fortinet success stories...operating under the brand “3”, hwl is paving the way for 3g...

FORTINET SUCCESS STORIES

www.fortinet.com

Fortinet Success Stories

FORTINET CASE STUDIES - EMEA EDITION

TELECOMMUNICATIONSH3GRSFR Business TeamSiemens Enterprise Communications

GOVERNMENTBlackpool CouncilCanton of JuraVFS

EDUCATIONHeanetInstituto de Salud Carlos IIIUAE

FINANCIAL SERVICESAsia Commercial BankHDFCAnonymous Financial Services Company

468

1012

14161820

22242628

30323436


Contents

RETAILMigrosRoche BrothersValvoline

MANUFACTURINGAAMHavells

OTHER SECTORSAmadeus HospitalityCanon IT SolutionsSodexho

38404244

464850

52545658


Telecommunications

Telco and service providers take advantage of Fortinet's carrier-grade platforms, complete suite of services and unique virtualization capabilities for high value security services


Hutchison 3G (H3G) Austria is one of the nine operative H3G companies belonging to the group Hutchison Whampoa Ltd (HWL), which employs over 230,000 employees throughout 57 countries. Operating under the brand “3”, HWL is paving the way for 3G communications being one of the first operators to introduce 3G services, offering a vast range of mobile media content. In Austria, the company is based in Vienna, employing 460 people and serving 773,000 subscribers.

Hutchison 3G AustriaFortinet secures 3G communications provider’s mobile messaging services

SituationHutchison 3G offers its subscribers a mobile service called “3’ unified mailbox”, which includes email, multimedia messaging services (MMS) and voice and video mail with access via the Internet, mobile browsing and native terminal clients. Those services require a guaranteed level of service, especially for voice and videomail access for which the operator commits to ensure a response time below one second for 95% of calls.

The ongoing quest to improve the quality of service to customers led H3G Austria to review their anti-spam security solution in 2008. The system in place, an add-on which was integrated into H3G Austria’s unified messaging architecture, had shown some limitations in terms of efficiency and flexibility.

The threat from spam was constant and would create bottlenecks on the back-end services, impacting the time taken to notify and access messages, or block incoming messages. Besides, the solution offered no possibility to secure MMS. So, when H3G Austria was informed that the system was no longer supported by its supplier, the operator looked for a replacement security solution that would provide both strong security levels and performance but would also be simple to integrate, operate and manage.

“From the customer perspective, it was important that the security solution would dramatically reduce spam and would also differentiate spam and real messages”, said Günther Fischer, Head of Products and Service Enabler, Hutchison 3G Austria.

“From the technical perspective, the challenge was the integration into a complex unified messaging architecture that contains time-critical components and therefore demands deep integration via standardized interfaces.”

Besides, with a typical rate of three infected emails per second, an effective solution for catching malicious content was essential to help ensure the high performance of the operator’s mail servers and maintain Service Level Agreements (SLAs). With a fast-growing volume of email traffic, H3G also needed a scalable solution.

SolutionWith all these requirements in mind, Hutchison sent out a global tender to evaluate several suppliers’ solutions both technically and commercially. After careful consideration, Fortinet’s FortiMail solution was retained as being the one that offered the most attractive ratio in terms of functionality, quality and price.

“One of the key features that we were looking for was the anti-virus/anti-spam support for H3G’s MMS server. We also needed a scalable solution capable of managing volumes of 50 emails per second and 24 multimedia messages/second at peak times and we wanted to keep operational efforts as low as possible. To complete the requirement list, we were also looking for a TCO of 3 years”, continues Günther Fischer.

6


“The Fortinet solution offered not only a flexible licensing model, but also the desired range of functionalities combined with ease of implementation”. FortiMail relays and filters inbound and outbound MMS (whether text or images) exchanged outside H3G: with other mobile operators or with the Internet. This improves the MMS center security by removing inappropriate content (spam MMS, infected MMS) and by preventing the MMS serverfrom being directly exposed to external networks. In addition, all outgoing emails initiated from the 3 email service go through FortiMail for spam and virus filtering.

At last, FortiMail performs inbound anti-spam/anti-virus protection both for H3G subscribers’ mailboxes and the corporate employees’ email accounts. Inbound messages are filtered by FortiMail before they reach the H3G internal messaging servers and thus ensure added security and Quality of Service (QoS), critical for profitability and service delivery success. Those two types of mail accounts are split in more than 700,000 subscriber accounts on drei.at and 500 employee’s company mailboxes on drei.com.

The flexible licensing model offered by Fortinet was also a key commercial incitement for H3G. “We have a very high number of mailboxes to secure, approximately 700,000. Today, security is a commodity for the end customer. They do not want to pay any extra for what they consider as standard so licensing per mailbox was not an option. Fortinet’s model of licensing per appliance is cost effective and very scalable”, continues Fischer.

Success After one year of deployment, H3G Austria is satisfied with its choice and the system is proving steady and reliable. In terms of management, the team spends approximately one hour a week.

“We have not counted the time saved by having only two appliances to manage, but if we compare to the former situation which was hosted on 10 Sun servers, the mathematics are simple”, states Fischer.

“The system also offers us greater flexibility for defining policies for each type of traffic”. In terms of rejection rate for email, this has decreased from 90% to 40% and FortiMail ensures an anti-spam catch rate close to 100% (99,91%). Fischer concludes, “Not only is the volume of traffic rising but with it, the complexity of malware with the presence of blended threats combining spam, viruses, worms and spyware. We needed an effective multi-layered solution that combined anti-virus, anti-spam and anti-spyware in one appliance. FortiMail met these performance requirements while providing ease of integration, use and management to our IT team which was essential as we do not have the time or resources to deploy and maintain separate point solutions”.

CHALLENGES• Replace existing anti-spam

solution to cope with some limitations in terms of efficiency and flexibility

OBJECTIVES

• Improve the quality of service to customers from H3G Austria, by reducing spam, differentiating spam and real messages and securing MMS

• Provide the anti/virus/anti-spam support for H3G’s MMS server

• Scalable solution capable of managing volumes of 50 mails/s and 24 multimedia messages/s at peak times

• Keep operational efforts as low as possible

DEPLOYMENT

FortiMail-2000A

INDUSTRY

Telecommunications

COUNTRY

Austria

"We have not counted the time saved by having only two appliances to manage, but if we compare to the former situation which was hosted on 10 Sun servers, the mathematics are simple.” Günther Fischer, Head of Products and Service Enabler

7


R is the fiber optics telecoms operator in Galicia, Spain. Using the most advanced technology, R has rolled out a powerful telecoms infrastructure with capacity to offer integrated telephone, Internet and TV services to any company and home in Galicia.

RFortinet’s solutions used as the cornerstone of the operator’snetwork security infrastructure and MSS offering

SituationR infrastructure supports 1,400 kilometers of cable that interconnects the main cities in Galicia, over 20,000 m2 in 1,600 technical centers distributed throughout the region and seven operation centers available 24 hours a day.

