Managing the Firewall

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
heyring
Member
Posts: 89
Joined: Wed Mar 11, 2009 8:25 pm
Location: United States Mesa, AZ
Contact:

geneology.com

Postby heyring » Wed Mar 11, 2009 8:32 pm

I find it interested that www.geneology.com is blocked by the "extended use" firewall option.

We are having a Stake Family History fair in our building in a couple of weeks and have had to obtain permission from the Stake Presidency to take the firewall offline for the fair.

It would be nice if we could conduct an event such as this under the protection of the firewall, yet get to the sites that are recognized by the church as valuable family history sites.

User avatar
Mikerowaved
Community Moderators
Posts: 3935
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Wed Mar 11, 2009 8:48 pm

Greetings! Welcome to the forum.

I would strongly suggest having your Stake President consider authorizing your Stake Technology Specialist (STS) to have your firewall rescripted by the Global Service Desk (GSD) to "General Access". This will allow a very similar level of access to the Internet as the Family History Centers. It only takes about 15 minutes and when your event is over, you always have the option of putting it back to "Extended Access" if so desired.

Certainly a much better option than bypassing the firewall completely, even for a short event.
So we can better help you, please edit your Profile to include your general location.

jdlessley
Community Moderators
Posts: 8053
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Mar 11, 2009 9:10 pm

heyring wrote:I find it interested that www.geneology.com is blocked by the "extended use" firewall option.
I am sure by "extended use' you are referring to the LDS Extended Access filtering option for the Cisco ASA 5505. Just to make sure nobody gets confused, the only filtering options for the Cisco ASA 5505 are LDS Restricted Access, LDS Extended Access, and General Access. The first two filtering options are described in the Introduction to Meetinghouse Internet page of the Clerk and Technology Support site. General Access was added to provide filtering closely resembling the capabilities found for family history centers using the Cisco PIX 501.
heyring wrote:We are having a Stake Family History fair in our building in a couple of weeks and have had to obtain permission from the Stake Presidency to take the firewall offline for the fair.
All internet connections must go through the Church managed firewall (see Meeting House Internet Guidelines). This is a Church policy.
heyring wrote:It would be nice if we could conduct an event such as this under the protection of the firewall, yet get to the sites that are recognized by the church as valuable family history sites.
Your stake president decides what level of filtering is to be implemented. It sounds like the General Access level of filtering is what you need.

I would follow Mikerowaved's advise if the need is only temporary.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center?

heyring
Member
Posts: 89
Joined: Wed Mar 11, 2009 8:25 pm
Location: United States Mesa, AZ
Contact:

Stake President - General Access Approval

Postby heyring » Thu Mar 12, 2009 11:37 am

What is the method for informing Salt Lake that our Stake President has approved the use of "general Access" filtering?

User avatar
aebrown
Community Administrator
Posts: 15123
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Thu Mar 12, 2009 12:05 pm

heyring wrote:What is the method for informing Salt Lake that our Stake President has approved the use of "general Access" filtering?


The Stake Technology Specialist calls the Global Service Desk at 866-678-2763. You need to know the IP address of the firewall and a couple of other details so they can verify you are legitimate, and you need to be where the firewall is located.

You'll need to talk to a Level 2 GSD technician. If all goes smoothly, it should only take 15-20 minutes.

techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Postby techgy » Thu Mar 12, 2009 12:07 pm

heyring wrote:What is the method for informing Salt Lake that our Stake President has approved the use of "general Access" filtering?


This would be handled by the STS (Stake Technology Specialist), who would contact the Global Service Desk and ask that the filtering be set to "General Access". Your stake president shouldn't have to do anything other than give the STS the approval.
Have you read the Code of Conduct?

heyring
Member
Posts: 89
Joined: Wed Mar 11, 2009 8:25 pm
Location: United States Mesa, AZ
Contact:

General Access

Postby heyring » Thu Mar 12, 2009 7:04 pm

Thank you for the information. I am going to make sure that our Stake President completely understands the situation and then I will give the 2nd level support folks a jingle.

rgabel-p40
New Member
Posts: 5
Joined: Thu Mar 29, 2007 12:56 pm
Location: USA

Postby rgabel-p40 » Mon Mar 16, 2009 12:34 pm

Has anyone addressed the issue of allowing us to configure the router for port forwarding or worst case ... a DMZ? I would like to have some of computers on the network in the stakecenter not be allowed to be sniffed by others ... my one scenario is having someone in the employment office grabbing some data from the clerk's machine, i.e., financial backup data, MLS cached files, etc.

jdlessley
Community Moderators
Posts: 8053
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Mon Mar 16, 2009 1:02 pm

rgabel wrote:Has anyone addressed the issue of allowing us to configure the router for port forwarding or worst case ... a DMZ? I would like to have some of computers on the network in the stakecenter not be allowed to be sniffed by others ... my one scenario is having someone in the employment office grabbing some data from the clerk's machine, i.e., financial backup data, MLS cached files, etc.
I have not heard (read) of anyone posting anything as you suggest. Accessing a clerk computer from another connected on the same network is unlikely if the computers are not set up for networking.

As far as I can tell the Church has not provided any policy on networking administrative computers. So if you do not set up a network and only use the Church provided firewall as a gateway then the security issue you describe is not a concern.

If you do want to set up a network you can put a locally purchased router between the Church provided firewall and the administrative computers. You can configure that network to function as you desire. Then the Church provided firewall is still only providing the gateway to the internet.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center?

rgabel-p40
New Member
Posts: 5
Joined: Thu Mar 29, 2007 12:56 pm
Location: USA

Postby rgabel-p40 » Mon Mar 16, 2009 1:23 pm

thanks for the info ... i just wanted to tap the church provided firewall as a router rather than buying another piece of hardware ... sounds like restriction on this hardware is where it is headed and will just buy a router to accomplish what I need.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 2 guests