New Internet Filter

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
User avatar
johnshaw
Senior Member
Posts: 2157
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Re: New Internet Filter

Postby johnshaw » Wed Feb 26, 2014 4:42 pm

This is a HUGE FAIL if accurate.... Anyone worth a dime during the last 4-5 years put their clerk computers on static because the dhcp pools were so small with the ASA and PIX firewalls.

I'd say it's a comedy, but really its a tragedy.
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”
― Thomas Paine, Common Sense

drepouille
Senior Member
Posts: 2362
Joined: Sun Jul 01, 2007 5:06 pm
Location: Plattsmouth, NE
Contact:

Re: New Internet Filter

Postby drepouille » Thu Feb 27, 2014 6:33 am

How will this affect all the new Lexmark printers I have set to static IP addresses?
We were required to use static IPs for those printers so new toner could be automatically ordered. I haven't seen that process actually work yet, though.
Dana Repouille, Plattsmouth, Nebraska

russellhltn
Community Administrator
Posts: 28392
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: New Internet Filter

Postby russellhltn » Thu Feb 27, 2014 10:42 am

drepouille wrote:How will this affect all the new Lexmark printers I have set to static IP addresses?

I was under the impression that "they" poll the printers on the internal network, so DNS doesn't affect them. But I would double check to see if DNS is programmed and update if needed.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.

drepouille
Senior Member
Posts: 2362
Joined: Sun Jul 01, 2007 5:06 pm
Location: Plattsmouth, NE
Contact:

Re: New Internet Filter

Postby drepouille » Fri Feb 28, 2014 6:51 am

When I read the OP yesterday, I checked tm.lds.org and found that the 881W firewall in my stake center displayed a red triangle, indicating content filtering was not working. Last night, the stake was audited, and we had to record an exception because the filter indeed was not working.

After the audit, I tried rebooting the firewall, but that didn't fix it. So I called the GSC, and the tech said he would reconfigure all 8 firewalls in my stake to use the new zPath filter. By the time I got home last night, the problem in the stake center had been corrected.

I asked him about all the computers I had set to use static IP addresses as well as static DNS IP addresses. He said I could use static IP addresses as long as I set the DNS to dynamic IP. I told him that all the computers in my stake are still running Windows XP, so I didn't have that option.

My only choices are to change the static DNS IP addresses in every computer in the stake, or to change them all to use dynamic IP addresses for everything. Since the 881W has larger dynamic IP address pools than the PIX or the ASA, I think it may be safe to change all the computers back to full dynamic IP addresses. Only the new printers need to be set to static IP addresses.

During our last stake conference in August 2013, the firewall connections peaked at 157 during the Sunday general session. It seemed like the 881W handled that load pretty well.
Dana Repouille, Plattsmouth, Nebraska

User avatar
johnshaw
Senior Member
Posts: 2157
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Re: New Internet Filter

Postby johnshaw » Fri Feb 28, 2014 9:22 am

Should be a Policy set at CHQ. I agree with the fact that DHCP is likely not needed anymore because we can just add more USER scopes.

Not a preference for me... we'll need to have and manage static ip's when the new Media Servers arrive at our meetinghouses. Seems like we need some strategy...
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”

― Thomas Paine, Common Sense

lajackson
Community Moderators
Posts: 9408
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Re: New Internet Filter

Postby lajackson » Fri Feb 28, 2014 9:27 am

drepouille wrote:Last night, the stake was audited, and we had to record an exception because the filter indeed was not working.

We passed the filter test, and then could not get to the Church Audit site to enter the audit. The site was blocked by the new firewall. Haven't figured that one out just yet. We used a workaround while trying to figure out what was really happening.

eblood66
Senior Member
Posts: 3376
Joined: Mon Sep 24, 2007 8:17 am
Location: Cumming, GA, USA

Re: New Internet Filter

Postby eblood66 » Fri Feb 28, 2014 10:11 am

johnshaw wrote:Should be a Policy set at CHQ. I agree with the fact that DHCP is likely not needed anymore because we can just add more USER scopes.

Not a preference for me... we'll need to have and manage static ip's when the new Media Servers arrive at our meetinghouses. Seems like we need some strategy...

I don't know what your Media Servers are running but most newer operating systems should allow you to set a static IP but get the DNS servers from DHCP.

russellhltn
Community Administrator
Posts: 28392
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: New Internet Filter

Postby russellhltn » Fri Feb 28, 2014 10:27 am

eblood66 wrote:I don't know what your Media Servers are running but most newer operating systems should allow you to set a static IP but get the DNS servers from DHCP.

I can't see how to do that with Windows 7. If you select static IP, the DNS switches to static and the choice grays out. I don't see a way around it. At least on the client side. If I could make static assignments on the DHCP, then I could do it.

Fortunately, I think the only reason to do static now is because you need to reach the computer. So unless the clerk computers are being used as a server in some capacity (probably not a good idea), they can be switched to dynamic.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.

eblood66
Senior Member
Posts: 3376
Joined: Mon Sep 24, 2007 8:17 am
Location: Cumming, GA, USA

Re: New Internet Filter

Postby eblood66 » Fri Feb 28, 2014 10:37 am

russellhltn wrote:
eblood66 wrote:I don't know what your Media Servers are running but most newer operating systems should allow you to set a static IP but get the DNS servers from DHCP.

I can't see how to do that with Windows 7. If you select static IP, the DNS switches to static and the choice grays out. I don't see a way around it. At least on the client side. If I could make static assignments on the DHCP, then I could do it.

You're right. I had seen that someone had said it was possible on Windows 7 and I looked at the configuration screen and there were independent radio buttons and assumed that it was true. I didn't try it out. It looks like you can use static DNS with dynamic IP but not the other way around.

User avatar
johnshaw
Senior Member
Posts: 2157
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Re: New Internet Filter

Postby johnshaw » Fri Feb 28, 2014 2:34 pm

Confirmed Windows 8 and 8.1 the case is the same
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”

― Thomas Paine, Common Sense


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 2 guests