The security requirements of R and its customers, as well as the rapid technological evolution of the telecommunications industry led the Galician telco operator to look for replacing its eleven distributed Check Point firewalls by a new network security solution that would:

• Reduce the network and routing complexity as well as enable the centralization of its security systems

• Simplify management and provide visibility on security results through reports

• Provide high geographic availability and load balancing

• Increase performance and be capable of processing Gigabit traffic throughput

• Implement a scalable and flexible solution with support for new services, such as digital television, video on demand, next generation telephony networks, etc.

• Facilitate the integration of new security services at the application level including IPS, antispam, antivirus, URL Filtering and QoS

• Offer individual security solutions to customers using R’s datacenter services

In parallel, through its Centinela-R project, R wanted to provide CPE-based managed security services to its SME customers by offering comprehensive security management and monitoring, relieving its clients from the costs involved in the purchase of security equipment, renewals and upgrades, dedicated staff training, etc.

SolutionAfter a comprehensive analysis of the various security solutions in the market, R selected the FortiGate-5050 multi-threat security chassis for its main network security infrastructure. Comprehensive security, performance, virtualization, ATCA compliance and product certifications (ICSA, Common Criteria EAL 4+ and FIPS) were some of the criteria for which Fortinet’s solution was selected. Leveraging the virtualization technology provided by the FortiGate platform, R would provide independent security services for each one of its customers, separating the management of the virtual firewalls provided by the chassis. Four FortiGate-5050 chassis in total were deployed for the complete protection of R’s internal network, R’s customers in hosting and housing modes, and the security of its VoIP services. The Fortinet chassis would also fuel R’s portfolio of in-the-cloud security services offered to its business customers.

R subscribed to the FortiGuard Services to provide continuous updates of the FortiGate chassis and ensure the protection of the entire network.

8


CHALLENGES• Provide cost-effective

managed security services to SME customers including comprehensive security management and monitoring

• Replace its eleven distributed Check Point firewalls by a new network security solution

OBJECTIVES• Reduce network and routing

complexity and enable the centralization of security systems while simplifying management and provide visibility on security results

• Increase performance and be capable of processing Gigabit traffic throughput

• Implement a scalable, flexible solution with support for new services, such as digital television, video on demand, next generation telephony etc

DEPLOYMENTFortiGate-5050 ChassisFortiGate-60FortiWifi-60B

INDUSTRYTelecommunications

COUNTRYSpain

The Galician operator also rolled out a Security Operations Center (SOC) based on Fortinet’s management and reporting devices. FortiManager-400 offers centralized management of all its devices, minimizing administration costs, and FortiAnalyzer-800 provides intelligent analysis of the various security features by correlating events. For its CPE-based managed security services, R selected Fortinet’s FortiGate-60 and FortiWifi-60B multi-threat security appliances based on accelerated ASIC to enable real-time network protection. The first product is a high performance device that globally protects companies’ communications networks through a comprehensive suite of integrated security services. FortiWifi-60 allows R to provide antivirus, firewall, VPN and IPS/IDS to wireless networks, supporting multiple SSIDs (Service Set Identifiers). These additional access points allow R to offer wireless connectivity to SMEs while still controlling and securing network access. The advanced wireless security features of FortiWifi-60 include WEP, VPN IPSec encryption for WLAN connections, detection of unauthorized wireless access points and update ability in accordance with WPA protocols. Success R’s new security architecture, based on the Fortinet platform, offers high levels of scalability, performance, security and rollout flexibility. Fortinet’s consolidated network security platforms increased the security of the Galician’s fiber optic telecoms network overall, guaranteeing user

access to information without overloading network management and administration tasks.

In parallel, through its managed security services, R can secure its customers’ networks and business information, preventing unauthorized access that could cause major damage and losses in any company. R managed security services are flexible as they allow the definition of traffic or quality of service priorities depending on the specific requirements of each customer, as well as changing market conditions.

Finally, R gives visibility to its customers on the effectiveness of their security services, through access of information such as attacks received, viruses detected, most filtered content, traffic statistics, etc.

Overall, R’s value-added services has helped increase the trust of SMEs in the Internet, as many of them still look at new technologies with great skepticism and believe it is too insecure. Opting for R’s security managed services, SMEs have witnessed an increase in their employee productivity thanks to the reduction of network downtimes as well as the amount of spam and viruses ending up on their computers.

Thanks to its network security infrastructure and managed security services offering, R has managed to remain the telecoms operator of reference in Galicia.

9


SFR Business TeamLeading telco provider selects Fortinet’s technology as the cornerstone of its enterprise managed security services

Following the merger between SFR and Neuf Cegetel, SFR Business Team is now the largest alternative fixed and mobile operator in the French business market. Based on new technologies (VoIP, SIP, M2M, 3G+ mobile data), convergence and 300 “solutions” partners, SFR Business Team is positioned as the model operator, capable of releasing the full potential of businesses, from small businesses to multinational corporations, by offering them the most appropriate and scalable telecom solutions for their business.

SituationAs a subsidiary of Vivendi and the number one alternative telecommunications operator in Europe, SFR offers landline, mobile and Internet connectivity to over 26 million consumer and corporate subscribers.

As part of its strategy to offer new value-added services to its enterprise customers, SFR Business Team decided to introduce hosted managed security services that would provide a converged infrastructure for the complete protection of corporate networks, as well as their fixed and mobile (Wifi, 3G, ADSL) users, while simplifying deployment and maintenance.

For that, SFR Business Team wanted a vendor capable of providing a unified security platform to address end-to-end IT security, from the network to the endpoint.

Other key selection criteria included comprehensive suite of security functions; the unique virtualization capabilities; and key product features such as the IPSec VPN client integration.

“While the majority of enterprises depend on the Internet to conduct their business, many of them still don’t have the right IT resources and internal policies in place to ensure the security of their key IT assets,” said Pierre Pfister, VP Marketing at SFR Business Team.

SolutionAfter conducting a thorough analysis of the different security solutions available on the market, SFR Business Team selected Fortinet’s technology as the cornerstone of its SIS (Secure Internet Services) managed security services, designed for large enterprises (over 500 employees) and public organizations. Fortinet’s FortiGate integrated network security appliances and FortiClient endpoint software respectively serve as the technology platforms for SFR Business Team’s network and endpoint security offerings.

With Fortinet’s solutions fuelling its SIS services, SFR Business Team offers to corporate clients, who subscribed to its 9Connect high-speed Internet access or its 9ipnet MPLS VPN package, a complete range of security services including firewall, IPSec and SSL VPN, antivirus, intrusion prevention (IPS), Web filtering and anti-spam. SFR Business Team’s SIS Expert services give access to additional security functions such as DMZ connectivity and firewall redundancy.

