This will be our 3rd generation of firewall. I'm not sure of the need to replace them all again, but obviously the church does. Also, they specifically mention "TM-managed firewalls". I wonder if this will impact the TM tools we've grown to love.The Church is initiating a project to replace the internet firewalls that are managed by Technology Manager in all areas beginning in 2017. We will need you, the local FM, or a qualified technician to replace the existing Cisco 881/891 firewalls at facilities with internet services.
Cisco 800 Series firewalls to be replaced
- Mikerowaved
- Community Moderators
- Posts: 4734
- Joined: Sun Dec 23, 2007 12:56 am
- Location: Layton, UT
Cisco 800 Series firewalls to be replaced
I just got an email forwarded from my FM Group that states all the Cisco 881/891 firewalls will be replaced with new models. Here's the part that applies to us:
So we can better help you, please edit your Profile to include your general location.
-
- Community Administrator
- Posts: 34421
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Cisco 800 Series firewalls to be replaced
"We will need you, the local FM, or a qualified technician ...."
Sounds like they're not planning on going though the STS for this.
Sounds like they're not planning on going though the STS for this.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Senior Member
- Posts: 3907
- Joined: Mon Sep 24, 2007 9:17 am
- Location: Cumming, GA, USA
Re: Cisco 800 Series firewalls to be replaced
One of the church employees indicated that they are going out of warranty and that they had to be replaced.Mikerowaved wrote:I'm not sure of the need to replace them all again, but obviously the church does.
- Mikerowaved
- Community Moderators
- Posts: 4734
- Joined: Sun Dec 23, 2007 12:56 am
- Location: Layton, UT
Re: Cisco 800 Series firewalls to be replaced
That part boggles me. If a firewall is out of warranty and in need of repair, then simply replace it then. There has to be some other reason(s) that we're not privy to (yet).eblood66 wrote:One of the church employees indicated that they are going out of warranty and that they had to be replaced.
So we can better help you, please edit your Profile to include your general location.
-
- Community Administrator
- Posts: 34421
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Cisco 800 Series firewalls to be replaced
I don't think it's warranty, but end-of-life. Same reason we're not running WinXP anymore. Since these connect to the "big bad internet" you don't want to be running one when the software updates end.Mikerowaved wrote:That part boggles me. If a firewall is out of warranty and in need of repair, then simply replace it then. There has to be some other reason(s) that we're not privy to (yet).
I tried Googling around, and found a page where "select" 881 models stopped receiving software updates back in 2015. I couldn't find a date for end of security updates.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Community Administrator
- Posts: 34421
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Cisco 800 Series firewalls to be replaced
If the Help Center is any indication, we'll be switching to a C881 or C891F model.
The switch out seems to involve updating the firmware via USB, so perhaps CHQ isn't so keen on STSs doing the work. I get the sense that some STSs are called as a area of responsibility (much like a High Council calling) rather then based technical prowess.
The switch out seems to involve updating the firmware via USB, so perhaps CHQ isn't so keen on STSs doing the work. I get the sense that some STSs are called as a area of responsibility (much like a High Council calling) rather then based technical prowess.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Senior Member
- Posts: 501
- Joined: Thu Jan 03, 2008 7:52 pm
Re: Cisco 800 Series firewalls to be replaced
I would expect that this is the reason that they are being replaced. http://www.cisco.com/c/en/us/products/c ... 30681.html
I also think that the church can get a bulk discount price for purchasing so many at one time instead of purchasing them piece meal. It is also called a life cycle upgrade and all companies have to do it at some point. They can't let equipment just die. I know that the church isn't like that, but support for the systems can be important.
Just my thoughts.
I also think that the church can get a bulk discount price for purchasing so many at one time instead of purchasing them piece meal. It is also called a life cycle upgrade and all companies have to do it at some point. They can't let equipment just die. I know that the church isn't like that, but support for the systems can be important.
Just my thoughts.
