familysearch indexing through Cisco ASA 5505 Firewall

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet

Moderators: MarchantRR, SheffieldTR

familysearch indexing through Cisco ASA 5505 Firewall

#1Postby pricer » Mon Aug 31, 2009 8:53 pm

Not sure where to post this problem so I will try this Forum. When accessing the www.familysearchindexing.org web site from our ward buildings with my notebook or other computers through the Cisco ASA 5505 routers, 1 building works fine, in 2 other buildings I get the login screen, but after entering the user name and password, I get a "Server not found" error or just a blank screen. My notebook works fine at home and at 1 out of 3 ward buildings. All buildings use the same internet provider and have extended access for the Cisco router. I am connected by a wired connection to the router. I have tried reloading the Java and different web browsers. . All other web sites work, example google, lds.org, etc. Thanks in advance for any comments or help
pricer
New Member
 
Posts: 17
Joined: Thu May 08, 2008 2:25 pm

#2Postby russellhltn » Tue Sep 01, 2009 2:23 am

I would suggest having the Stake Technology Specialist call the Global Services Desk and have them look into the situation. It seems to me that one building is not set up like the others for some reason.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.
russellhltn
Community Administrator
 
Posts: 15319
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Level of Router Access FamilySearchIndexing site update

#3Postby pricer » Wed Sep 02, 2009 8:09 pm

I talked to a informed technician at the Global Service Center and received the following information today. There are 3 levels of access through the ASA5505 firewall. LDS.org only, Extended Access and General Access. Indexing through the familysearchindexing.org site requires General Access and requires a Stake President's approval. General Access is usually granted to family history centers.
pricer
New Member
 
Posts: 17
Joined: Thu May 08, 2008 2:25 pm

#4Postby jdlessley » Wed Sep 02, 2009 8:30 pm

pricer wrote:I talked to a informed technician at the Global Service Center and received the following information today. There are 3 levels of access through the ASA5505 firewall. LDS.org only, Extended Access and General Access. Indexing through the familysearchindexing.org site requires General Access and requires a Stake President's approval. General Access is usually granted to family history centers.
What the tech said was mostly correct. What he called LDS.org only is Restricted Access. He should have said that only Church sponsored websites could be accessed. More information on the first two levels of filtering are available at the LDSTech Wiki article Meetinghouse Internet. Not mentioned in that article is the General Access level of filtering. Which level of filtering is to be used is the decision of the stake president. Getting General Access will require the stake technology specialist to counsel with the stake president about using this level of filtering. If the stake president wants to use General Access filtering then the STS can contact the Global Service Center and have them make that change.

There are occassional problems encountered when accessing certain websites that use one server for the public portion and then take you to another server for the secure pages. Even though you can access the unsecure part of the indexing site, the login and actual indexing is through a secure site.

The best solution is to use the General Access level of filtering to get access to the indexing site.
JD Lessley
Have you tried finding your answer on the LDS.org RKATS page or the LDSTech wiki?
jdlessley
Community Moderators
 
Posts: 5775
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Thanks to all for your input and help

#5Postby pricer » Thu Sep 03, 2009 9:07 pm

Just a note of thanks for the input on this problem. I can confirm the general firewall access is needed for indexing at this time. Indexing at the familyseachindexing.org site should be done in the home. We are using the internet in the wards and stake center for training on how to index. We have made a goal in our stake in August of 1 millions names by the end of year with 230,000 done so far. I hope other wards and stakes will join us in learning and doing indexing. Indexing is open to all, not just people of the LDS faith. Try it, it is fun, interesting, and spirit lifting!


jdlessley wrote:What the tech said was mostly correct. What he called LDS.org only is Restricted Access. He should have said that only Church sponsored websites could be accessed. More information on the first two levels of filtering are available at the LDSTech Wiki article Meetinghouse Internet. Not mentioned in that article is the General Access level of filtering. Which level of filtering is to be used is the decision of the stake president. Getting General Access will require the stake technology specialist to counsel with the stake president about using this level of filtering. If the stake president wants to use General Access filtering then the STS can contact the Global Service Center and have them make that change.

There are occassional problems encountered when accessing certain websites that use one server for the public portion and then take you to another server for the secure pages. Even though you can access the unsecure part of the indexing site, the login and actual indexing is through a secure site.

The best solution is to use the General Access level of filtering to get access to the indexing site.
pricer
New Member
 
Posts: 17
Joined: Thu May 08, 2008 2:25 pm

FS Indexing via meetinghouse internet - WHY does it not work for all security levels?

#6Postby genman99-p40 » Sat Jan 16, 2010 7:01 pm

I understand that LDSAccess firewall has an option of one of three levels of security filter settings:
1) "LDS Restricted Acess" - Only allows access only to church sites and web-mail sites
2) "LDS Extended Access" - More open, but blocks known inappropriate material
3) "General Access" - More open yet, but still blocks known inappropriate material

I also understand from this thread that at the current time the "General Access" router setting is required in order to use FamilySearch Indexing via meetinghouse internet.