To manage the security of its 9ipnet clients, SFR Business Team has deployed two FortiGate-5140 carrier-class security chassis in a virtualized mode on twelve FortiGate-5001-series blades, allowing them to manage thousands of customers from one hardware platform and isolate the security services offered to each customer. For large accounts subscribing to the 9ipnet service and 9Connect clients, SFR Business Team provides dedicated

10


FortiGate multi-threat security appliances, ranging from the ForitGate-110C to the FortiGate-3810A models, which are either hosted by SFR Business Team or deployed in a CPE mode.

SFR Business Team’s endpoint security is based on Fortinet’s FortiClient software, which provides a full range of threat protection for PCs and laptops, even when being used on insecure public networks. The integration with FortiGate allows SFR Business Team corporate clients to facilitate VPN (IPSec and SSL) for remote users, enhance WAN optimization to accelerate performance, and extend network security policies to the endpoints.

SFR Business Team also selected Fortinet’s FortiAnalyzer appliance to power their Web portal, from which customers can access reports on network usage and attempted attacks.

Success “SFR Business Team targets those enterprises with a security strategy based on a fixed-mobile convergence approach. With Fortinet, we can deliver that vision to our customers, who benefit from consolidated security, based on a single technology and a unified environment from the network to the end-user. With our solution, they enjoy maximum security and minimal complexity.” says Pierre Pfister.

"With Fortinet, our customers benefit from consolidated security, based on a single technology and a unified environment from the network to the end-user. With our solution, they enjoy maximum security and minimal complexity.” Pierre Pfister, VP Marketing

CHALLENGES• Offer new managed security

services to enterprise customers to provide a converged infrastructure for complete protection and simplified deployment/maintenance

• Provide a unified security platform to address end-to-end IT security, from the network to the endpoint

OBJECTIVES• Provide a complete range of

security services including firewall, IPSec and SSL VPN, antivirus, intrusion prevention (IPS), Web filtering and anti-spam

• Manage thousands of customers from one hardware platform and isolate the security services offered to each customer

• Provide a full range of threat protection for PCs and laptops, even when being used on insecure public networks

DEPLOYMENT2 x FortiGate-514012 x FortiGate 5001 Series BladesFortiGate-110CFortiGate-3810A

INDUSTRYTelecommunications

COUNTRYFrance

11


As a provider of voice and communications solutions with more than 10,000 employees in 90 countries worldwide, Siemens Enterprise Communications offers easy-to-implement, reliable and secure Unified Communications (UC) solutions to its customers. These are supported by the OpenScale service offering, providing high-level enterprise-class managed services options for customers’ internal infrastructures.

Siemens Enterprise CommunicationsFortinet protects OpenScape cloud services

SituationMore recently, Siemens Enterprise Communications has started to offer, through its partners, the voice and UC services as ‘OpenScape Cloud Services’ to customers using a public cloud. In order to do so, the company had to develop and set up secure and reliable IT and communications infrastructures as well as high-availability data centers in Germany and the US. The provider’s requirements were high in terms of security and reliability, guaranteed system stability as well as adequately dimensioned performance and scalability. In parallel, the security solution needed to support voice, unified communications and application data.

Another challenge for the cloud-based communication services of Siemens Enterprise Communications was to also meet the high service level requirements of its customers.

Frank Semmler, Head of Solution Management Security at Siemens Enterprise Communications explained: “When choosing the right solution, it was crucial to meet the service reliability requirements of our customers. In the event of a failure, our client must be ensured that day-to-day business can be resumed without interruption, in the shortest time. This explains the reason for our requirements on the UC Firewall being so high.”

As Siemens Enterprise Communications already had a long track record of using Fortinet’s security solutions successfully within the data environment

of enterprise customers, the evaluation of the Fortinet appliances made perfect sense: “The decisive factor was Fortinet’s outstanding success in the preceding tests and the cooperation with Fortinet got off to a good start quickly,” said Frank Semmler. “Also Fortinet’s expertise in the provider and carrier sector, in addition to the personal support contributed to our decision. On a technical level, it was necessary to ensure that the new solution could actually function in compliance with the SIP standard and support all the voice and UC application functionalities, such as telephone-related functions, without impairing the performance or reliability of the communications solution.”

SolutionIn Germany and in the US, Siemens Enterprise Communications deployed multiple clusters of FortiGate-1240B network security appliances for high availability, ensuring the reliable protection and controlled accessibility of its data centers. The FortiGate clusters act as central firewalls for the cloud service. Over the coming years, several hundred thousands users of numerous customers will be connected through these either directly or indirectly. The clusters must therefore guarantee secure and reliable communication services.

For communication projects, Siemens Enterprise Communications requested high-performance design of their ‘’UC Firewall’ solution, which is based on three Fortinet hardware platforms: the

12


FortiGate-310B, FortiGate-620B and FortiGate-1240B appliances. With all FortiGate models (from the FortiGate-200B upwards) being compatible and suitable for this application, the provider can provide the right solution to meet every architecture requirement, irrespective of the size of the customer or project. The fact that the same software runs on every Fortinet platform simplifies the integration and configuration of each customer-specific hardware unit, as well as the management of the FortiGate appliances.

While Siemens Enterprise Communications already fully exploits all the extensive functions of Fortinet’s UTM solutions for its customers within the data area, the provider primarily uses the firewall and IPS features for its OpenScape secure cloud services. However, the scalability of the FortiGate appliances makes it possible to extend the cloud solution from a functional perspective and according to future demand. Functionality extension can be done on appliances already deployed: “This enables us to extend security within the scope of the OpenScape Cloud Services flexibly and, as such, also satisfy the future high expectations of our customers with regards to a secure cloud service,” commented Semmler.

Success The Fortinet appliances allow the secure integration of Siemens Enterprise Communications solutions into a customer mixed infrastructure, with the new UC Firewall equally supporting

data application, voice and UC traffic. “This will allow us to cater to customers’ specific security requirements more effectively,” added Semmler.

Thanks to the high performance of Fortinet’s appliances used, Siemens Enterprise Communications can meet all mid- and long-term operating requirements, including high loads during peak periods and possible disruptions, without noticeable constraints. A low latency of 2 to 250 µsec makes the FortiGate appliances the ideal solution for the new voice services, since no delay is incurred during voice traffic and, as such, no restrictions in the quality of the services (QoS).

“With the new highly available and failure-resistant clusters, we satisfy the cloud service high standards that our customers expect. Confidentiality and reliability are not important to our customers only. We also expect our partners to respond quickly and efficiently when it comes to solving problems. This is where we can totally rely on Fortinet,” stated Semmler.

Besides ease of use and the ability to use the solutions internationally, the price was also important. “The outstanding price-performance ratio offered by Fortinet was also a decisive factor, since Fortinet enables us to offer the right security solution at a competitive price, according to the customer, project size and security requirements,” concluded Semmler.

