Meetinghouse Firewall Upgrade Available to FMs/STSs

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
Post Reply
CleggGP
Church Employee
Church Employee
Posts: 118
Joined: Mon Jul 28, 2014 1:55 pm

Re: Meetinghouse Firewall Upgrade Available to FMs/STSs

#61

Post by CleggGP »

russellhltn wrote:"Over 4,100 MH firewall upgrades ..." What percentage is that?
Worldwide 29% (which includes USA 48%, Utah 67%).
russellhltn wrote:"The goal: 100% of MH firewalls running the new configuration" ... some units are refusing to upgrade because they don't have the bandwidth to support everyone.
If the network is congested then there are two option: increase capacity (bandwidth) and/or decrease use (load).

Network problems happen two ways: 1) people cannot get on the network due to insufficient connections, and 2) slow network performance due to high use. The firewall upgrade addresses the #1 by adding more connections, and #2 by increasing by 240% the firewall's ability to route network packets.

If meetinghouse Internet access is slow due to high usage, then unit leaders should teach members about appropriate ways to use (or not use) the MH network. Unit leaders should teach members what is appropriate (and inappropriate) to do on the meetinghouse network. The MH network priorities are: 1. unit leader services (Church records, donations, etc.), 2. family history/temple/missionary work, and 3. gospel learning and instruction. For gospel instruction, teachers should download media content to their devices before coming to Church (since several people simultaneously streaming live video may cripple the network).

After this, if bandwidth continues to be insufficient, then unit leaders should discuss ISP options with the FM.

Support for the old firewall configuration is very limited. If repairs are needed, then firewall will receive the current MH firewall configuration.

It is best for upgrades to take place in a planned, proactive manner--so STSs/FMs should plan to upgrade firewalls to the current configuration.
tlhackett
Church Employee
Church Employee
Posts: 69
Joined: Mon Dec 23, 2013 1:54 pm

Re: Meetinghouse Firewall Upgrade Available to FMs/STSs

#62

Post by tlhackett »

Every now and again the facility zone (port 3) IP addresses could change. It is a bug and is very rare. There have only been a few handful of firewalls that this has happened to. I've reported this a few times to the TM developers but I haven't heard if they have found the bug yet or if it is fixed.

What I suggest is that you check to see what the IP addresses are set to on Technology Manager before you upgrade. Write it down and then perform the upgrade. If it changes, notify your FM group about it and then submit a bug using the feedback section at the bottom on Technology Manager with the old and new IP addresses. They cannot revert the change since the old IP addresses are collected and handed to new firewalls automatically but it will give them a chance to investigate and hunt down the bug.
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Meetinghouse Firewall Upgrade Available to FMs/STSs

#63

Post by russellhltn »

CleggGP wrote:If the network is congested then there are two option: increase capacity (bandwidth)
From what I've seen here, FMG isn't always cooperative. And sometimes there just isn't any other option. A written standard for FM on what is considered minimum acceptable bandwidth would help. But the standard needs to be available to the STS as well as pushed down via the official channels. As it stands now, we don't get to see FM's "rule book" so we can't tell if the local FMG is following policy or not.

CleggGP wrote:and/or decrease use (load).
Very difficult.

CleggGP wrote:If meetinghouse Internet access is slow due to high useage, then unit leaders should teach members about appropriate ways to use (or not use) the MH network. Unit leaders should teach members what is appropriate (and inappropriate) to do on the meetinghouse network.
Here's a problem. It seems that portable devices, particularly Apple, once programmed with the SSID, will automatically switch to it for everything. Including all background data transmissions such as email, attachments, notification services, etc.

CleggGP wrote:The MH network priorities are: 1. unit leader services (Church records, donations, etc.), 2. family history/temple/missionary work, and 3. gospel learning and instrution. For gospel instrution,
Isn't there any technical tools that could be used to enforce this? Teaching correct principles only goes so far when the devices automatically switch to the church network. Perhaps local leaders need to review where the WAPs are placed and cut back on coverage. At this point that seems to be the only thing under local control.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
xenserve
New Member
Posts: 4
Joined: Fri May 30, 2014 4:11 pm
Location: Canada

Re: Meetinghouse Firewall Upgrade Available to FMs/STSs

#64

Post by xenserve »

How does the port configuration change between the 881 and the 891f Cisco devices with the upgrade?

I have 1 891f in the stake, all the rest are 881's so I'd like to confirm the port config please? or should I just call the gsc?
User avatar
Biggles
Senior Member
Posts: 1608
Joined: Tue May 27, 2008 5:14 am
Location: Watford, England

Re: Meetinghouse Firewall Upgrade Available to FMs/STSs

#65

Post by Biggles »

I'm not familiar with the 891f (not practical at the moment to research unit), but does it have the same number of ports on the back?

If it does, I imagine that the configuration is the same.
aclawson
Senior Member
Posts: 760
Joined: Fri Jan 19, 2007 6:28 pm

Re: Meetinghouse Firewall Upgrade Available to FMs/STSs

#66

Post by aclawson »

class-map access-match
match access-group 1
exit
policy-map police-setting
class access-match
police 8000 1000 1000 conform-action transmit exceed-action set-qos-transmit 1
violate-action drop
exit
exit
service-policy output police-setting
User avatar
Biggles
Senior Member
Posts: 1608
Joined: Tue May 27, 2008 5:14 am
Location: Watford, England

Re: Meetinghouse Firewall Upgrade Available to FMs/STSs

#67

Post by Biggles »

aclawson wrote:class-map access-match
match access-group 1
exit
policy-map police-setting
class access-match
police 8000 1000 1000 conform-action transmit exceed-action set-qos-transmit 1
violate-action drop
exit
exit
service-policy output police-setting
Explanation! Please!
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Meetinghouse Firewall Upgrade Available to FMs/STSs

#68

Post by russellhltn »

xenserve wrote:I have 1 891f in the stake, all the rest are 881's so I'd like to confirm the port config please?
Port 7 will be the Facilities Zone. I'm not sure which will be the VPN zone (for FHCs). But after the upgrade TM will show what port it's on. It's under "LAN Ports" in the right column on the main page for that firewall.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
aclawson
Senior Member
Posts: 760
Joined: Fri Jan 19, 2007 6:28 pm

Re: Meetinghouse Firewall Upgrade Available to FMs/STSs

#69

Post by aclawson »

Biggles wrote:
aclawson wrote:class-map access-match
match access-group 1
exit
policy-map police-setting
class access-match
police 8000 1000 1000 conform-action transmit exceed-action set-qos-transmit 1
violate-action drop
exit
exit
service-policy output police-setting
Explanation! Please!
This is the code that can be used to throttle the bandwidth by classification of connection: the powers that be can limit connection by declaring, for example, that machines with static IP addresses get first priority to the bandwidth. So far however there have been other goals that are more important so this possibility goes to the back burner.
russellhltn
Community Administrator
Posts: 34422
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Meetinghouse Firewall Upgrade Available to FMs/STSs

#70

Post by russellhltn »

aclawson wrote:This is the code that can be used to throttle the bandwidth by classification of connection:
What exactly is getting throttled? For most people the concern is the download bandwidth. And the router is after the bottleneck. Will it work in that situation? (Perhaps by slowing the handshake?)
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
Post Reply

Return to “Meetinghouse Internet”