New 192.168.x.x subnet option for MH firewalls

[aebrown]

On the plus side, if you use the power injectors you can put them all on one strip and you have a single switch to turn off the WAPs for a streaming conference.

That's a mighty small plus. I can disconnect the five WAPs in our stake center in under a minute. Sure, that's more than the couple of seconds it would take if I had them all on one strip. But I would spend that extra one minute gladly (and with a PoE switch it would probably be more like 15 seconds) in exchange for eliminating the rat's nest of cables we currently have in our rather small box containing our networking equipment. Every power injector adds a power cable, a transformer, another power cable between the transformer and injector, the injector, and an extra cat5 cable. Getting rid of all of that (times 5) in exchange for one simple PoE switch is quite appealing.

[harddrive]

aebrown, that is my point exactly. Why have all the clutter in your box, when you can have a single switch that has PoE built in. It is a much cleaner install and if you work it right, you can get more PoE ports for less money.

[Mikerowaved]

PLEASE NOTE: Stakes may choose whether to upgrade existing firewalls to the new configuration. While the new firewall configuration has certain advantages (faster data throughput and increased DHCP addresses), Church units can choose to stay on the current firewall configuration.

AAAAAARRRRRGGGGGGGHHHH!!!!!!! I just found out this is NOT the case! A frantic call from our unofficial FHL director alerted me to the fact that I now have an 881W with a new configuration and a stake center's network that is completely non-functional, thanks to static IP's and other things that needed to be manually changed over at the time of the "upgrade". After finding out about my stake center's condition, I called CHQ and was told they are in the process of systematically pushing this new configuration out to ALL firewalls, starting with stake centers, WITHOUT LETTING ANYONE KNOW ABOUT IT IN ADVANCE! Unbelievable. Don't know if it shows, but I am NOT happy right now.

[harddrive]

I called CHQ and was told they are in the process of systematically pushing this new configuration out to ALL firewalls, starting with stake centers, WITHOUT LETTING ANYONE KNOW ABOUT IT IN ADVANCE! Unbelievable. Don't know if it shows, but I am NOT happy right now.

SAY WHAT?????????!!!!!!!!!!!!!!!! If that is the case, then I know that I'm going to have problems at, at least 2 of my building and maybe a third. And we will have to jump through hoops to get up there and help the family history centers out.

It would be nice if the network team would inform the STS of the stake that their routers/firewalls are going to be upgraded and what day they plan to do it. This way we can alert the FHC director so that they can be prepared and so can the STS (me).

[russellhltn]

That's ..... messed up. I could see someone thinking it was a good idea for non-FHC meetinghouses, but that's a guaranteed fail for a FHC unless they configure the printers first.

[Biggles]

That's ..... messed up. I could see someone thinking it was a good idea for non-FHC meetinghouses, but that's a guaranteed fail for a FHC unless they configure the printers first.

It's not ideal for non FHC meetinghouses either. The meetinghouses in my Stake are not equipped with switches for distribution. So consequently all the ports, on the firewall, are used for network distribution! So any equipment attached to Port 3 will cease to function. None of our meetinghouses have FMG monitored equipment, at the moment, so Port 3 would be a "dead" port using the new configuration.

[Mikerowaved]

Got the stake center mostly back online. Gotta still bring in a spare 4-port switch, since I lost 2 ports on the firewall and the existing switches are already fully populated. [sigh]

During my previous conversation with CHQ, I asked if they could PLEASE put a stay of execution on my other two meetinghouse firewalls until I had a chance to get down there and make some preparations. He looked, but found no way to "tag" firewalls to somehow avoid (or at LEAST delay) being upgraded. He said the only way I could avoid the automatic rollout is if I called and asked to have it manually upgraded BEFORE the automatic upgrade hit. Of course, he couldn't give me a time frame when they were planning on getting to the rest of the meetinghouses.

Speaking of manually upgrading, the support tech told me I should be able to do it myself with the new tool in TM. I told him I was aware the new tool was promised, but I was currently in TM and saw just the same 2 tools as always. He told me HIS screen showed 3 tools, but he quickly realized it must have been his church account responsible for showing the extra tool. Does this mean the new upgrade tool is close to being released? No clue. Just thought I'd throw it out in hopes a church employee could maybe fill us in.

[Biggles]

Response to Mikerowaved's question about upgrade tool.

I asked the same question of GSC, earlier this week when I had our Stake Centre firewall reconfigured, his response was that the tool would be made available to us most likely in the next 2-3 weeks.

[russellhltn]

I called CHQ and was told they are in the process of systematically pushing this new configuration out to ALL firewalls, starting with stake centers,

I wonder if this was a mis-communication. They've been pushing out the new configuration for new firewalls and reactivation starting 8/13. Could someone have re-activated the firewall? Perhaps FM needed to connect their "internet of things" and needed their zone created?

I called CHQ and was told they're not pushing them out - only as requested or upon new/reactivation.

[CleggGP]

To be clear, CHQ is not pushing the new firewall configuration to Church units. Currently Church units must request the upgrade by contacting the GSC. In the near future (date not yet determined) the Upgrade Firewall Configuration will be available to STSs and FMs under the firewall Tools tab in TM. There is no current plan to push the new configuration on Church units. That being said technology specialists should begin preparing meetinghouses for the upgrade. If a firewall needs to be replaced or reactivated (after and ISP change for example) then the meetinghouse will receive the new firewall configuration. Eventually CHQ would like all Meetinghouse Firewalls to have the new configuration.

With the new firewall configuration, many technology specialists are pleased with the increased data throughput, with the contiguous Public Network address space, and with the 990 DHCP addresses. Facilities Managers are being notified about the new firewall configuration, and about what needs to be done for FMs/STSs to prepare meetinghouse networks for the firewall upgrade. Stake Technology Specialists should work with FMs in this process.