of 10.xx.xx.100

Do not use any proxy for ftp, gopher and socks.

Some school experience a very slow connection when using the internet. This is often due to using "proxy.nycboe.org" as the proxy server. DO NOT USE THAT SERVER. It is a citywide backup that is both overloaded AND set to be highly restrictive.

**********************************************************
Everything except DOE email works
**********************************************************

You need to proxy the HTTPS protocol (AKA secure SSL). Do NOT proxy the FTP protocol. Setting ftp to be proxied will prevent it from working. HTTPS is required for DOE webmail to work. Some browsers allow you to click a handy box to proxy all protocols. This is bad, go to the advanced protocols and set only HTTP and HTTPS to be proxied.

If the above does not resolve the issue, make certain that you do not have a manual DNS server entry in your network preferences. Using a non-DOE DNS server will give your computer the wrong IP address for Outlook webmail and you will be unable to connect to the server.

**********************************************************
VLAN 2 (Administrative Computers)
**********************************************************

VLAN 2 computers, which are in administrative offices, have unfiltered internet access. They should use "adminproxy.nycboe.org", port 8002. They are supposed to be unfiltered, and therefore ONLY administrative computers should be on VLAN 2.

(How do you know if a computer is on vlan 2? Look up the network settings, if the "subnet mask" is 255.255.255.128, the computer is on VLAN 2).

**********************************************************
Macintosh issues
**********************************************************

Software Update uses port 80 (HTTP). In order for it to work, you not only have to set the proxy in your browser, but also in the Internet Control Panel.

**********************************************************
Filtering issues
**********************************************************

If you can't get to web pages because they are blocked by SWS,

please email obilanow@nycboe.net with

1) What page you are trying to go to

2) what error you get (i.e. Error: Home Directory)

3) what your school name and ATS code are (i.e. Repertory School, 79M531)

**********************************************************
SWS Errors
**********************************************************

1) "Error: Internal proxy error. Unable to scan file due to disk full or other disk device error."

If you have this problem, we will schedule Project Connect to fix it by upgrading your software. The problem is that websites are starting to stream media on port 80 and that stream is overloading the filter. The software update prevents the filter from filtering vieo streams as if they were text.

2) When trying to download a large file, it will appear that nothing is happening. When the browser finally responds after up to several minutes, the download takes mere seconds. This is due to the proxy server downloading the entire file to the cache before sending it to your browser. There is no current fix for this other than patience. When the DOE upgrades to a newer version of Symantec, a solution will become available. More information is here: http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2002020516555054