The Meetinghouse Firewall is the most important component for secure, filtered Meetinghouse Internet. The firewall blocks malicious users on the Internet from accessing meetinghouse computers. It also prevents users from accessing inappropriate sites on the Internet. Church policy states that meetinghouse Internet must be filtered through an approved Meetinghouse Firewall.
Facility Management (FM) groups are responsible for ordering and installing meetinghouse firewalls correctly. Installation may be delegated to technology specialists.
Technology specialists are responsible for making sure that the meetinghouse firewall remains in place, remains properly configured, and does not get bypassed. It is recommended that firewalls be checked at least quarterly.
Proper firewall function can be checked by following the steps on the Meetinghouse Internet Filter Check article.
The Standard Meetinghouse Firewall v2 hardware configuration was deployed worldwide starting in 2017. Approved devices for this configuration type include:
- Meraki MX64 Cloud Managed Security Appliance
Available meetinghouse firewall features associated with the Standard Meetinghouse Firewall v2 configuration include:
- Simplified Self-Activation through Technology Manager (tm.lds.org).
- Facility Zone for Internet Enabled Appliances (click here for details).
- Special Purpose Zone for Family History Centers and other non-meetinghouse applications.
- Church approved Internet Content Filtering.
- Advanced Troubleshooting Resources and Tools for the Global Service Center.
- Improved Network Management and Reporting Tools.
Meraki MX64 Hardware Features:
- Gigabit ethernet LAN interfaces.
- Increased maximum internet throughput up to 250Mbps.
- Cellular USB WAN interface.
Note: The Standard Meetinghouse Firewall v2 should not be installed in PCI-compliant locations where credit cards are used.
The Meetinghouse Firewall must be situated between the Internet service provider (ISP) modem and all devices on the meetinghouse network. No device other than the Meetinghouse Firewall should ever connect directly to the ISP modem. Wireless capabilities on ISP modems must be disabled.
Facility managers make the final decisions regarding placement of meetinghouse firewalls. The following should be considered in determining where to place the firewall:
- Secure Location: Firewalls and ISP modems should be placed in secure areas that do not get a lot of traffic. Avoid locations where people have easy access to bypass the firewall. Attics, drop ceilings, and lockable closets are preferred (unless the attic gets too hot).
- Good Operating Environment: Avoid locations that restrict airflow, or those that reach temperatures outside of the operating range of the firewall (32°F to 104°F / 0°C to 40°C).
- Port Accessibility: The ports and the status lights on the ISP modem and the firewall should be easy to access and view, so that the stake technology specialist and facility management group can troubleshoot problems and verify connections.
- Close to ISP: The meetinghouse firewall is usually placed near the ISP termination point (the demarcation point) and where the network is distributed to the rest of the building. The meetinghouse firewall can be placed on a shelf or surface-mounted to a wall or ceiling.
Once a meetinghouse has Internet service and a firewall, the challenge becomes how to extend Internet access to the rest of the building. Networking Overview for the meetinghouse includes information on doing this task.