Meetinghouse Internet now open to US and Canada

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
russellhltn
Community Administrator
Posts: 20762
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Meetinghouse Internet now open to US and Canada

Postby russellhltn » Mon Aug 11, 2008 7:52 pm

As mentioned in another thread, the Meetinghouse Internet program has been expanded to "the United States and Canada Area". This was announced on Aug 8, 2008. [color="blue"]staketech.lds.org[/color] has not yet been updated, but the policies are the same as for the Utah and Southwest areas, so you should be able to find the details you need.

Keep in mind that if your facility already has Internet connection, for example, to support a FHC, Institute, or Church employee offices, you are to share those services rather then install a new Internet connection.

As always, a church supplied firewall is required.

Before administrative computers can be connected, they must be updated with either Desktop 5.5, or the security software found on [color="blue"]mls.lds.org[/color] (The stake clerk has the password.)

1historian-p40
New Member
Posts: 49
Joined: Sun Mar 16, 2008 8:36 pm
Location: North Higlhands, California

Postby 1historian-p40 » Mon Aug 11, 2008 9:13 pm

Where can i find a copy of the letter oppening up the internet connection to all units in the us?

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Mon Aug 11, 2008 9:52 pm

1historian wrote:Where can i find a copy of the letter oppening up the internet connection to all units in the us?


Your stake president should have a copy on paper; he also has access to the online archive of official letters.

We assume it will be posted at clerk.lds.org eventually (since the other three letters on this topic have all been posted there). But I have no idea when that will happen.

I have a copy of the letter in my possession; if you look at this post, you can tell exactly what it says.

SheffieldTR
Community Moderators
Posts: 145
Joined: Wed Apr 04, 2007 11:44 am
Location: Utah, USA

Postby SheffieldTR » Sat Aug 16, 2008 8:27 am

The notice releasing Meetinghouse Internet to the rest of the US and Canada will be posted on clerk.lds.org soon. I would like to add one point of additional clarification. As stated, if you have an approved Internet connection already for Family History or FM office, etc, then yes share it. If you already have an unapproved connection from before this program came out, then please order a firewall and put it on the existing connection. Getting one later is better than not getting one at all. :)
Thanks

User avatar
Mikerowaved
Community Moderators
Posts: 3132
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Sat Aug 16, 2008 9:18 am

tsheffield wrote:If you already have an unapproved connection from before this program came out, then please order a firewall and put it on the existing connection.

This is what we are in the process of doing, however, when I put the FHC behind the ASA (Extended Access) firewall, I immediately ran into problems with the researchers bitterly complaining they couldn't get to a few important research sites, genealogy tutorials (a couple from BYU), and other things that the firewall now blocked. Granted, most sited worked, but the few that didn't (I don't have their list in front of me) were enough to put a serious dent in their research.

I called GSD back, explained the situation, and asked if there was anything we could do. They first verified we were on "Extended Access", then asked about the firewall itself. The answer was, if this is an "OFFICIAL" Family History Center (I guess there are quite a few UN-official ones around), then we should have ordered the PIX firewall. It uses a different filtering method that is a bit more relaxed than the ASA. The ASA firewall is recommended for all new installations that do NOT have an FHC at the same site.

Just a heads-up for those in a similar situation.

Mike
So we can better help you, please edit your Profile to include your general location.

james_francisco
Member
Posts: 76
Joined: Thu Feb 08, 2007 9:42 am
Location: Arizona
Contact:

Postby james_francisco » Sat Aug 16, 2008 10:47 am

The only problem with that advice is that Cisco no longer sells the PIX 501 device. See http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps2031/index.html for details. What units creating an FHC behind an ASA 5505 appliance need to do is get to the second level support team at the Global Service Desk. They will have the knowledge and tools to assist in adapting the security rules on the ASA device.

Mikerowaved wrote:The answer was, if this is an "OFFICIAL" Family History Center (I guess there are quite a few UN-official ones around), then we should have ordered the PIX firewall. It uses a different filtering method that is a bit more relaxed than the ASA. The ASA firewall is recommended for all new installations that do NOT have an FHC at the same site.

Just a heads-up for those in a similar situation.

Mike

User avatar
Mikerowaved
Community Moderators
Posts: 3132
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Sat Aug 16, 2008 1:11 pm

James_Francisco wrote:The only problem with that advice is that Cisco no longer sells the PIX 501 device. See http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps2031/index.html for details. What units creating an FHC behind an ASA 5505 appliance need to do is get to the second level support team at the Global Service Desk. They will have the knowledge and tools to assist in adapting the security rules on the ASA device.

That's who I was working with most of the day yesterday. They had no options for me for the ASA other than swapping it out. They apparently still have an inventory of PIX boxes for the few installations that may require it. (Of course, the answers you get often depend on the person you get on the other end of the line.)
So we can better help you, please edit your Profile to include your general location.

SheffieldTR
Community Moderators
Posts: 145
Joined: Wed Apr 04, 2007 11:44 am
Location: Utah, USA

Postby SheffieldTR » Sat Aug 16, 2008 2:12 pm

We are currently working on an additional filtering profile that is very similar to that used in the PIX. Unfortunately I cannot give you a date yet on when it will be available. Thank you for bringing this to our attention.

User avatar
Mikerowaved
Community Moderators
Posts: 3132
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Sun Aug 17, 2008 2:21 pm

tsheffield wrote:We are currently working on an additional filtering profile that is very similar to that used in the PIX. Unfortunately I cannot give you a date yet on when it will be available. Thank you for bringing this to our attention.

Thanks for letting us know it's being looked into. Even though a date isn't available, just knowing you folks are aware of the problem and are addressing it means a lot. BTW, the head genealogist at our FHC went to another location that was using the PIX firewall and verified the list of websites she needed that was being blocked by the ASA-Extended device were indeed being allowed by the PIX.

Too bad we can't add a 3rd VLAN in the ASA configuration to assign certain ports for PIX-style filtering to be designated for FHC use and other ports with standard ASA filtering for administrative computers. I know, probably asking too much. ;)
So we can better help you, please edit your Profile to include your general location.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Sun Aug 17, 2008 9:57 pm

Mikerowaved wrote:Too bad we can't add a 3rd VLAN in the ASA configuration to assign certain ports for PIX-style filtering to be designated for FHC use and other ports with standard ASA filtering for administrative computers. I know, probably asking too much. ;)
I am with you Mikerowaved. However, I don't think it is asking too much - if that is what is necessary to effectively manage a network and provide the service to local leaders and members and provide the necessary security from within and from without and be good fuduciary managers of the Lord's money. Do we unwisely expend financial resources as work-arounds for a solution that should require little more than a configuration change? I am hoping not.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest