Frequently Asked Questions Regarding Edge Filtering

When "edge filtering" measures are implemented on April 11, users of some on-campus Windows-based services may need to change configurations or employ new methods to access on-campus servers and workstations from remote locations (e.g., from home or while traveling). On-campus users will not be affected. Links to additional information and documentation for end users, Local Support Providers (LSPs), and system administrators are available from the edge-filtering home page.

General Access Questions | LSP/System Administrator Questions

General Access Questions

• What services will not be available from off-campus as a result of filtering unless appropriate workarounds are implemented?
• Will availability of these services from on-campus be affected?
• What workarounds are recommended for continued access to on-campus Windows services?
• I have a Macintosh that I use at home and while traveling. Will I be affected by filtering?
• I work at New Bolton Center. Will my connections to servers and services located on the main campus be impacted?
• How can I access my Microsoft Exchange server from the laptop I use at work and home?
• I need to access Penn InTouch from my off-campus residence. Will I still be able to do so once Edge Filtering is put into place on April 11th?
• Remote Desktop allows me to work on files from remote locations. However, I work with really large files and would prefer to edit them locally. How can I copy files to my remote machine if I use Remote Desktop Connection?

What services will not be available from off-campus (e.g., from home or while traveling) as a result of filtering unless appropriate workarounds are implemented?
Certain on-campus Windows-based services will no longer be available unless workarounds are implemented. They are

• Access to campus Exchange servers for email and calendaring using Outlook software
• Sharing files on departmental Windows servers or SAMBA servers running on Unix or Macintosh OS
• Sharing drives, directories, files, or printers on an on-campus Windows-based desktop computer

For further information, please see relevant documentation or talk to your LSP.

Will availability of these services from on-campus be affected?
No, these services will be available from on-campus. Note that PennNet-connected offices not physically on the main campus are considered on-campus for filtering purposes. See List of Penn Offices Considered "Remote" from PennNet for more information.

What workarounds are recommended for continued access to on-campus Windows services?

• To access drives, directories, files, or printers on an on-campus Windows desktop computer, the recommended workarounds are Microsoft Remote Desktop Connection or a virtual private network (VPN). Documentation for setting up Remote Desktop Connection for Windows and Macintosh is available. Check with your Local Support Provider to find out whether or not a VPN is an option in your area.
• To access email or calendaring on a campus Exchange server using Outlook 2003, use RPC over HTTP.
• For remote access to a departmental file server, the recommended workaround is a virtual private network (VPN) or FTP. Check with your Local Support Provider for more information.

I have a Macintosh that I use at home and while traveling. Will I be affected by filtering?
You'll be affected only if you use any of the on-campus Windows-based services listed above.

I work at New Bolton Center. Will my connections to servers and services located on the main campus be impacted?
Many of Penn's satellite campuses and offices are directly connected to PennNet. As a result, these locations are considered "on campus" and therefore will not be affected when edge filtering is implemented. For a complete list of on and off campus locations visit List of Penn Offices Considered "Remote" from PennNet.

How can I access my Microsoft Exchange server from the laptop I use at work and home?
For email, configuring your Outlook 2003 client for RPC over HTTP should be fine for both on campus and off. ISC has provided generic instructions for configuring your Outlook client to use RPC over HTTP. Please consult your Local Support Provider if you have questions or are using an email client other than Outlook.

I need to access Penn InTouch and other applications from my off-campus home. Will I still be able to do so once edge filtering is put into place?
The vast majority of University applications and services you use will continue to function normally once edge filtering is put into place on April 11. You can view a comprehensive list of centrally administered applications to determine if the applications you use most often will be affected by edge filtering. While most School or department-hosted services likely will not be affected by filtering, you should check with your Local Support Provider or School/Department IT organization for details regarding local applications and systems.

Remote Desktop allows me to work on files from remote locations. However, I work with really large files and would prefer to edit them locally. How can I copy files to my remote machine if I use Remote Desktop Connection?
You can copy selections from files or the contents of small files by copying and pasting via the Windows clipboard. For large files, the recommended options are file transfer via FTP or use of a virtual private network (VPN). Check with your Local Support Provider to find out what options are available in your area.

LSP and System Administrator Questions

• What type of network traffic is being blocked?
• For which ports will UDP be blocked vs. TCP?
• Are SMB ports being blocked?
• Will outbound traffic for these ports also be blocked?
• I'm serving files from a Windows 2000 server. How do I make the files accessible from off campus?
• What options are available for services for which none of the proposed work-arounds is viable?
• How do I request an IP for the unfiltered subnet?

What type of network traffic is being blocked?
Only Internet traffic from outside PennNet destined for Windows-based services on ports 135, 137, 138, 139, & 445 will be blocked. ["Ports" refers to the ends of logical connections which carry long-term "conversations." For example, an individual computer may be one end of the logical connection to an email server at the other end.]

For which ports will UDP be blocked vs. TCP?
Both UDP and TCP will be blocked for ports 135, 137, 138, 139, & 445.

Are SMB ports being blocked?
Yes. By definition SMB is designed to run on top of the NetBIOS protocol which uses ports 135, 137, 138, 139 & 445.

Will outbound traffic for these ports also be blocked?
No, only inbound traffic will be blocked.

I'm serving files from a Windows 2000 server. How do I make the files accessible from off campus?
You need to install Terminal Services on your server (see installation instructions). Off-campus users can then use Remote Desktop to access the files.

What options are available for services for which none of the proposed workarounds is viable?
ISC will reserve a small block of unfiltered IP addresses which can be assigned to servers unable to be secured in advance of the implementation. These unsecured IPs will be in place for a short period of time during which ISC will work with local system administrators to identify more permanent and secure methods of providing access to their servers. Because servers with these unsecured IP address will be very vulnerable to compromise and will continue to put PennNet at risk, only urgent cases can be considered for unfiltered IP addresses.

How do I request a temporary, unfiltered IP address?
Requests for temporary unfiltered IP addresses must be made by individuals who fulfil an IT function in their organization. For details on how to proceed, please see Unfiltered IP address requests.