Make absolutely positively sure that you have access to an internet connected machine that has a serial port (or buy a serial/USB interface and carry it around with you) when upgrading the firewalls. On Wednesday last I attempted to activate the new box and received an error message regarding a problem with licensing. GSD had me do the usual hard reset then attempted to reimage the device as it had been shipped with the configuration dated from last spring. The scripting failed and the box was refusing to accept commands.
To fix I had to temporarily enable the AT&T Uverse wireless, move the firewall downstairs and connect to one of the admin desktops, establish a team viewer connection and allow GSD to reimage the device with putty. Then move the firewall back into the attic, reconfigure the 2-wire box to kill the wireless and start the activation process again from scratch.
I asked why the firewalls are being shipped with serial console cables when essentially zero laptops in the wild these days have them and was told that they never asked Cisco to start sending USB console cables with the boxes and it didn't appear that anybody had the problem on their radar.
With the new requirement (de facto policy I am told) prohibiting the firewalls from being located in the clerks' offices the past use of the serial ports on the admin machines is much more difficult. (Do the new machines come with serial ports?) Troubleshooting is more likely to be done in a closet somewhere, on a laptop, and since laptops no longer have serial ports this is going to happen more and more frequently.
Word of warning regarding new firewalls
-
- Senior Member
- Posts: 760
- Joined: Fri Jan 19, 2007 6:28 pm
-
- New Member
- Posts: 47
- Joined: Sun Mar 11, 2012 2:24 pm
As noted... this is a problem brought on by Cisco (really, they all make them that way) and not the Church.
None the less... it's good advice to have some sort of 'USB <--> Serial(RS-232)' adapter when working with enterprise class gear (albeit low end enterprise gear).
Most Network Engineers have a couple of these floating around their laptop bags. I use what Dell calls a "Legacy Port Extender" which snaps on the bottom of the laptop where the docking connector is. It works really well. But any more... only the "business" grade laptops even have a dock connector anymore
None the less... it's good advice to have some sort of 'USB <--> Serial(RS-232)' adapter when working with enterprise class gear (albeit low end enterprise gear).
Most Network Engineers have a couple of these floating around their laptop bags. I use what Dell calls a "Legacy Port Extender" which snaps on the bottom of the laptop where the docking connector is. It works really well. But any more... only the "business" grade laptops even have a dock connector anymore
-
- Community Moderators
- Posts: 9861
- Joined: Mon Mar 17, 2008 12:30 am
- Location: USA, TX
The report aclawson makes is recent. This is not necessarily brought on by Cisco as you describe. In the past the 881Ws shipped to units have been adequately configured for deployment by the Church. Why would the problem be brought on by Cisco if past units were properly configured for deployment?john84601 wrote:As noted... this is a problem brought on by Cisco (really, they all make them that way) and not the Church.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
- aebrown
- Community Administrator
- Posts: 15153
- Joined: Tue Nov 27, 2007 8:48 pm
- Location: Draper, Utah
I think aclawson is making a different point. He's not saying that the configuration problem was brought on by Cisco; rather he is saying that if there is a configuration problem that requires rescripting of the firewall using the console cable, the console cable is almost certainly unusable unless you have some additional hardware. The fact that Cisco continues to use a 9-pin serial connection for its console cables is indeed a decision made by Cisco that is incompatible with practically all current hardware.jdlessley wrote:The report aclawson makes is recent. This is not necessarily brought on by Cisco as you describe. In the past the 881Ws shipped to units have been adequately configured for deployment by the Church. Why would the problem be brought on by Cisco if past units were properly configured for deployment?
But a serial-USB converter is cheap (I got one for about $5 that works like a charm). I have used it with Putty (free) with GSC techs on about 10 different occasions to rescript our firewalls (we have a particularly flaky Pix 501 which finally died two days ago, so I got to work through this process many times). I certainly agree with the advice to have such a converter on hand.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
-
- Community Moderators
- Posts: 9861
- Joined: Mon Mar 17, 2008 12:30 am
- Location: USA, TX
Thanks for the clarification Alan. I most definitely misunderstood to what john84601 was referring in his first sentence.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
- johnshaw
- Senior Member
- Posts: 2273
- Joined: Fri Jan 19, 2007 1:55 pm
- Location: Syracuse, UT
Just another note, this is the same for old firewalls and new firewalls. If you are an STS, make sure you have a serial port, or a USB --> serial port available. It might be good to start a list of good USB to Serial converters, I have had several that just did not work well for me. I tend to carry round an old laptop as a backup for this reason.....