"With the new highly available and failure-resistant clusters, we satisfy the cloud service high standards that our customers expect.” Frank Semmler, Head of Solution Management Security

CHALLENGES• Implementation of a global

security solution to support cloud-based communications services delivered to enterprise customers

• Identify a security solution that can simultaneously support voice, unified communications and application data

OBJECTIVES• Ensure high-performance and

high-reliability security for cloud services

• Ensure adequately dimensioned performance and scalability for UC services

• Work in compliance with SIP standard

DEPLOYMENTFortiGate-310BFortiGate-620BFortiGate-1240B

INDUSTRYService Provider

COUNTRYGermany

13


GovernmentFrom multi-threat network protection to messaging security, Fortinet provides the most efficient,

easy-to-manage and cost-effective solutions to cities and public administrations around the world


A major town of nearly 15,000 people, Blackpool is a well-known holiday resort and third largest settlement in North West England, after Manchester and Liverpool. Blackpool Council provides network services for all the state schools and public libraries in the area, as well for a multitude of its own office and logistics sites. Broadband connectivity speeds for the sites have been increasing exponentially, particularly for the 40 schools in Blackpool that each run at between 10Mbps and 100Mbps.

Blackpool CouncilUK town secures its network with Fortinet

SituationWith various rich-media educational services due to drive future speeds to 200Mbps and above, Blackpool Council found that its core network infrastructure struggto keep pace.

“We aggregate all traffic onto our core network at very high speed, where we apply various security policies in order to mitigate malicious threats and block any inappropriate content,” explained Tony Doyle, Head of ICT at Blackpool Council.

“The throughput we needed was placing enormous pressure on our security infrastructure, which at that time was a complex array of separate hardware devices.

We needed to simplify and accelerate our network security, but for the time being were just trying to manage with what we had.”

Change was coming however, as Blackpool’s incumbent Web content filtering solution became discontinued and the product vendor offered only an inflexible and prohibitively expensive alternative.

As it transpired, Blackpool would be doing more than simply replacing their content filtering capability, but also firewalls, and in the future possibly more – all unified within a high-performance security platform.

SolutionThe Council's approved network solutions partner, Synetrix was engaged to call upon its extensive experience of designing and deploying Web content filtering solutions, and provide Blackpool with its recommendation.

Fortinet was identified as the preferred choice based upon feature support, ease of deployment, cost effectiveness and future capabilities. A highly resilient solution was designed based on the deploymen twoFortiGate-1240B hardware accelerated security appliances, supported with real-time updates from the FortiGuard threat research and response centre. As well as school students, Doyle also envisaged the Fortinet solution to provide Web content filtering for council staff, and ensure secure Internet access for wireless LAN users and public access users in libraries and council premises. “As soon as we made the decision to adopt Fortinet, we saw the opportunity to consolidate other security functions into the same appliance,” said Doyle.

“The performance is outstanding, and it made aggregating other security functions like firewall a bit of a no-brainer. It wasn’t just to save money. We’ve simplified our network, accelerated traffic throughput and made it ready for the long term; it just so happens we’ve reduced our security costs into the bargain.” Blackpool had been routing schools traffic on its core network through a Cisco Pix firewall, with a SurfControl/Websense content filtering system situated in-line.

16


In addition, the majority of schools running server-based Microsoft ISA Servers onsite. In a separate network and datacentre, traffic for the libraries and other sites had passed through a Check Point firewall prior to web content filtering.

“We always found it a real challenge to keep pace with connectivity demands, particularly as they increased over time. Since unifying the content filtering and firewall functions with single instances of the Fortinet appliance, the feedback from users has been that they’ve never seen the Internet go so fast! We’ve also got much more control now, and can easily manipulate distinct firewall and Web content filtering policies for each connection.”

The FortiGate-1240B appliance raises the bar in network security devices by delivering security throughput at switching speeds (firewall throughput up to 40Gbps). Thirty-eight hardware accelerated ports, of the 40 total on the system, allow networks to enforce firewall policy between network segmentation points for layered security with switch-like performance. Fortinet’s high performance FortiASIC network and content processors ensure that the security device will not become a bottleneck by utilising intelligent digital engines to accelerate compute-intensive security services.

As all Fortinet appliances are built on a common source code, Doyle chose to procure a number of additional SOHO-sized FortiGate-50s to use as ‘trainings and pits’ among members of his technical

team. “It isn’t practical to play around with the FortiGate-1240Bs and try new things out, because they are installed. The FortiGate-50s use the same interface, and other than the difference in scale and connectivity, are based on the same technology. Some people from my staff have taken them away as homework.”

SuccessRather than being an opportunistic investment, Doyle believes that Fortinet has delivered a number of strategic advantages including streamlined management, greater network visibility and future security deployment flexibility. Crucially, Fortinet has also enabled Blackpool to meet difficult compliance challenges such as GovConnect CoCo, and PCI DSS.

“Like many large organisations, we share a lot of management responsibility for the network with a trusted partner – in our case Synetrix. Fortinet gives us maximum visibility in order to achieve seamless working between our two teams, and speed up the resolution of issues and troubleshooting.”

“FortiGate’s flexibility is supporting our long-term security strategy, while also solving a few tactical opportunities. We are seriously considering adding IPS and email filtering at some stage, as our tests indicate that any performance impact would be minimal.”

CHALLENGES• Replace an inefficient and

complex email gateway system

OBJECTIVES• Secure Internet access for

wireless LAN and public access users

• Simplify and accelerate network security

• Streamline security management and improve control

DEPLOYMENTFortiGate-1240BFortiGate-50B

INDUSTRYLocal Government

COUNTRYUnited Kingdom

"The performance is outstanding, and it made aggregating other security functions like firewall a bit of a no-brainer. We've simplified our network, accelerated traffic throughput and made it ready for the long term."

Tony Doyle, Head of ICT

17


The youngest of the 26 Swiss cantons, the Canton of Jura, is a sovereign state within Switzerland. The public administration provides about 70,000 citizens with services such as education, health care, security, transportation and operates the necessary IT infrastructure.

Canton of JuraSwiss canton boosts email security and simplifies management with Fortinet

SituationAs part of a broader IT security revamping strategy, the IT department of Canton of Jura decided to replace its email security solution, due to the inefficiency of the previous email gateway system, the lack of service and support and the complexity of the security architecture.

Two short comings supported the decision to change the email security solution. On the one hand, the filtering performance of its open source anti-spam solution had not been productive and many users complained about receiving spam. On the other hand, the external public organizations working with the canton had expected to benefit from its messaging services without being part of the same IT network, which required a specific configuration of the email system. In terms of system administration, there had been problems to correctly address these issues due to the complexity of the system. Therefore, the new solution had to fulfill the various requirements and yet, be easy to administrate.

“The performance of the previous security solution had been dwindling significantly, letting more and more spam emails get through the system. Many incidents occurred, including emails getting lost or being delivered with a delay,” said Bruno Kerouanton, chief security officer at Canton of Jura. The canton serves 50 sites, 1,300 PCs, 300 laptops and 1,700 users and several data centers as well as some para-public organizations, which partially share the canton’s security solution.

