Skip to Main Content

Improving Internet Access Following Meetinghouse Firewall Upgrade - Part 1 Twitter Facebook Print E-mail
Written by Sharon HowellI   
Tuesday, 27 January 2015

Because the Internet is a shared resource, last year’s changes to meetinghouse firewall configurations affect everyone who signs in to the meetinghouse network on their Wi-Fi-enabled devices. Becoming better informed about the changes will help you improve the experience for yourself and others.

This begins a two-part article on the new configuration. A second article will cover best practices.

The newest version of the firewall increases data throughput to better utilize the speed of local Internet Service Providers (ISP). The reconfiguration applies to Cisco firewalls furnished by the Church and sets up separate zones using dedicated ports. One zone is for the public network, another for facilities management, and where authorized, a special purpose or reserved zone for Family History Centers (FHC).

This new configuration should enable you to connect your mobile devices more reliably, and many more users will be able to connect simultaneously. While more connections will generally not tax the network, more people are bringing both tablets and smart phones to church and each may consume a connection. Since all users share the same network bandwidth, overall network performance may be reduced when members use their devices to perform Internet-intensive tasks.

The firewall upgrade automatically creates a facilities zone, even if facilities devices do not currently exist in your meetinghouse. This zone has only static IP addresses and is reserved for facility systems like heating/cooling, sprinkler, and alarms systems. The facilities zone is controlled by facilities managers. It is not used for public traffic, so any user-based devices will be moved to the public network.

If your meetinghouse has a Family History Center (FHC), it will be configured in a special purpose zone. If no FHC exists, the reserved firewall port may be used for the public network. The FHC zone has both static and dynamic network addresses, allowing the Family History department to manage FHC computers and printers. For example, monitoring toner usage allows the Church to proactively send replacement printer cartridges. This also gives patrons access and security to use premium websites on the Family History portal and the “Scan to FamilyTree” feature on Lexmark printers.

There is a growing need  for local Church units, according to Todd Cole, a Stake Technology Specialist, to train members on meetinghouse technology and how to use it appropriately with their mobile devices. That will be addressed in Part 2.


 

Comments  

 
# Richard Lee, II Zaleski 2015-02-02 17:28
While our building does not have a formal FHC, the wards have active genealogy classes every Sunday during the 2nd hour. Being able to have a special zone on the WiFi connection configured for genealogy would be of great use. We currently have members bring in hot-spot devices because the building WiFi is overloaded and useless for us due to being extremely slow.
Who do we contact to get a FHC/Genealogy zone setup?
 
 
# John M. Shaw 2015-02-03 09:55
There is a High Councilman that is in charge of Family History and another in charge of facilities, this person, along with the STS should make sure the Stake President is on board, and then work with the FM group to increase your speeds.

If that isn't possible a separate zone is not going to improve anything because the bottleneck is the same connection point.

If the issue is the devices can't get on the WIFI then, that indicates to me, that the firewall's need to be upgraded - and after that is in place, your devices will not have issues getting on the network.
 
 
# Richard Lee, II Zaleski 2015-02-04 00:59
Thank you for the reply. I have discussed the issue with the HC,FM and STS previously and they said they did not know how to fix it. This is why I am looking for help elsewhere.
You may have given me the answer because when we try to connect we get an "invalid address" error, i think?, and cannot connect to the internet. I will advise them to check for a firewall update and hope that is all we need to do.
 
 
# Steve Bentley 2015-02-06 14:15
A great starting point would be for your STS to call the Global Service Center. They can check and possibly reconfigure some router settings remotely based on need.
 
 
# Richard Lee, II Zaleski 2015-02-06 19:23
Excellent suggestion. I know the router settings are not correct per a conversation I had with a past STS. If the GSC can remotely reset it then life can be good again.
 
 
# Larry Autry 2015-02-12 16:25
Quoting Richard Lee, II Zaleski:
Thank you for the reply. I have discussed the issue with the HC,FM and STS previously and they said they did not know how to fix it. This is why I am looking for help elsewhere.
You may have given me the answer because when we try to connect we get an "invalid address" error, i think?, and cannot connect to the internet. I will advise them to check for a firewall update and hope that is all we need to do.

This sounds more like the lack of available IP addresses and not a bottleneck issue. To the end user these may seem inseparable but try to be optimistic for now and wait until the firewall upgrade is complete. If there is still a problem, your Stake president can direct the FM group to increase the bandwidth.
 
 
# Rita Ann Thompson 2016-07-27 11:04
that is what is happening . I teach on Sunday at 9am family history. the computer is too slow. where do I get a hot-spot device?
annt421@gmail.com
 
 
# Mike Goleman 2015-02-11 12:23
I think with more and more people using tablets and phone in classes this is a great idea. Some stakes are not as tech savvy as others what do we do to get them up to speed
 
 
# Robrick Eastwood Smith 2015-02-11 12:33
This is a great idea to separate zones, but it will not address our stake issue since we have TVs mounted on walls in our RS and Primary Rooms and 5 TVs in the Library that all use Google TV to display church videos. Does anyone know if the Public zone is limiting bandwidth so that there is always bandwidth for the critical services? I would sure be nice if there were a zone that local stakes could use for TVs and other critical equipment.
 
