Page 2 of 3

geneology.com

Posted: Wed Mar 11, 2009 8:32 pm
by heyring
I find it interested that www.geneology.com is blocked by the "extended use" firewall option.

We are having a Stake Family History fair in our building in a couple of weeks and have had to obtain permission from the Stake Presidency to take the firewall offline for the fair.

It would be nice if we could conduct an event such as this under the protection of the firewall, yet get to the sites that are recognized by the church as valuable family history sites.

Posted: Wed Mar 11, 2009 8:48 pm
by Mikerowaved
Greetings! Welcome to the forum.

I would strongly suggest having your Stake President consider authorizing your Stake Technology Specialist (STS) to have your firewall rescripted by the Global Service Desk (GSD) to "General Access". This will allow a very similar level of access to the Internet as the Family History Centers. It only takes about 15 minutes and when your event is over, you always have the option of putting it back to "Extended Access" if so desired.

Certainly a much better option than bypassing the firewall completely, even for a short event.

Posted: Wed Mar 11, 2009 9:10 pm
by jdlessley
heyring wrote:I find it interested that www.geneology.com is blocked by the "extended use" firewall option.
I am sure by "extended use' you are referring to the LDS Extended Access filtering option for the Cisco ASA 5505. Just to make sure nobody gets confused, the only filtering options for the Cisco ASA 5505 are LDS Restricted Access, LDS Extended Access, and General Access. The first two filtering options are described in the Introduction to Meetinghouse Internet page of the Clerk and Technology Support site. General Access was added to provide filtering closely resembling the capabilities found for family history centers using the Cisco PIX 501.
heyring wrote:We are having a Stake Family History fair in our building in a couple of weeks and have had to obtain permission from the Stake Presidency to take the firewall offline for the fair.
All internet connections must go through the Church managed firewall (see Meeting House Internet Guidelines). This is a Church policy.
heyring wrote:It would be nice if we could conduct an event such as this under the protection of the firewall, yet get to the sites that are recognized by the church as valuable family history sites.
Your stake president decides what level of filtering is to be implemented. It sounds like the General Access level of filtering is what you need.

I would follow Mikerowaved's advise if the need is only temporary.

Stake President - General Access Approval

Posted: Thu Mar 12, 2009 11:37 am
by heyring
What is the method for informing Salt Lake that our Stake President has approved the use of "general Access" filtering?

Posted: Thu Mar 12, 2009 12:05 pm
by aebrown
heyring wrote:What is the method for informing Salt Lake that our Stake President has approved the use of "general Access" filtering?


The Stake Technology Specialist calls the Global Service Desk at 866-678-2763. You need to know the IP address of the firewall and a couple of other details so they can verify you are legitimate, and you need to be where the firewall is located.

You'll need to talk to a Level 2 GSD technician. If all goes smoothly, it should only take 15-20 minutes.

Posted: Thu Mar 12, 2009 12:07 pm
by techgy
heyring wrote:What is the method for informing Salt Lake that our Stake President has approved the use of "general Access" filtering?


This would be handled by the STS (Stake Technology Specialist), who would contact the Global Service Desk and ask that the filtering be set to "General Access". Your stake president shouldn't have to do anything other than give the STS the approval.

General Access

Posted: Thu Mar 12, 2009 7:04 pm
by heyring
Thank you for the information. I am going to make sure that our Stake President completely understands the situation and then I will give the 2nd level support folks a jingle.

Posted: Mon Mar 16, 2009 12:34 pm
by rgabel-p40
Has anyone addressed the issue of allowing us to configure the router for port forwarding or worst case ... a DMZ? I would like to have some of computers on the network in the stakecenter not be allowed to be sniffed by others ... my one scenario is having someone in the employment office grabbing some data from the clerk's machine, i.e., financial backup data, MLS cached files, etc.

Posted: Mon Mar 16, 2009 1:02 pm
by jdlessley
rgabel wrote:Has anyone addressed the issue of allowing us to configure the router for port forwarding or worst case ... a DMZ? I would like to have some of computers on the network in the stakecenter not be allowed to be sniffed by others ... my one scenario is having someone in the employment office grabbing some data from the clerk's machine, i.e., financial backup data, MLS cached files, etc.
I have not heard (read) of anyone posting anything as you suggest. Accessing a clerk computer from another connected on the same network is unlikely if the computers are not set up for networking.

As far as I can tell the Church has not provided any policy on networking administrative computers. So if you do not set up a network and only use the Church provided firewall as a gateway then the security issue you describe is not a concern.

If you do want to set up a network you can put a locally purchased router between the Church provided firewall and the administrative computers. You can configure that network to function as you desire. Then the Church provided firewall is still only providing the gateway to the internet.

Posted: Mon Mar 16, 2009 1:23 pm
by rgabel-p40
thanks for the info ... i just wanted to tap the church provided firewall as a router rather than buying another piece of hardware ... sounds like restriction on this hardware is where it is headed and will just buy a router to accomplish what I need.