“We needed easier management, better spam control, and high availability of the two data centers. We also had to offer differentiated and segregated email services to some of the para-public entities,” explained Kerouanton. “The flexibility of the system and the possibility to tailor it to the users’ needs were paramount. Some of the organizations we serve such as hospitals, the police or fire department have particular requirements. For example, they request to receive many of the emails that would normally be filtered out by our system as spam.” SolutionAfter conducting a detailed analysis of the IT needs and expectations, the Jura public administration opted for an enterprise-class solution that would be able to work out-of-the-box and require no or little maintenance. The diversity of users’ needs related to email excluded the possibility of obtaining an email security solution that works with manually installable updates and a single-layered protection.

The new solution consists of two clusters of Fortinet’s FortiMail messaging security appliances chosen with the counsel of Jura’s main IT security contractor. One cluster, two FortiMail-400B appliances, was deployed to protect the internal messaging system of Canton of Jura, which includes about 1,500 email accounts. The two appliances operate in transparent mode with fail-over support for ease of maintenance and high availability. Every day, the FortiMail-400B system filters an average of 180,000 emails.

18


The other cluster, consisting of two FortiMail-100 appliances, protects Jura’s email communication with external public organizations. It was configured as a mail server providing full-featured SMTP mail server functionality with anti-spam, anti-virus and flexible support for secure POP3. The solution prevents in average about 5,000 viruses per month from entering Jura’s IT system.

The installation of the new security solution had been quite a concern, as such a project generally requires a service interruption and can cause lost or delayed emails. However, the Fortinet messaging security solution was up and running in just a few hours without any significant impact for the users thanks to the simple configuration options offered by the FortiMail systems. They provide a web-based console and configuration wizards to walk through the process.

The network managers received a one-time training on how to operate the system. The staff involved in the cluster management now consists of a help desk and support team checking quarantine queues, in case users need a quick release of blocked mails, and one system administrator in charge of the internal messaging servers. Upgrades and appliances checks take up about 5% of the overall maintenance time, representing less than 8 hours a year, thus allowing Jura’s administrators to invest their time in responding to users’ business needs.

SuccessThe new solution addresses both the users’ and the IT managers’ specific requirements for performance and usability.

“Previously we had to cope with up to several hundred of email related incidents,” said Kerouanton. “Today we still have occasional complaints about blocked or lost emails because of false-positive blocked in quarantine. However, users can now release false-positives themselves, therefore there is a lot less to worry about.”

The management software and the embedded administration interface have also met the expectations of the IT managers, saving them time and additional training. The operational advantages of the FortiMail security solution have been essential to a smooth transfer to avoid any business communications disruption.

The amount of spam and malware getting into users’ inboxes is increasing constantly and can seriously harm the productivity of organizations. That is why email security is not just an issue, but a matter of service level agreements. Being a service provider itself, Canton of Jura needs to comply with high standards.

“The one and only email security solution just doesn’t exist,” says Kerouanton, ”however, we found the best solution for us and that is why we are a 100% satisfied.”

CHALLENGES• Replace an inefficient and

complex email gateway system

OBJECTIVES• Deploy an email security

solution that is easy to manage and provides strong spam control

• Provide segregated email services to the different administration entities

• Ensure high availability

DEPLOYMENT2x FortiMail-400B2x FortiMail-100

INDUSTRYLocal Government

COUNTRYSwitzerland

"The one and only email security solution just doesn’t exist. However, we found the best solution for us and that is why we are 100% satisfied.”Bruno Kerouanton, Chief Security Officer

19


VFS Global serves diplomatic missions/consular sections across the globe by managing all the administrative and non-judgmental tasks related to the entire lifecycle of a visa application process, so as to enable diplomatic missions to focus entirely on the key tasks of assessment and interview. The visa processing is done either online or at visa application centers. Today, it serves diplomatic missions of 33 countries through its 385 offices, along with operations spanning 48 countries across 5 continents.

VFS GlobalFortinet secures diplomatic operations and data across the globe

SituationToday, VFS Global serves diplomatic missions of 33 countries through its 385 offices, along with operations spanning 48 countries across 5 continents. The huge number of personal identification data that VFS is handling makes it a challenge to store and protect all these data.

Considering its global scale of operations, it was critical for VFS to work with a security vendor which has a strong global presence, along with a portfolio of feature-rich and cost-effective security products. SolutionBased on these criteria, VFS selected Fortinet as its preferred security vendor and started deploying their security products in 2006. Since then, the vendor’s FortiGate-1000 multi-threat network security appliance has been used at VFS’s Mumbai data center and an assortment of the FortiGate-60, FortiGate-80 and FortiGate-100 appliances are deployed at its visa application centers across the globe.

The FortiGate-1000 integrated network security appliances offer a cost-effective solution for multi-threat protection at the enterprise perimeter, particularly in the datacenter, thanks to its powerful line-up of processing and security capabilities. Being the gateway for remote site-to-site IPSec VPN and for all Internet access, the FortiGate appliances act as the access point through which all Internet entries and exits must pass through.

In this way, the features, namely gateway anti-virus, VPN, IPS, anti-spam, and others offered on the Fortinet unified threat management (UTM) platform address VFS’ security requirements.

The FortiGate-60, FortiGate-80 and FortiGate-100 appliances were mainly chosen for their ability to secure the remote/branch office networks.

Depending on the size of the branch offices, VFS was able to benefit from the flexibility and various throughput levels offered by the FortiGate platforms. This is particularly important for an enterprise such as VFS with extensive yet varied operational presence across the globe.

All FortiGate appliances provide high performance, flexibility, multi-threat security - including network security, content security, data loss prevention and WAN optimization.

The FortiGate appliances provide UTM capabilities on hardware platforms of various sizes and their accelerated security throughput, high port density, and ease of management allow small and medium branch offices to deploy enterprise-class security in minutes, with minimal maintenance required.

In addition to the UTM appliances, Fortinet’s FortiManager centralized management platform is used by VFS to minimize the administrative

20


effort required to centrally deploy, configure, monitor and maintain the full range of network protection services provided by Fortinet’s security products in multiple locations.

Another product, FortiAnalyzer, aggregates log data coming from the various FortiGate appliances and provides advanced security management functions such as quarantined file archiving, event correlation, vulnerability assessments, traffic analysis, and archiving of email, Web access, instant messaging and file transfer content.

SuccessBeyond its frequent product updates and upgrades provided, Fortinet has also accelerated its product delivery process across its global offices, thus enabling such customer as VFS to enjoy greater agility for business and IT security needs.

The ability to adapt and support promptly is particularly pertinent in light of the dynamic threat environment, as well as the more intimate integration of technology into business processes for such global, service-centric enterprise as VFS.

