Problems with firewalls (YMMV)

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
aclawson
Senior Member
Posts: 712
Joined: Fri Jan 19, 2007 6:28 pm
Location: Commerce Twp, MI

Problems with firewalls (YMMV)

Postby aclawson » Sun Jul 06, 2014 9:10 am

One of our units took a weird power surge that affected the fire alarm, one port on the cable model and the WAN port on the firewall. A replacement 881W was supplied by FM and the firewall was activated. The image that came down during the process however was oddly corrupted in that tm.lds.org was reporting that it it was either an ASA5505 or a PIX501 and SLC could not get it to respond (it was serving up the internet, but nobody could control or configure it). The device was given a hard reset and a re-activation attempted but the device is already in the database so the imaging script won't run. firewall.lds.org recognizes that this is a re-deploy but the script won't all the device to be reactivated. GSC can't resolve this issue, it has to go to "engineering" who will get to it eventually, meanwhile the building will have no internet service because the new machines no longer have a modem for backup.

I have another building which working - unreliably as the firewall has required four power cycles in the past two weeks because the internet keeps dying - but tm.lds.org shows some issues as well. Again, SLC is unable to remotely access the firewall so it will have to be re-scripted but I need to make sure that "engineering" in SLC will be available so the stake offices, two units and an FHC won't be offline indefinitely because they are too busy to fix it if the issue arises. (And I'm going to have to remap all of the static IP devices when it gets reimaged because there are no known methods of backing up and restoring the scopes).

Are these two firewall glitches just some wild coincidences or are other STSs noticing a recent uptick in firewall appliance glitches?

lajackson
Community Moderators
Posts: 6129
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Re: Problems with firewalls (YMMV)

Postby lajackson » Sun Jul 06, 2014 12:09 pm

Our wireless goes out from time to time on an 881W and GSC has to reflash it. Other than that, we have not had any regular problems.

When one of our buildings took a lightning strike a few years ago, everything had to be replaced. Cable modem, 881W, some of the wiring, cards in the administrative computers, and some of the phone lines.

rolandc
Member
Posts: 257
Joined: Tue May 15, 2012 7:20 pm

Re: Problems with firewalls (YMMV)

Postby rolandc » Sun Jul 06, 2014 5:39 pm

I have two firewalls that don't show in TM, one of them is working normally. the other....not at all.

2nd level problem with TM.lds.org maybe

its been a bad year for lightning here in Fl.
Roland

russellhltn
Community Administrator
Posts: 20728
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Problems with firewalls (YMMV)

Postby russellhltn » Sun Jul 06, 2014 5:47 pm

rolandc wrote:I have two firewalls that don't show in TM, one of them is working normally.

Appears to be working normally. I'd guess there's a script that's not running and that's why it doesn't show.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

aclawson
Senior Member
Posts: 712
Joined: Fri Jan 19, 2007 6:28 pm
Location: Commerce Twp, MI

Re: Problems with firewalls (YMMV)

Postby aclawson » Mon Jul 07, 2014 1:58 pm

This has been escalated to "known issue" status - apparently I am not the only person running into an apparent bug with reactivating firewalls. The engineers are working on it. In the meantime, I personally am holding off resetting another problematic firewall out of fear that the same thing will happen again.

danpass
Member
Posts: 342
Joined: Wed Jan 24, 2007 5:38 pm
Location: Oregon City, OR
Contact:

Re: Problems with firewalls (YMMV)

Postby danpass » Mon Jul 07, 2014 2:38 pm

We have 4 881W's in our stake. We have been having issues with one of them. Same as the second one you describe. Internet access is lost. Power cycling the firewall is the only thing that resolves it. It has been happening with increasing frequency. I concluded from my own troubleshooting that the 881W is failing intermittently. Global support had me do a hard reset and reactivation, which did not resolve the issue. A couple of weeks later, they loaded "new tar files" on the device. I don't know if that process updates the firmware or what. We went several weeks without further problems, but then a week ago Sunday, it looked like we had a hard failure of the device, but after power cycling 4 times it came up. Support finally agreed that it needs to be replaced and said to request a replacement from FM.

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Re: Problems with firewalls (YMMV)

Postby johnshaw » Mon Jul 07, 2014 6:07 pm

This experience is similar to one I had in a meetinghouse where we positively identified a lightning strike on the device. Let's all make sure these things are protected.
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”
― Thomas Paine, Common Sense

aclawson
Senior Member
Posts: 712
Joined: Fri Jan 19, 2007 6:28 pm
Location: Commerce Twp, MI

Re: Problems with firewalls (YMMV)

Postby aclawson » Tue Jul 08, 2014 8:00 am

In an ideal world each meetinghouse would have good lightning protection (I've lost an organ, various components of sound systems and other electrical thingies in the meetinghouses) that would include whole-building surge protection, and verified good grounding (with all grounds bonded together) but such things are low priority in the budgeting things. In this case the equipment was plugged into protection (real protection, not just an outlet multiplier) but the surge got in somehow (telephone lines, possibly) and appeared to cause trouble through induction rather than a direct surge down the line.

At some point there are going to be major problems - I haven't seen a single building hardened against the known risk of another Carrington Event, with said event being inevitable (though the current risk window is rapidly closing).

aclawson
Senior Member
Posts: 712
Joined: Fri Jan 19, 2007 6:28 pm
Location: Commerce Twp, MI

Re: Problems with firewalls (YMMV)

Postby aclawson » Sun Jul 13, 2014 8:51 am

The engineering people have reportedly fixed the scripting bug that was preventing firewalls from being re-registered (I was apparently not the only one with this issue) so everything should be working now.

rolandc
Member
Posts: 257
Joined: Tue May 15, 2012 7:20 pm

Re: Problems with firewalls (YMMV)

Postby rolandc » Sun Jul 13, 2014 10:28 am

I received the same phone call about the scripting being fixed for re-registering.
Roland


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest