Difference between FHCs and Meetinghouse Internet?

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
kalebpederson
New Member
Posts: 32
Joined: Tue Jul 31, 2007 10:16 pm

Difference between FHCs and Meetinghouse Internet?

#1

Post by kalebpederson »

Our stake center has had internet access for quite some time since it was needed for our family history center. We had a PIX installed and the building was wired with CAT-5 cable at that time. If I understand correctly, we were among the first to have one of the PIXs and the internet filtering at that time was nearly unusable. Although I no longer have access to the PIX, I believe that part of the security restrictions were bypassed and that we have full access to the Internet.

What are the differences between the above setup and the Meetinghouse Internet? I can get to gambling.com, which I suppose is a valid test indicating that our PIX is not configured correctly, can anybody confirm this? Lastly, can anybody fill me in on sufficient details so I can keep following up until this is configured correctly.

Thanks.

--Kpederson
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#2

Post by aebrown »

kpederson wrote:Our stake center has had internet access for quite some time since it was needed for our family history center. We had a PIX installed and the building was wired with CAT-5 cable at that time. If I understand correctly, we were among the first to have one of the PIXs and the internet filtering at that time was nearly unusable. Although I no longer have access to the PIX, I believe that part of the security restrictions were bypassed and that we have full access to the Internet.

What are the differences between the above setup and the Meetinghouse Internet? I can get to gambling.com, which I suppose is a valid test indicating that our PIX is not configured correctly, can anybody confirm this? Lastly, can anybody fill me in on sufficient details so I can keep following up until this is configured correctly.
Church policy requires that a firewall be installed and functioning for all Church computers connected to the Internet, whether in a FHC (typically using a PIX) or under the Meetinghouse Internet program (typically using an ASA firewall). This policy is for the protection of all users of these computers, the local leaders, and the Church.

Configuring the networking properly is the responsibility of the Stake Technology Specialist -- I don't know if that is your role or not. In any case, the STS should check out the network and make sure that the firewall is properly positioned between the cable/DSL modem and any computers. If not, the cabling should be adjusted to make that true. If the firewall is in the correct position, but is not providing filtering (and yes, trying to access gambling.com is a reasonable test for that), then that must mean that the firewall has been reconfigured locally in a way that disables the Church's standard filtering configuration. In that case, the STS should work with the Global Service Desk to get the firewall properly configured.
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#3

Post by russellhltn »

kpederson wrote:If I understand correctly, we were among the first to have one of the PIXs and the internet filtering at that time was nearly unusable.
While I've had a few run-ins with the firewall, it's never been serious. (And I've had the device before the PIX.) I've never felt that it was unreasonable. What kind of problems were you having?

As Alan stated, it's against policy to bypass the firewall.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
kalebpederson
New Member
Posts: 32
Joined: Tue Jul 31, 2007 10:16 pm

#4

Post by kalebpederson »

RussellHltn wrote:While I've had a few run-ins with the firewall, it's never been serious. (And I've had the device before the PIX.) I've never felt that it was unreasonable. What kind of problems were you having?
We contacted them and they indicated that the machines doing the filtering were running way beyond capacity. Hence, they were working correctly but not able to keep up.

--Kpederson
kalebpederson
New Member
Posts: 32
Joined: Tue Jul 31, 2007 10:16 pm

#5

Post by kalebpederson »

Alan_Brown wrote: Configuring the networking properly is the responsibility of the Stake Technology Specialist -- I don't know if that is your role or not. In any case, the STS should check out the network and make sure that the firewall is properly positioned between the cable/DSL modem and any computers.
It's physically positioned correctly and handing out the private IPs / DNS information as it should. I believe that the filtering was disabled or an all-encompassing whitelist was dropped in. I'll follow up with our STS and stake president again.

Thanks.

--Kpederson
jdlessley
Community Moderators
Posts: 9858
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#6

Post by jdlessley »

kpederson wrote:It's physically positioned correctly and handing out the private IPs / DNS information as it should. I believe that the filtering was disabled or an all-encompassing whitelist was dropped in. I'll follow up with our STS and stake president again.

Thanks.

--Kpederson
??????????? If the Church provided firewall was correctly installed there should be no access to it to disable the filtering or to add a whitelist. All of that is managed by a third party system called WebSense. The only thing someone besides the GSD can do is bypass the device. Of course I am ruling out the possibility that someone has hacked the device.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
kalebpederson
New Member
Posts: 32
Joined: Tue Jul 31, 2007 10:16 pm

#7

Post by kalebpederson »

jdlessley wrote:??????????? If the Church provided firewall was correctly installed there should be no access to it to disable the filtering or to add a whitelist. All of that is managed by a third party system called WebSense. The only thing someone besides the GSD can do is bypass the device. Of course I am ruling out the possibility that someone has hacked the device.
The stake technology specialists, which included myself at the time, were provided instructions that included the enable password for the PIX. So we did have full access to change it, including the remote management features. As I was released shortly thereafter, I'm not sure to what extent its configuration may have been changed.

--Kpederson
jdlessley
Community Moderators
Posts: 9858
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#8

Post by jdlessley »

kpederson wrote:The stake technology specialists, which included myself at the time, were provided instructions that included the enable password for the PIX. So we did have full access to change it, including the remote management features. As I was released shortly thereafter, I'm not sure to what extent its configuration may have been changed.

--Kpederson
Some time ago units had the option of selecting the default failure mode of the filtering software of the PIX for internet access to either "full access" or "no access". That has been standardized to "no access". It is possible your PIX is set to "full access".

The best course of action is for the stake technology specialist to contact the GSD and have them check the configuration of the PIX. Even if someone has the capability to reconfigure the PIX (has the password) the management of the PIX is done at Church headquarters for a variety of reasons.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
elgaucho-p40
New Member
Posts: 1
Joined: Tue Apr 28, 2009 4:20 pm
Location: Sherwood, OR, USA

#9

Post by elgaucho-p40 »

When trying to login to http://new.familysearch.org I am blocked by the firewall. The regular familysearch.org site works fine as does the lds.org main site. Who is the right person to talk to in order to have new.familysearch.org whitelisted?
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#10

Post by aebrown »

elgaucho wrote:When trying to login to http://new.familysearch.org I am blocked by the firewall. The regular familysearch.org site works fine as does the lds.org main site. Who is the right person to talk to in order to have new.familysearch.org whitelisted?
The Stake Technology Specialist is responsible for all such issues in the stake. He should know what type of firewall is installed with what filtering level. He can consult with the Global Service Desk regarding specific problems.
Post Reply

Return to “Meetinghouse Internet”