CHALLENGES• To deploy a global, feature-rich

and cost-effective security platform

• Secure personal identification data transiting across the globe, find a security solution which can adapt to global offices' various needs while being feature-rich and cost-effective

OBJECTIVES• Provide multi-threat network

security across the different offices and in main data center;

• Deliver centralized security management for simplified operations and maintenance

DEPLOYMENTFortiGate-1000FortiGate-60 FortiGate-80 FortiGate-100FortiManagerFortiAnalyzer

INDUSTRYGovernment

COUNTRYIndia

21


Education

The world's leading education institutions rely on Fortinet to protect their high-speed networks and provide safe web access at best TCO levels


Established in 1984 with the support of Ireland’s Higher Education Authority, HEAnet is dedicated to providing high quality Internet services to students and staff in Irish universities, technology institutes and other tertiary education and research organisations.

HEAnetFortinet secures Ireland’s 4,000 primary and secondaryschools against web-based threats

SituationHEAnet manages a high-speed national R&E (Research and Education) network with direct connectivity to networks in Europe, the USA and the rest of the world. Today, HEAnet stands as one of Ireland’s largest Internet service providers.

In 2005, as part of an Irish government initiative, HEAnet were tasked with building and managing a Schools Network backbone. Interconnecting with six broadband providers that present a range of access technologies including DSL, wireless, satellite, and other access technologies, HEAnet is providing the country’s 4,000 primary and secondary schools with content-safe connectivity to the Internet and other educational networks.

In this regard, HEAnet were tasked with finding a security solution that could deliver the protection and performance the network needed on an almighty scale. Ronan Byrne, Special Programmes Manager at HEAnet, headed up the project; “With schools encouraging the use of technology from an early age it was vital that the correct security measures were in place prior to allowing schools access to the Internet.”

“There are millions of potentially harmful sites harboring illegal or inappropriate content and we needed to ensure that schools connecting to our network would be protected with the most advanced Web filtering and anti-virus technologies, however, we also knew that finding a security solution that could cope with the network demands on such a large scale would be tough.”

SolutionHEAnet conducted an in–depth review of the security market in order to find a security solution with the scalability to protect the entire network, whilst keeping management overheads down. Byrne explains, “Performance and scalability were key criteria, and to ensure ease of management we looked to implement a centralized filtering approach, rather than deploying thousands of identical devices out in the field.”

After a competitive public tender and rigorous evaluation process, Fortinet’s FortiGate-5000 series network security platform was chosen as the solution for Web-based content filtering and antivirus on the basis of its outstanding protection capabilities and its ability to process large throughputs of traffic without diminishing performance. HEAnet implemented a chassis-based FortiGate-5140 in two of its datacenters to perform integrated antivirus and Web content filtering across the entire network of 4,000 schools. All the school traffic is routed via two PoPs for increased resilience. Each contains one FortiGate-5140 with four FortiGate-5001 blades to ensure that in the event of a PoP failure, HEAnet can re-route traffic to ensure very high levels of availability. Designed with maximum processing power and speed in mind, the FortiGate-5140 has the high performance and robust capabilities required to provide HEAnet’s 800,000-user community with real-time network protection.

Byrne explains, “The chassis-based Fortinet solution demonstrated the resilience and capacity needed to cope with the enormity of our project. At the same time, its multi-threat security approach meant we

24


"The antivirus and Web filtering is working in tandem to successfully safeguard the school network [...] With high throughout capacity plus the high availability features of the FortiGate solution, we have the capacity we need to support the high levels of traffic on our network.” Ronan Byrne, Special Programmes Manager

CHALLENGES• Allow 4,000 primary and

secondary schools access to the Internet with content-safe connectivity

• Ensure that schools connecting to network would be protected with the most advanced Web filtering and anti-virus technologies into a centralized filtering approach whilst keeping management overheads down

OBJECTIVES• Protect the schools’ network

and its users from harmful malware and web content

• Process large throughputs of traffic without diminishing performance

• Get a multi-threat security approach to implement two crucial security functionalities (antivirus, Web content filtering) using the same platform

DEPLOYMENT2 x FortiGate-5140 Chassis8 x FortiGate-5001 Blades2 x FortiManager-3000

INDUSTRYEducation

COUNTRYIreland

were able to implement two crucial security functionalities (antivirus, Web content filtering) using the same platform. As an alternative to deploying a large number of servers in order to fulfill our needs, we could just deploy two FortiGate-5000 using up less rack space, therefore requiring less power and cooling in the datacenter environment.”

With consultation and advice from trusted IT service partner, Lan Communications, HEAnet implemented a chassis-based FortiGate-5140 in two of its datacenters to perform integrated antivirus and Web content filtering across the entire network of 4,000 schools. All the school traffic is routed via two PoPs for increased resilience. Each contains one FortiGate-5140 with four FortiGate-5001 blades to ensure that in the event of a PoP failure, HEAnet can re-route traffic to ensure very high levels of availability.

With the project commencing in July 2005, HEAnet and Fortinet faced fierce time constraints in order to ensure that the Fortinet solution would be ready to protect pupils returning to schools in September of that same year. With the centralized Fortinet solution in place HEAnet successfully completed an aggressive roll-out connecting approximately 500 new school broadband connections per month. Each school required comprehensive Web filtering and antivirus protection from the outset.

Designed with maximum processing power and speed in mind, the FortiGate-5140 has the high performance and robust capabilities required to provide HEAnet’s 800,000-user community

with real-time network protection.

Success With the Fortinet products in place, HEAnet is successfully blocking inappropriate or harmful Web content and protecting the schools’ network and its users from harmful viruses and malware. Byrne explains: “There is no doubt that we have succeeded in offering a far safer online environment for all the students across the country than heretofore. We believe the scale of this security deployment is unique and our fellow national education networks across Europe show great interest in how we provide filtering and security on this scale”.

96% of those primary and secondary schools surveyed by HEAnet considered the Fortinet solution was offering a safer online environment for staff and students, whilst over three quarters of those surveyed stated that they were more inclined to use the Internet following the introduction of Fortinet-powered Web content filtering.

“The antivirus and Web filtering is working in tandem to successfully safeguard the school network from rising Web threats and illegal content. With high throughout capacity plus the high availability features of the FortiGate solution, we have the capacity we need to support the high levels of traffic on our network,” continued Byrne.

Byrne concludes, “To complete a security project on such a large scale and gain this positive feedback from schools is a great testament to the project.”

25


Instituto de Salud Carlos IIISpanish public research organization chooses FortiWeb

Instituto de Salud Carlos III, a national public research and scientific support organization for the promotion of biomedical and health science research in Spain, is focused on developing and providing high-quality techno-scientific services for the Spanish National Healthcare System and society as a whole. Its mission is to develop and provide the highest quality scientific-technical services to the National Healthcare System and society in general.

SituationIn 2010, Instituto de Salud Carlos III (ISCIII) decided to optimize its IT infrastructure in order to eliminate server duplication and further increase information security. Since the public organization had been relying on FortiGate multi-threat security appliances for its network security for the past three years and had been very satisfied with Fortinet’s technology, it decided to replace its demilitarized zone (DMZ) configuration, which involved multiple servers.

SolutionWhen it came time to look at a Web application firewall (WAF), ISCIII had a few requirements that needed to be met. The first one was that the WAF functionality was compatible with the ISCIII infrastructure which is completely virtualized and the number of access points is extremely high. The agency’s Webmail needed protection against brute-force attacks and SQL injection types of attacks.

