Meetinghouse Firewall Upgrade Available to FMs/STSs

[CleggGP]

Is the zone "Public" or "User"? Because the documentation says "Public", but TM says "User".

Currently "Public Network" == "User" in TM. "Public" better describes the purpose of the network (rather than "User" zone). "Zone" denotes a specific (or special purpose) network zone in the building. "User" in TM may eventually be changed to "Public."

[russellhltn]

There are many factors that affect the reporting of network data in TM, so the "... can take up to 60 minutes" statement basically tells the user to be patient.

Understood. The timing I experienced is in no way a complaint, just a comment to give others "real world" feedback on what they might see. I should add that I did this around midnight Mountain Time, so the system was probably fairly quiet.

[russellhltn]

I upgraded the stake center firewall.

I called GSD to do it. The agent on the call didn't seem to have any training on this. She thought I wanted to replace the firewall until I explained I wanted to upgrade the configuration of the firewall. She took down the information and passed it on. Despite my pointing out that we had a FHC (and that's why I was calling) no FHC zone was created. Not sure where that breakdown in communication happened. Despite the 24 hour turn around promise, someone starting working on it fairly quickly.

I called back into GSD this morning. The person I talked to wasn't able to create the FHC zone himself, but he was able to cause it to be created during the call so we could both confirm the creation. (I should add this was during normal MT working hours.)

The FHC zone shows as "VPN" in TM. The agent said it was because other things might be added to it in the future. (Makes sense. It wouldn't surprise me in the future but what "they" decide the clerk computers should be on a VPN, or the jacks used for webstreaming should be on the VPN so that "Public" can be cut off via TM (a feature we've been promised but hasn't yet appeared.))

I did power cycle the two APs while I was waiting. I'm not sure if it's necessary.

It's not absolutely necessary. But IIRC, the IP lease time is only half an hour. So it should straighten itself out by then. Since this was a "call in" upgrade, I didn't hang around to see how long things would take without the power cycle.

[CleggGP]

The FHC zone shows as "VPN" in TM.

Currently "VPN" in TM == "Special Purpose Zone." The "VPN" designation was confusing to users, so the name was changed. "VPN" may eventually be changed (to something like "SPZ") in TM.

[russellhltn]

Currently "VPN" in TM == "Special Purpose Zone." The "VPN" designation was confusing to users, so the name was changed. "VPN" may eventually be changed (to something like "SPZ") in TM.

Good to know.

I would like to see the terminology finalized sooner than later, for two reasons: Changing it later will cause more confusion since everyone has already learned the existing way. Second, I did want to label some lights and switches so someone coming along later knows that this switch is "Public Zone" and that one is "Special Purpose Zone". Gets kinda important when someone (perhaps the FM guy) needs to plug something new into the system.

The one problem I see with labeling the Port 2 activity light "VPN" is that it's sure to cause confusion with the VPN status light. Although to a network guy, VPN is probably clearer as to what is going on than SPZ.

[russellhltn]

For the last firewall, it seem to take 15-20 minutes for connectivity to return. It was well over 10 minutes. Once it did, TM was already updated. So the times can be quite variable.

When checking TM, be sure to do a refresh. Simply switching tabs shows you cached information.

[CleggGP]

I like the the fact that STSs/FMs can upgrade Meetinghouse Firewalls themselves in TM (without calling the GSC). A new mhtech article was posted that describes the upgrade steps (https://www.lds.org/help/support/upgrad ... -firewall/).

We upgraded all of the meetinghouses of our stake, and now receive praise (rather than complaints) from members and leaders about being about to connect to the network. Before we heard that sometimes clerks could not connect to the network. Even our stake president was frustrated about limited network connections--but now those days are gone! It's great to have one large network address space, and better firewall performance. With the firewall upgrade in place, now the meetinghouse network is much better--and members notice the difference.

[drepouille]

During our last stake conference, members max-ed out available DHCP, which was fine with me. If I upgrade that firewall to allow several hundreds of connections, I worry that all those mobile devices will send our bandwidth usage through the roof. Granted, most mobile devices just make a connection, and don't use much data. And luckily, our stake center has a cable modem, not a DSL.

[Biggles]

I think the general rule of thumb is to disconnect all WAP's, if possible,to preserve your bandwidth especially if transmitting to other locations.

[CleggGP]

During our last stake conference, members max-ed out available DHCP...

Sometimes STSs disable building wireless for special meetings. But some units may max out on connections weekly. Our stake loves the 990 connections, and the new firewall configuration routes packets up to 240% better. That helps a lot.