Unfortunately, I think it will take more than just a configuration change. Although I'm not versed in Cisco licensing, I believe running 3 full VLANS would force an upgrade from the "Base" license to the "Security Plus" license and I'm guessing the Church would want the same license structure on all their ASA's in the field.jdlessley wrote:Do we unwisely expend financial resources as work-arounds for a solution that should require little more than a configuration change? I am hoping not.
Meetinghouse Internet now open to US and Canada
- Mikerowaved
- Community Moderators
- Posts: 4744
- Joined: Sun Dec 23, 2007 12:56 am
- Location: Layton, UT
So we can better help you, please edit your Profile to include your general location.
-
- Community Moderators
- Posts: 9924
- Joined: Mon Mar 17, 2008 12:30 am
- Location: USA, TX
I am pretty sure it is technically feasible. But you may be right about the licensing. I didn't think of that.Mikerowaved wrote:Unfortunately, I think it will take more than just a configuration change. Although I'm not versed in Cisco licensing, I believe running 3 full VLANS would force an upgrade from the "Base" license to the "Security Plus" license and I'm guessing the Church would want the same license structure on all their ASA's in the field.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
-
- Member
- Posts: 126
- Joined: Tue May 01, 2007 3:13 pm
- Location: Oregon
As I understand it there are 2 fundamental reasons for the church firewall: "The firewall will provide required network security and Web content filtering for meetinghouse users." (from "Meetinghouse Internet Implementation Plan 3").
Certainly no filtering is foolproof, but if the slightly more relaxed restrictions of the PIX filtering provide adequate risk management for buildings with Family History Centers, why not make that level of filtering available as a third choice along with "Restricted" and "Extended Access"?
I guess it is possible that the PIX filter is a licensed service while the ASA supported extended access filter is a large no cost / lower cost white list.
Certainly no filtering is foolproof, but if the slightly more relaxed restrictions of the PIX filtering provide adequate risk management for buildings with Family History Centers, why not make that level of filtering available as a third choice along with "Restricted" and "Extended Access"?
I guess it is possible that the PIX filter is a licensed service while the ASA supported extended access filter is a large no cost / lower cost white list.
- aebrown
- Community Administrator
- Posts: 15153
- Joined: Tue Nov 27, 2007 8:48 pm
- Location: Draper, Utah
rknelson wrote:As I understand it there are 2 fundamental reasons for the church firewall: "The firewall will provide required network security and Web content filtering for meetinghouse users." (from "Meetinghouse Internet Implementation Plan 3").
Certainly no filtering is foolproof, but if the slightly more relaxed restrictions of the PIX filtering provide adequate risk management for buildings with Family History Centers, why not make that level of filtering available as a third choice along with "Restricted" and "Extended Access"?
I guess it is possible that the PIX filter is a licensed service while the ASA supported extended access filter is a large no cost / lower cost white list.
The filters on both PIX and ASA firewall devices use Websense, so I don't think it is a cost option. Rather, it is a conscious decision to have different filtering options.
See this post to see another request for what you asked. Then this post gives an indication that the Church product managers made specific decisions to make the filtering different. Finally, this post suggests the possibility of some changes in the works.
-
- Member
- Posts: 126
- Joined: Tue May 01, 2007 3:13 pm
- Location: Oregon
Thanks for the links. With Family History Centers in 2 out of 5 buildings in our stake, I can see that there will be some inequity and challenges with the more restrictive access.Alan_Brown wrote:The filters on both PIX and ASA firewall devices use Websense, so I don't think it is a cost option. Rather, it is a conscious decision to have different filtering options.
See this post to see another request for what you asked. Then this post gives an indication that the Church product managers made specific decisions to make the filtering different. Finally, this post suggests the possibility of some changes in the works.
-
- Senior Member
- Posts: 1269
- Joined: Thu Jan 24, 2008 4:34 pm
- Location: Las Vegas, NV
- Contact:
"Keep in mind that if your facility already has Internet connection, for example, to support a FHC, Institute, or Church employee offices, you are to share those services rather then install a new Internet connection."
I guess that CES is not included in the above statement. The office for the local CES/Seminary is in our building with an internet connection. I asked the coordinator about sharing and he saw no problem but said I would have to talk to CES in Salt Lake.... They flatly refused...end of discussion...
I guess that CES is not included in the above statement. The office for the local CES/Seminary is in our building with an internet connection. I asked the coordinator about sharing and he saw no problem but said I would have to talk to CES in Salt Lake.... They flatly refused...end of discussion...
-
- Community Administrator
- Posts: 34513
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Check the document Installing the Church-Managed Firewall.
Note that it says to go to the "facility manager". In most cases that would be the FM group. Unless it's an unusual situation, CES may have no say in the matter.NOTE: If a Church-managed firewall or wireless network for Internet use is already in the building, contact the facility manager to share the existing service.
It is Church policy to share existing filtered Internet connections between ecclesiastical units (wards, stakes, districts, and branches) and field office units (family history centers, seminaries and institutes, facilities management offices, LDS Employment Resource Centers, etc.).
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.