They also wanted to look at outgoing traffic to ensure that no proprietary/sensitive data leaves the enterprise. In essence, the ISCIII was looking for a solution which could protect its web application infrastructure against OWASP top 10 attracts.

After reviewing multiple Web application firewalls, ISCIII decided to deploy Fortinet’s FortiWeb appliance. FortiWeb was selected by ISCIII because it provides a uniform and umbrella solution for web application security and reduces complexities while representing a cost-effective investment.

The FortiWeb family of web application and XML firewalls protect, balance and accelerate web applications and Internet-facing data from attack and data loss. Working with Fujitsu España, ISCIII deployed two FortiWeb-400B appliances to secure the sensitive information accessible from its web applications, leveraging the following key features:

• The institution protected its webmail against user identity theft by implementing a “Brute Force Login” security policy.

• An “SQL Injection” policy was configured in order

to prevent web application hacking. In fact, several of the ISCIII’s applications were hacked in the past with links to malicious websites incorporated in the applications.

• The institution has applied the “Information Disclosure” policy to help prevent attacks on servers, which store the applications containing sensitive information

Configured to redirect web application requests to internal servers, FortiWeb became the sole point of access for all web-based applications from any of ISCIII’s internal and external networks. FortiWeb has also been configured to perform SSL application processing, which frees up valuable resources (CPU & RAM) that can then be used by other servers as the environment is fully virtualized.

26


CHALLENGES• Deploy a Web application

firewall which would be compatible with a fully virtualized infrastructure and a large number of access points

OBJECTIVES• Guarantee protection against

brute- force attacks and SQL injection types of attacks

• Prevent leakage of proprietary/sensitive data outside the enterprise

DEPLOYMENT2 x FortiWeb-400B2 x FortiGate-1000AFortiGate-800FortiGate-60CFortiAnalyzer-800BFortiManager-400B

INDUSTRYGovernment

COUNTRYSpain

"The number of users and the variety of access points used to enter our network means that we need a fast, reliable and secure communications network, which includes the protection of our web applications from Internet threats." Antonio José Arenas, Systems Coordination and Information Technologies Unit

Success "The number of users and the variety of access points used to enter the network provided ISCIII with a fast, reliable and secure communications network, which includes the protection of web applications from Internet threats." said Antonio José Arenas, Systems Coordination and Information Technologies Unit at the Institute. Another benefit since deploying the FortiWeb appliance is the base protection filters deployed by the FortiWeb Attack Signature Database. These provide the ISCIII with protection against “typical OWASP top 10 type of attacks.

Finally, working with Fujitsu España proved to be invaluable to ISCIII. Fujitsu España has the knowledge and know how to test and integrate the Fortinet solution and in doing so were able to design and deploy the Fortinet solution throughout ISCIII’s virtualized infrastructure.

Their experienced consultants understand what the government agency needed and answered with features available in FortiWeb.

Antonio José Arenas, concludes: "The number of users and the variety of access points used to enter our network means that we need a fast, reliable and secure communications network, which includes the protection of our web applications from Internet threats."

27


UAE University, Al AinFortinet secures network and messaging infrastructure

Since its inception in 1976, the United Arab Emirates University (UAEU) has followed the clear, far-reaching vision of H. H. Sheikh Khalifa Bin Zayed Al Nahyan, the president of the United Arab Emirates, of placing itself at the forefront of scientific and technical learning places and being compared to other internationally renowned universities.

SituationUAEU has nine separate campuses mostly based in Al Ain with one in Abu Dhabi. Each college campus has its dedicated on-site IT support that can escalate a problem to the central helpdesk, which, in turn, refers it to either the Applications Division or to the central Infrastructure and Core Technologies Division. The Applications Division handles all software related issues whereas the Infrastructure and Core Technologies Division deals with all other issues related to the IT infrastructure in the UAEU.

“IT works in layers, and we are focused on providing good quality IT services and infrastructure to our end users, meaning the students and staff of the University,” said Manmohan Singh, Director of Infrastructure & Core Technologies at UAE University.

On the security front, the Infrastructure and Core Technologies Division at UAEU realized that its existing security set up had some limitations in terms of hardware and support. The previous firewall and Content Services Switch (CSS) had reached end of life and end of support since 2003. Support in terms of spares, telephone support, new patches and software updates were unavailable and the University had no form of monitoring/reporting/alert or centralized management. This put the University at very high risk and UAEU therefore decided to replace its existing firewall and security setup with a complete security solution, which would provide multiple layers of protection aka Unified Threat Management (UTM).

Hani Sultan, Security Project Manager at UAEU, said, “The previous Cisco Intrusion Detection System (IDS) was out of date and not functioning. The university constantly experienced worm and virus infections that were attacking servers, consuming network bandwidth and causing considerable network downtime. That’s why we wanted to replace the outdated broken intrusion monitoring system with new multipliable- layered UTM technology, which would provide complete online protection to the university users.”

UAEU also had no SMTP gateway. Internet users were directly connected to the University’s internal email server, which made it vulnerable to attacks, spoofing and mailbox hijacking. So, as part of its continued overhaul of its IT infrastructure, the university decided to upgrade and update its security implementations, including setting up proper security standards, in order to be able to provide free access to learning tools through the Internet to its staff and students without jeopardising the integrity of its network and other services. SolutionIn order to provide true protection against Internet threats and other malware, UAEU was looking for a solution that would allow the migration of its 20,000+ email users to a proactive anti-virus, anti-spam service for both its outgoing and incoming email application, with a managed service that would be easy to configure and would provide a friendly user interface. At the network level, the university wanted a high-performance firewall solution with multiple

28


CHALLENGES• Upgrade and update its

security implementations, including setting up proper security standards

• Replace the outdated broken intrusion monitoring system with new multiple-layered UTM technology

• Get integrated security for both internal and external communications

OBJECTIVES• Provide free access to learning

tools through the Internet to staff and students without compromising network integrity and other services.

• Provide complete online protection to the university users

• Provide a proactive antivirus, anti-spam service for both outgoing and incoming email applications to 20,000+ users

DEPLOYMENT2 x FortiMail 2000A2 x FortiGate 3600A 2 x FortiGate 1000A 1 x FortiAnalyzer

INDUSTRYEducation

COUNTRYUnited Arab Emirates

"We found the Fortinet solutions easy and flexible to deploy. FortiMail has provided us with excellent results by reducing spam and viruses. We have more control and, using Fortinet, we have succeeded in protecting the entire network from all types of Internet threats.” Manmohan Singh, Director of Infrastructure & Core Technologies

DMZ’s.Both Manmohan Singh and Hani Sultan, Security Project Managers at UAEU, evaluated several security products and solutions in the market and found that Fortinet’s range of security appliances provided all the features they were looking for without affecting the overall network performance. So, the university opted for two FortiGate-3600A multi-threat security systems for its firewall needs and two FortiGate-1000A appliances to provide all the built-in network-level and content-level threat protection. Combined with multi-gigabit performance, all the FortiGate appliances ensure security and throughput.