- Mikerowaved
- Community Moderators
- Posts: 4734
- Joined: Sun Dec 23, 2007 12:56 am
- Location: Layton, UT
Re: Cisco 800 Series firewalls to be replaced
Makes more sense to me. Thanks for everyone's input. I recall now seeing reports in the forum starting about 2 1/2 years ago that CHQ had started using the C881's.
I saw in the Cisco forum HERE a person describing the CPU in the C881 as "much more powerful" and went on to say that in his application, the first generation [881] was running at around 80% to 90% CPU utilization. The second generation [C881] doing the same task was under 10%. Of course, YMMV, but it seems like the new firewalls will be more than just a minor step forward. They also have twice the flash area (256MB vs 128MB on the 881).
This guy has a pretty good side-by-side comparison of the old and new 800 models (neither with WiFi), with pics inside and out.
I saw in the Cisco forum HERE a person describing the CPU in the C881 as "much more powerful" and went on to say that in his application, the first generation [881] was running at around 80% to 90% CPU utilization. The second generation [C881] doing the same task was under 10%. Of course, YMMV, but it seems like the new firewalls will be more than just a minor step forward. They also have twice the flash area (256MB vs 128MB on the 881).
This guy has a pretty good side-by-side comparison of the old and new 800 models (neither with WiFi), with pics inside and out.
So we can better help you, please edit your Profile to include your general location.
-
- Member
- Posts: 100
- Joined: Thu Aug 12, 2010 12:30 pm
- Location: Henderson, NV USA
Re: Cisco 800 Series firewalls to be replaced
I get the feeling this is a dumb question but... Can we expect better WiFi performance for end users with the C881? For example, each week my stake brings in youth from different wards to teach and experience family history work (Familysearch.com, Ancestry.com Etc.) However,Mikerowaved wrote:the CPU in the C881 as "much more powerful" and went on to say that in his application, the first generation [881] was running at around 80% to 90% CPU utilization. The second generation [C881] doing the same task was under 10%. Of course, YMMV, but it seems like the new firewalls will be more than just a minor step forward. They also have twice the flash area (256MB vs 128MB on the 881).
- Despite having seen a 20 fold increase in internet speed (5Mb/768Kb to 100Mb/20Mb)
Despite having the wireless access point across the hall
Despite confirming nearly all 100Mb through the firewall
-
- Church Employee
- Posts: 69
- Joined: Mon Dec 23, 2013 1:54 pm
Re: Cisco 800 Series firewalls to be replaced
TM will still be managing all meetinghouse firewalls. We will be moving to Meraki firewalls, APs, and switches (although optional). We will be replacing all 881 (881W, C881W, C881, etc.) and 891 models in all meetinghouses throughout the world. This will standardize all meetinghouse firewalls increasing security and improving support. We've been testing on a few PILOT locations with a full Meraki stack (Meraki firewall, Meraki APs, and Meraki switches) and have been given really good feedback on reliability of the network vs. the older Cisco equipment. In certain circumstances, noticeably improved speeds.Mikerowaved wrote: Also, they specifically mention "TM-managed firewalls". I wonder if this will impact the TM tools we've grown to love.
The project, however, only includes a Meraki firewall (to replace the existing Cisco firewall) and possibly one Meraki AP if certain criteria is met (ex: firewall was a main source of Wifi, meaning the only or one of few wireless APs in a building). Existing Cisco APs will still be supported alongside the new Meraki APs, to the best of our ability. We call it a "hybrid" environment. One of the goals is to eventually only have Meraki APs (being replaced as necessary). This will mean that the Church will only have Meraki APs available for purchase/replacement in the near future.
A new update to TM will be released soon (look for the official announcement coming soon) to allow the ability to activate new Meraki devices (new network) and to replace existing Cisco firewalls. As stated above, soon only Meraki APs will be available for purchase/replacement. Because of this TM will allow you to add Meraki APs to a Cisco firewall to create a "hybrid" environment. When the firewall is replaced, all APs (Meraki and Cisco) will automatically migrate to the new Meraki firewall. You may also notice a small reduction of features when managing a Meraki firewall due to current limitations. One of the biggest is the lack of usage statistics for the new Meraki firewalls. This is temporary. We hope to provide meaningful usage statistics in the future.