Meetinghouse Firewall Upgrade Available to FMs/STSs

[drepouille]

I think the general rule of thumb is to disconnect all WAP's, if possible,to preserve your bandwidth especially if transmitting to other locations.

We are not broadcasting anything yet. Since all out outlying meetinghouses use either DSL or a wireless connection to their ISP, I don't have much faith they could receive a broadcast from the stake center.
During our stake conference sessions, I just like to monitor TM to see how many connections and how much bandwidth are used. Several years ago, before I started to use static IP addresses, the FHC director tried to hold a class immediately after the general session on Sunday, and found that no IP addresses were available.

[russellhltn]

Yes, we maxed out our IPs on the last Stake Conference - but there was no web casting involved, so no issue.

Several years ago, before I started to use static IP addresses, the FHC director tried to hold a class immediately after the general session on Sunday, and found that no IP addresses were available.

Assuming we're taking about an official FHC, they're on their own pool.

[CleggGP]

More than a thousand Meetinghouse Firewall upgrades have taken place since August. The firewall upgrade take only a few minutes to do, once preparation steps are completed.

Some FMs don't know about the firwall upgrade, and there are locations where STSs do not have physical access to the firewall. In those locations STSs should work with FMs to evaluate network cabling and ensure that network cables are connected to the correct firewall ports. If an official Family History Center exists, then additional planning and coordination must be done. But once this is done, and any static IP devices are identified, the firewall upgrade can happen quickly.

It may take a some time and effort to prepare for the upgrade--but overall the Meetinghouse Firewall configuration upgrade is a good thing.

[CleggGP]

If a Facility Manager's office is in a meetinghouse, after the firewall configuration upgrade, the FM's computers should be connected to the Public Network (rather than connected to the Facilities Zone--which zone is for facility devices like HVAC, sprinkler system, fire alarms).

[lajackson]

While we are waiting for the FM Group to bring equipment to split off the official FHC to Port 2, is it okay to go ahead and upgrade the firewall? Everything is on one big switch right now, there are no fixed IPs, and it shouldn't matter to the equipment as long as it can see the network.

[CleggGP]

While we are waiting for the FM Group to bring equipment to split off the official FHC to Port 2, is it okay to go ahead and upgrade the firewall?

When you upgrade the firewall the FHC will be in the Public Network, which means you would need to change any FHC static IPs (if they exist). After the FHC is connected to Port 2 and a Special Purpose Zone is created (by calling the GSC), you would need the change any FHC static IPs to the new SP Zone static IP range. But if you are okay doing it this way, then "yes" you can proceed. Be sure to coordinate with the FHC director, and inform the FM Group about what you are doing.

[aclawson]

While we are waiting for the FM Group to bring equipment to split off the official FHC to Port 2, is it okay to go ahead and upgrade the firewall? Everything is on one big switch right now, there are no fixed IPs, and it shouldn't matter to the equipment as long as it can see the network.

What equipment is needed to split off the FHC? When we did our stake center w/FHC I wired in a patch panel so this switch to port two was as simple as moving a patch cable.

The FHC most certainly has at least one device with a static IP (if configured to specs) - a large printer - that SLC must contact constantly. When you upgrade the firewall SLC will lose connectivity to this printer unless it is on port 2 and reconfigured with a static IP in the new scope.

[russellhltn]

What equipment is needed to split off the FHC? When we did our stake center w/FHC I wired in a patch panel so this switch to port two was as simple as moving a patch cable.

I'm sure it all depends on the way things were installed (and for that, there is/was no standard). I my case, it took none - because I had just one wire that fed all of the FHC. Some may need to order another switch so as to connect a number of CAT5 cables to a single port. Others may need to have wires strung as there is only one feed from the firewall to that part of the building that is currently shared with other devices.

I did have one unit without a FHC that I had to order a switch for. They had exactly 4 devices. With the new configuration re-dedicating Port 3 to a FM Zone, I lost a needed port.

[jeromer7]

I used the new Start Upgrade button on the Tools tab in TM yesterday to upgrade an existing firewall. About 11 minutes later, I got a screen overlay banner with "System Error" on the top line of the banner and the not very helpful "An error occurred" in the bottom of the banner.
The network icon in the taskbar had the yellow triangle with exclamation mark showing I had no Internet connection.
I was able to "x" out of the overlay and return to the TM Tools tab. With nothing to lose, I hit the Restart Firewall button. A few minutes later, the same System Error overlay came up.
Went and looked at the physical firewall and all lights on it and the cable modem appeared normal. So, I resorted to a power reset on the modem and then on the firewall. When all the lights returned to their normal state, I walked back to were the PC with TM was and found all was working as it should. A refresh on the browser window gave me the new TM layout with expected zones.
All in all, not a painful process with the end result being worth the minor trouble of an unexpected power reset.

[CleggGP]

You discovered a permissions issue that needs to be resolved.

TM now properly points to the correct location for the read and understand message a user needs to read prior to clicking the "Confirm" button to upgrade a Meetinghouse Firewall.