Tech Forum

I've received a email that says that the Internet Filter used by our Cisco 800 series firewalls will be changing this coming week. The new filter appears to be called zPath.

I have no idea what the time table for everyone else is.

russellhltn wrote:I've received a email that says that the Internet Filter used by our Cisco 800 series firewalls will be changing this coming week. The new filter appears to be called zPath.

I have no idea what the time table for everyone else is.

I got the same letter. Although it's good to know, in case anything goes wrong, it doesn't seem like a big deal -- the same basic filtering rules (e.g., YouTube is blocked) are still in place.

It appears headquarters will be updating the way we look-up websites with a different type of Domain Name System (DNS) service by adding features such as phishing protection, and content filtering

aebrown wrote:I got the same letter.

I didn't get a letter, but saw the notification when logged into tm.lds.org.

Mikerowaved wrote:I didn't get a letter, but saw the notification when logged into tm.lds.org.

Did your firewalls get converted already? I don't see a notice in my TM.

From the screen shot of the block page, it appears you can request changes. That's something I don't see with the current block screen.

My notice came via email, although I have no idea if that is because I am the STS or because I am subscribed to Tech messages at my LDS Account. For some reason I usually don't get messages sent to the STS (although I am shown as one), so I suspect the latter.

I did not get anything by logging into tm.

Several stakes, in sunny Florida, notices came via email

russellhltn wrote:I have no idea what the time table for everyone else is.

The email I got said the change "for meetinghouses in your stake" (we're just south of Omaha, NE) would be "between February 10 and February 14, 2014."

I am an STS in Oregon. Our 881W firewall's were updated last week to use the new zPath filtering. One of my buildings is showing that filtering is not working (tm.lds.org -> Usage Statistics tab) so I called GSC to trouble shoot. They told me that there are problems with 'running tests' on the new filtering and that they have a ticket open with engineering to fix it. They checked the 881W in my problem building and said that it was running zPath as expected, even though it shows as failing to have filtering. A restart of the router did not clear the problem.

I did receive the "Meeting House Internet Change" email discussed in this thread, but what is not outlined in the email, and what I didn't realize until speaking with GSC, is that zPath is a DNS based filtering solution. DNS based filtering is easy to subvert unless additional steps are taken to only allow specific DNS server IP Addresses. This next step will be taken with zPath on March 9th, 2014. At that time only these two DNS servers will be permitted - 8.34.34.92, and 8.35.35.92. None of this was outlined in the email but is critical information to anyone who has configured their computers with static IP Addresses; which also means you had to specify your DNS servers.

All of my FHC computers and Clerk computers are configured with static IPs, and will stop talking on the internet if I don't go in and update the DNS server IPs to the new values prior to March 9th, 2014.

This confirms my research. I had a unit Admin computer fail the filter test during their finance audit last week. This was strange since my stake computer passed that audit step. The stake computer uses DHCP while the unit computer uses a static IP.

In looking at the TCP/IP settings of the two machines, I noticed they had different DNS IPs with the stake machine having the two listed in the previous post.

Anyone using static IPs will want to get the DNS changed in the TCP/IP settings. I found that until you do, not only will you get the big “X” for the filter test, but you also can get to gambling.com. So there is NO filtering!