Problems with firewalls (YMMV)
-
- Senior Member
- Posts: 760
- Joined: Fri Jan 19, 2007 6:28 pm
Problems with firewalls (YMMV)
One of our units took a weird power surge that affected the fire alarm, one port on the cable model and the WAN port on the firewall. A replacement 881W was supplied by FM and the firewall was activated. The image that came down during the process however was oddly corrupted in that tm.lds.org was reporting that it it was either an ASA5505 or a PIX501 and SLC could not get it to respond (it was serving up the internet, but nobody could control or configure it). The device was given a hard reset and a re-activation attempted but the device is already in the database so the imaging script won't run. firewall.lds.org recognizes that this is a re-deploy but the script won't all the device to be reactivated. GSC can't resolve this issue, it has to go to "engineering" who will get to it eventually, meanwhile the building will have no internet service because the new machines no longer have a modem for backup.
I have another building which working - unreliably as the firewall has required four power cycles in the past two weeks because the internet keeps dying - but tm.lds.org shows some issues as well. Again, SLC is unable to remotely access the firewall so it will have to be re-scripted but I need to make sure that "engineering" in SLC will be available so the stake offices, two units and an FHC won't be offline indefinitely because they are too busy to fix it if the issue arises. (And I'm going to have to remap all of the static IP devices when it gets reimaged because there are no known methods of backing up and restoring the scopes).
Are these two firewall glitches just some wild coincidences or are other STSs noticing a recent uptick in firewall appliance glitches?
I have another building which working - unreliably as the firewall has required four power cycles in the past two weeks because the internet keeps dying - but tm.lds.org shows some issues as well. Again, SLC is unable to remotely access the firewall so it will have to be re-scripted but I need to make sure that "engineering" in SLC will be available so the stake offices, two units and an FHC won't be offline indefinitely because they are too busy to fix it if the issue arises. (And I'm going to have to remap all of the static IP devices when it gets reimaged because there are no known methods of backing up and restoring the scopes).
Are these two firewall glitches just some wild coincidences or are other STSs noticing a recent uptick in firewall appliance glitches?
-
- Community Moderators
- Posts: 11475
- Joined: Mon Mar 17, 2008 10:27 pm
- Location: US
Re: Problems with firewalls (YMMV)
Our wireless goes out from time to time on an 881W and GSC has to reflash it. Other than that, we have not had any regular problems.
When one of our buildings took a lightning strike a few years ago, everything had to be replaced. Cable modem, 881W, some of the wiring, cards in the administrative computers, and some of the phone lines.
When one of our buildings took a lightning strike a few years ago, everything had to be replaced. Cable modem, 881W, some of the wiring, cards in the administrative computers, and some of the phone lines.
-
- Member
- Posts: 257
- Joined: Tue May 15, 2012 8:20 pm
Re: Problems with firewalls (YMMV)
I have two firewalls that don't show in TM, one of them is working normally. the other....not at all.
2nd level problem with TM.lds.org maybe
its been a bad year for lightning here in Fl.
2nd level problem with TM.lds.org maybe
its been a bad year for lightning here in Fl.
Roland
-
- Community Administrator
- Posts: 34487
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Problems with firewalls (YMMV)
Appears to be working normally. I'd guess there's a script that's not running and that's why it doesn't show.rolandc wrote:I have two firewalls that don't show in TM, one of them is working normally.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Senior Member
- Posts: 760
- Joined: Fri Jan 19, 2007 6:28 pm
Re: Problems with firewalls (YMMV)
This has been escalated to "known issue" status - apparently I am not the only person running into an apparent bug with reactivating firewalls. The engineers are working on it. In the meantime, I personally am holding off resetting another problematic firewall out of fear that the same thing will happen again.
-
- Senior Member
- Posts: 514
- Joined: Wed Jan 24, 2007 5:38 pm
- Location: Oregon City, OR
- Contact:
Re: Problems with firewalls (YMMV)
We have 4 881W's in our stake. We have been having issues with one of them. Same as the second one you describe. Internet access is lost. Power cycling the firewall is the only thing that resolves it. It has been happening with increasing frequency. I concluded from my own troubleshooting that the 881W is failing intermittently. Global support had me do a hard reset and reactivation, which did not resolve the issue. A couple of weeks later, they loaded "new tar files" on the device. I don't know if that process updates the firmware or what. We went several weeks without further problems, but then a week ago Sunday, it looked like we had a hard failure of the device, but after power cycling 4 times it came up. Support finally agreed that it needs to be replaced and said to request a replacement from FM.
- johnshaw
- Senior Member
- Posts: 2273
- Joined: Fri Jan 19, 2007 1:55 pm
- Location: Syracuse, UT
Re: Problems with firewalls (YMMV)
This experience is similar to one I had in a meetinghouse where we positively identified a lightning strike on the device. Let's all make sure these things are protected.
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”
― Thomas Paine, Common Sense
― Thomas Paine, Common Sense
-
- Senior Member
- Posts: 760
- Joined: Fri Jan 19, 2007 6:28 pm
Re: Problems with firewalls (YMMV)
In an ideal world each meetinghouse would have good lightning protection (I've lost an organ, various components of sound systems and other electrical thingies in the meetinghouses) that would include whole-building surge protection, and verified good grounding (with all grounds bonded together) but such things are low priority in the budgeting things. In this case the equipment was plugged into protection (real protection, not just an outlet multiplier) but the surge got in somehow (telephone lines, possibly) and appeared to cause trouble through induction rather than a direct surge down the line.
At some point there are going to be major problems - I haven't seen a single building hardened against the known risk of another Carrington Event, with said event being inevitable (though the current risk window is rapidly closing).
At some point there are going to be major problems - I haven't seen a single building hardened against the known risk of another Carrington Event, with said event being inevitable (though the current risk window is rapidly closing).
-
- Senior Member
- Posts: 760
- Joined: Fri Jan 19, 2007 6:28 pm
Re: Problems with firewalls (YMMV)
The engineering people have reportedly fixed the scripting bug that was preventing firewalls from being re-registered (I was apparently not the only one with this issue) so everything should be working now.
-
- Member
- Posts: 257
- Joined: Tue May 15, 2012 8:20 pm
Re: Problems with firewalls (YMMV)
I received the same phone call about the scripting being fixed for re-registering.
Roland