 
# Travis Gividen 2015-02-11 12:54
Robrick, internet in meetinghouses is a service provided to meet the needs of the saints and leaders in general. What your FM approves and provides (internet speeds etc) is sufficient as long as everybody is considerate per the available resources. While updates to firewalls are making it easier, said updates are specifically designed and calculated to be universal in all buildings to meet specific needs (FM's, FHD...).

If what you are describing is something new the Church has decided to test in your stake (google TV, televisions mounted on walls), then I would recommend discussing it with your FM who has the final say on internet-related issues. If this is something your stake has done on its own, it is outside of standard and approved practices. In such cases FM's are limited in accommodations they can make.
 
 
# Larry Autry 2015-02-12 16:31
Quoting Robrick Eastwood Smith:
This is a great idea to separate zones, but it will not address our stake issue since we have TVs mounted on walls in our RS and Primary Rooms and 5 TVs in the Library that all use Google TV to display church videos. Does anyone know if the Public zone is limiting bandwidth so that there is always bandwidth for the critical services? I would sure be nice if there were a zone that local stakes could use for TVs and other critical equipment.

This sounds like an unusual building configuration. Most units are lucky to have two LCD TVs, let alone seven. Our stake center has just two LCDs and two old fashioned CRTs. If there is a genuine bandwidth problem, I suggest the bishopric(s) have classes sign up for time slots.
 
 
# Travis Gividen 2015-02-11 12:57
There is a specific zone if a Family History is housed in a meetinghouse. What about those meetinghouses that host weekly seminaries (separate offices and classrooms)? Is there a zone that can be set up for them to meet their specific needs?
 
 
# Larry Autry 2015-02-12 16:33
Quoting Travis Gividen:
There is a specific zone if a Family History is housed in a meetinghouse. What about those meetinghouses that host weekly seminaries (separate offices and classrooms)? Is there a zone that can be set up for them to meet their specific needs?

The zoning has to do with what IP address space is assigned and not bandwidth. FHCs need a 10.x.x.x address for printer monitoring and premium genealogy services.
 
 
# John Smith Humpherys 2015-02-11 16:14
We have 8 wards in our Married Student Stake Building. 4 wards meet in the morning and 4 in afternoon with slight overlap around noon. We were excited when we were upgraded to the new firewall with 990 IP's. However, we never saw improvement. Our highest usage is 367 users, but at about 250 we start having people get bumped off and some can't get on. We have 2 Family History Classes going on at the same time and nobody gets anywhere...everyone is slow. On weekdays we will get a speed up to 27 download, but on Sundays we are lucky to get 4. We have Comcast service. I see comments about settings in the firewall. How do I know if there are settings that can be optimized and what are they? Our FH classes complain each week.
 
 
# Larry Autry 2015-02-12 16:39
Are you certain that the upgrade has taken place? You may want to check with the STS.
By the way, the FHC will have a different address space and will not compete for the 990 addresses. There should never be 254 FHC users. If the connection is slow, it may be bandwidth.
 
 
# Donovan Bone 2015-02-12 10:10
John Humpherys:
A class "C" address is probably what they put you on. It runs out of available addresses at 254. So if you have 367 people wanting on then you see the issue. Either they need to give you a bigger subnet, more IPs, or you need to tell people to turn off their wifi so that others that need the network can use it.

The other issue, the bandwidth, will be solved as more people get off of the wifi and let those that need it be able to do so.

You may look into updating your wifi access points to the newest AC configuration.
 
 
# Robrick Eastwood Smith 2015-02-12 10:37
I hadn't even thought about the fact that it is probably a class C subnet and therefore limited to 254 addresses at best. Updating to the newest AC config probably would help some since it will free up some of these address. Too bad they don't allow us to have a third zone that we can control access to for equipment that we deem critical.
 
 
# Donovan Bone 2015-02-12 11:00
Quoting Robrick Eastwood Smith:
I hadn't even thought about the fact that it is probably a class C subnet and therefore limited to 254 addresses at best. Updating to the newest AC config probably would help some since it will free up some of these address. Too bad they don't allow us to have a third zone that we can control access to for equipment that we deem critical.

The "zones" mentioned could be different subnets or VLANS. I've never seen the setup that the church uses so I'm not sure which it may be. If it was a subnet then you can have as many as you want internally and just NAT your IPs out. If it was a VLAN situation then the Wireless access points will need to be able to support VLANs and multiple VLANs.

You can have everybody that connects to the wireless access points on one VLAN with the SSID of GUEST, then teachers can connect to the wireless access point with the SSID of Teacher, those two SSIDs can then have separate IP ranges.
 
 
# Larry Autry 2015-02-12 20:33
Your summary is true in some installations but it does not apply here at all.
 
 
# Larry Autry 2015-02-12 20:35
Brother Bone,
The suggestion of a limitation due to a class "C" does not apply here.
 
 
# John M. Shaw 2015-02-12 12:10
The article is about the meetinghouse Internet following a Firewall upgrade, following that upgrade there is no longer a limitation of a class c address - so either your firewalls are not upgraded or that is not your problem.

The comments have become technical in nature and further questions/comments should be directed to the forum section.
 

Please Sign In in order to post comments.

Missionary

Learn how to become a full time or part time Missionary.

Meetinghouse Technology

Support for Meetinghouse Technology is available on the MHTech site.

LDS Connected

LDSConnected

Subscribe