Page 1 of 1

MLS requiring 881 firewalls

Posted: Thu May 31, 2012 4:57 am
by bowerm
Hi, folks. If this has been discussed elsewhere, please let me know.

I was told a few weeks ago that an upcoming MLS release will require the newer Cisco 881 Firewalls.

I talked to Global Services last Friday and they didn't know anything about this. They then talked MLS technical support about it and the MLS folks didn't know anything about it either.

Can anyone here confirm or deny what I was told?


Michael Bower
Ashburn Virginia Stake

Posted: Thu May 31, 2012 5:29 am
by johnshaw
I might help to know who told you this information?

Re: MLS requiring 881 firewalls

Posted: Thu May 31, 2012 5:33 am
by bowerm
This was from my FMG:

"The FMs were told about MLS and the firewall at a regional meeting last month from the head of the IT department."

He has given me the new firewalls and I will install them. But if this is not required by MLS, then I have a bigger time window to get them installed.

Posted: Thu May 31, 2012 8:25 am
by aebrown
bowerm wrote:But if this is not required by MLS, then I have a bigger time window to get them installed.

It's tough to believe that MLS would have a dependency on a particular firewall. In any case, the Meetinghouse Technology folks are a lot more relaxed about the upgrade to the 881w; they're saying it needs to happen, but not right away. In the Legacy meetinghouse firewalls article it says:
If you have an older meetinghouse firewall, you should contact your FM group to budget for and schedule their replacement with the current meetinghouse firewall offering during the latter half of 2012 or early 2013. Upgraded firewalls will support new local administration capabilities being deployed near the end of 2012.
So although "early 2013" is a bit vague, it sounds to me like we should have at least until then before there would be any problems using an older firewall. I suppose it's conceivable that these new administration capabilities might interact with MLS, but we have many months before that issue becomes at all urgent.

Posted: Thu May 31, 2012 10:27 am
by russellhltn
I wonder if what was actually communicated is that MLS must be on the church network to send/receive. The 881W simply being a shorthand for that.. I seem to remember that did come up in a conversation with a church employee. The idea being that anyone who bypassed their firewall (or tried to run MLS from home) wouldn't be able to work. I don't remember any timeline for the install.

Posted: Thu May 31, 2012 10:54 am
by johnshaw
I've had 'conversations' also and the messages that seem to filter into FM are mixed. It is not getting transmitted the same, to the different regions. I read messages on this board that clearly indicate understanding is not the same everywhere, or else there is some disparity between the FM groups. I can imagine FM taking care of areas of the church that have had rapid growth over the last 5-10 years not needing to do as many high-dollar projects as an area like mine where there are large projects every year just to keep our old buildings and parking lots presentable to the general public.

It seems there should be some kind of actual Policy implemented, this information is understood differently by different groups, it is demonstrable on this board with a few clicks: Here is an example of the confusion:

  • Do I replace all meetinghouse firewalls with the new Cisco 881W
  • Do I implement a wireless network using the Cisco 1041N in all meetinghouses
  • Do I wire ethernet ports to all spots in the building with permanent computers or needs identified by ecclesiastical leaders

We have speculated in our stake that some FM see this as an 'unfunded mandate' I don't quite understand that if this is a direction we are going, why there isn't a $ value assigned to each meetinghouse that can be drawn from to implement these items, rather than identify a need, put it in a budget and get it a year or two later.

I sort-of see this like the lesson scheduler application that came out. The developers stated one of their goals was to implement it in such a manner that if individual wards wanted to roll it out, regardless of what the Stake is doing, they could. It seems to me that if a stake wants to roll out technology, their FM group shouldn't be the reason it isn't happening (for whatever reason FM isn't actively pursuing the meetinghouse 2011 'soft guidelines' (no budget funds is still a very big reason this isn't done, as far as I know FM can't go justify additional funds for a current year, only for the following year).

I saw the initial proposed budget in our stake for 2013. Not a firewall, or wireless access point in there, not a project to locate our firewall equipment from clerk offices to the attic or a more secure location, nothing about running Ethernet cables.

Posted: Thu May 31, 2012 1:30 pm
by giffordrb
MLS does not require a specific firewall, it only checks and reports if a firewall is present. This is not on any roadmap that I know of either.

Posted: Fri Jun 01, 2012 11:40 am
by bfromm
bowerm wrote:I was told a few weeks ago that an upcoming MLS release will require the newer Cisco 881 Firewalls.

FMs are encouraged to replace older firewalls with 881Ws as soon as possible, but no later than the end of 2013. MLS will continue to function with older, approved meetinghouse firewalls through at least 2013 (according to current plans). So go ahead and install your new 881Ws, but don't feel rushed. MLS is going to keep running just fine behind your current firewall for the foreseeablefuture!

Posted: Sat Jun 02, 2012 9:29 am
by pete.arnett
It appears that the message in the field may have been simplified

Cicso 881W firewalls need to be deployed, it appears that this has been requested to be completed very soon so that changes in LDSAccess and other network management can take place (etc.)and that older Cisco 501 Pix and ASA firewalls that fail are only being replaced with 881W

Clerk's MLS desktops - they need to be upgraded because it appears that some departments are planning to roll out new local unit computer software in 2013 and it is rumored that the new software will not run on computers manufactured prior to 2007

Listen to the broadcast by product manager Brian Fromm about Clerk computers on 01Jun2012, he mentions about upgrades