My question is "Why?" Why can't the Global Service Center (GSC) fix/tweak the other two filter setting levels to also allow secure access to the Church's indexing server? Even for "LDS Restricted Access" router settings level, what is the technical reason why they cannot unblock access to indexing.familysearch.org for both the public portion and the secure pages? When is this going to be fixed for all security setting levels? Has a problem report been written? What is the ETA for the fix?
genman99-p40
New Member
 
Posts: 9
Joined: Sat Jan 16, 2010 5:09 pm
Location: USA

#7Postby jdlessley » Sun Jan 17, 2010 8:47 am

genman99 wrote:IWhy can't the Global Service Center (GSC) fix/tweak the other two filter setting levels to also allow secure access to the Church's indexing server?
The firewall filtering is done through a service called Websense. Changes in the levels of filtering are done by Websense. Each level of filtering Websense provides for the Church is through website categorization. You can see a list of the current categories at the Websense URL Categories page. The Global Service Center cannot change the categories for filtering levels. We can submit requests to Websense to have websites considered for inclusion or removal from a category. This is done by sending an email to: suggest@websense.com.

There have been others who have expressed the same concerns as you about accessing the indexing site and other genealogy sites using the LDS Restricted Access filtering level. For the most part the answer has been to use the General Access filtering level for genealogy work.
JD Lessley
Have you tried finding your answer on the LDS.org RKATS page or the LDSTech wiki?
jdlessley
Community Moderators
 
Posts: 5775
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

RE: Indexing via meetinghse internet - WHY does it not work for all security levels?

#8Postby genman99-p40 » Sun Jan 17, 2010 10:57 am

jdlessley wrote:There have been others who have expressed the same concerns as you about accessing the indexing site and other genealogy sites using the LDS Restricted Access filtering level. For the most part the answer is has been to use the General Access filtering level for genealogy work.


Since FS Indexing is growing exponentially and FS Indexing is something that is just as likely to be done at a regular meetinghouse as at a Family History Center meetinghouse, then that means over time all of the meetinghouses will migrate to the "General Access" level and not many will be left on the "LDS Restricted" and "LDS Extended" levels. Maybe that's okay. If that's not okay, then someone needs to get Websense to fix the bug; I'm sure they have heard about it by now.

Thank you so much for this forum and for this thread and for all the helpful feedback. Good info.
genman99-p40
New Member
 
Posts: 9
Joined: Sat Jan 16, 2010 5:09 pm
Location: USA

RE: Indexing via meetinghse internet - Problem Report Submitted

#9Postby genman99-p40 » Sun Jan 17, 2010 5:42 pm

FYI. In case nobody else has done it, I went ahead just now and sent the following email to Websense at suggest@websense.com:
LDSAccess Problem Report

Websense representative:

I understand that Websense manages the firewall filter settings for LDSAccess used for meetinghouse internet access throughout the various local buildings for The Church of Jesus Christ of Latter-day Saints. Is that correct? My understanding is that there are three levels of security filter settings for LDSAccess:

1) "LDS Restricted Access" - Only allows access to LDS Church sites and web-mail sites
2) "LDS Extended Access" - More open, but blocks known inappropriate material
3) "General Access" - More open yet, but still blocks known inappropriate material

Many people have experienced problems of being blocked when going to the LDS website for FamilySearch Indexing. Getting to the Indexing site should be something that should work for all three security levels since it is an LDS Church site. It currently is only working for the "General Access" level.

Please resolve this problem and allow Indexing to work for LDS Restricted Access and LDS Extended Access levels. The following is the website, and the problem occurs after trying to Sign In (upper right):

http://indexing.familysearch.org

Has a problem report been written for this problem? If not, please write one. When will it be resolved and pushed out to the firewall routers in all of the LDS Church buildings?

Thanks.
genman99-p40
New Member
 
Posts: 9
Joined: Sat Jan 16, 2010 5:09 pm
Location: USA

#10Postby aebrown » Sun Jan 17, 2010 6:46 pm

genman99 wrote:I understand that Websense manages the firewall filter settings for LDSAccess used for meetinghouse internet access throughout the various local buildings for The Church of Jesus Christ of Latter-day Saints.


I should have noted this earlier in the thread, but the term "LDSAccess" has nothing to do with this issue. You are dealing with the Internet filtering on the Church-managed firewall (either a Cisco PIX or ASA). The term "LDSAccess" is related only to the optional wireless security profile used for official CCN Internet connections. The filtering issue you are reporting would exist for either Church-managed firewall, regardless of the existence of any wireless access.

People often think because there is a filtering level called "LDS Restricted Access" and another called "LDS Extended Access" that this is somehow related to the wireless profile "LDSAccess." It is not. The only connection is the words "LDS" and "Access" and the fact that they are in the realm of meetinghouse networks.

So when you start communicating with entities such as Websense or the Global Service Desk, it's good to keep the terminology straight so that it will be clear what you are talking about.
User avatar
aebrown
Community Administrator
 
Posts: 13371
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Next

Return to Meetinghouse Internet

Who is online

Users browsing this forum: Yahoo [Bot] and 0 guests