In order to effectively combat spam within the academy and secure its internal email server, UAEU deployed two FortiMail-2000A multi-layered, email security platforms. This deployment provided Secure Messaging Platform (SMTP Gateway) to provide optimum configuration flexibility with enterprise-class antispam and antivirus functions to secure mission-critical email applications. This gives its 20,000+ users authenticated access to their mails and prevents spam and spoofing.

On top of the deployement of those security appliances, UAEU wanted to be able to get a comprehensive view of its network usage and security information. The university therefore deployed Fortinet’s FortiAnalyzer, which securely aggregates and analyzes log data from the FortiGate security appliances deployed throughout its network.

FortiAnalyzer provides UAEU with real-time network log records, as well as a comprehensive report and analysis of network usage and security information, supporting its need for discovering and addressing vulnerabilities across dispersed FortiGate systems. FortiAnalyzer also provides advanced security management functions such as quarantine archiving, event correlation, vulnerability assessments, traffic analysis, and content archiving.

Success Today, FortiGate security appliances provide integrated security for both UAEU internal (at the datacenter level to protect servers and resources) and external communications, with multiple DMZs deployed for SSL VPN, VOIP, etc. FortiAnalyzer is an essential tool for reports and troubleshooting.

In terms of email protection, despite a total of over 20,000 users, many of whom are using the email services simultaneously, UAEU managed to migrate its system from a Cisco configuration to Fortinet’s FortiMail within 36 hours with a record down time of less than one minute.

“We found the Fortinet solutions easy and flexible to deploy,” continued Singh. “We were able to activate as many or as few applications as we needed. Besides, unlike Symantec, FortiMail has provided us with excellent results by reducing spam and viruses. We feel we have more control and, using Fortinet, we have succeeded in protecting the entire network from all types of Internet threats.”

29


Financial Services

Fortinet's multi-threat security solutions and advanced management and reporting appliances enable retail banks to secure their networks and data while maintaining compliance


Established in 1977, HDFC Ltd. is a pioneer and leader in housing finance in India and has turned the concept of housing finance for the growing middle class in India into a professionally managed, world-class enterprise. HDFC has assisted more than 3.3 million families to own a home of their own, through housing loan approvals of more than Rs. 2.65 trillion.

SituationHDFC has a wide network of 271 offices reaching out to 2,400 towns and cities across India and is serviced by a specialist team of trained and experienced professionals.

It also has offices in London, Singapore and Dubai and service associates in Abu Dhabi, Sharjah, Kuwait, Oman, Qatar and Saudi Arabia (Al Khobar, Riyadh & Jeddah) to provide housing loan and property advisory services to NRIs and PIOs.

Its unrelenting focus on corporate governance, high standards of ethics and clarity of vision, percolate throughout the organization.

According to Mr. Nilesh Khot, Manager – IT of HDFC Ltd, the company was looking for a security solution that provided easy manageability, seamless usability and high performance. The company had deployed a firewall for the perimeter security of its network, which comprised of the mail server and intranet. This setup provided packet filtering capabilities to counter the network security threats.

As remote access requirements and Internet based attacks grew; the IT department felt the need to deploy an IPSec VPN solution with additional capabilities such as firewall, antivirus and anti-spyware, intrusion prevention system (IPS) and Web filtering capabilities.

SolutionHaving evaluated products from various network security vendors such as Juniper, Fortinet and Check Point, the IT department mapped the requirements against the available product specifications. Fortinet’s unified threat management (UTM) solution, specifically the FortiGate product family, proved to be an exact fit to the requirements and provided several additional features which made it a natural choice.

After the Fortinet appliances were selected, a pilot project was undertaken for a fortnight. The company was especially pleased with the FortiGate appliances’ multi-threat functionalities and performance.

The company deployed a FortiGate-1000A and FortiGate-620B appliance, which were able to provide a complete network security solution.

FortiGate appliances can effectively consolidate critical network security solutions into one unified platform thereby reducing complexity of deployment and management.

Fortinet’s FortiManager and FortiAnalyzer appliances provide centralized management and monitoring for the deployed FortiGate appliances.

HDFC’s IT department utilizes the multi-functional ability of the FortiGate appliances to secure the network gateway.

HDFCIndian pioneer and leader in housing finance deploys Fortinet security solution to provide a rock-solid defense mechanism

32


For instance, the pre-configured IPSec functionality is able to provide remote installation and data transfer to preserve network integrity, consistency and confidentiality from a central management location with FortiManager.

Web content filtering and firewalling capabilities are also utilized to enable seamless user experience, traffic monitoring, as well as protect users from entering malicious Websites.

HDFC has also turned on the IPS functionality, which provides effective protection from online threats without affecting the throughput performance and can also enable content scanning. In addition, the antivirus functionality is turned on to help block out almost 99% of the virus pool attempting to infiltrate the network.

For network monitoring and management, HDFC has also deployed a FortiAnalyzer and FortiManager appliance.

Built-in log analysis provides a central point for consistent analysis of network utilization, Web activity and attack activity. The network utilization data enables IT administrators to plan and manage the networks more efficiently with real-time data.

SuccessThe Fortinet FortiGate security solution has provided a three-prong solution for HDFC.

First, its UTM security approach featuring firewall, antivirus, virtual private network and intrusion prevention has provided a rock solid defense mechanism against potential threats, such as phishing, data theft, identity theft, online viruses, etc.

Second, the Fortinet solution provides high throughput and availability, while simultaneously enabling uninterrupted service delivery. Finally, with an efficient monitoring, logging and reporting solution, the life of an IT administrator is made easier.

CHALLENGES• Face surge in Internet-based

attacks resulting from increasing remote access demand

OBJECTIVES• Deploy strong multi-threat

network security solution

• Add high-performance IPSec VPN functionality

• Provide high throughput and availability for uninterrupted service delivery

DEPLOYMENTFortiGate-1000AFortiGate-620BFortiManagerFortiAnalyzer

INDUSTRYFinance

COUNTRYIndia

33


Asia Commercial Bank (ACB) is one of Vietnam’s leading financial institutions, providing a full range of banking and related services, including loans, insurance, and foreign exchange for corporate and consumer clients. The bank is privately owned, and its major shareholders include Jardine Matheson Holdings and Standard Chartered. Headquartered in Ho Chi Minh City, ACB has more than 100 branches throughout the country.

Asia Commercial BankVietnam’s leading financial institution relies on Fortinet for security

SituationACB is known in Vietnam to be an early adopter of new technologies. With the country’s rapid economicgrowth in recent years, the expansion of ACB’s banking network, and the introduction of new services such as Internet banking and securities trading, ACB has seen a dramatic increase in systems on its network.

This has raised the level of risk to its data from virus outbreaks and other security threats. ACB needed a solid defense strategy backed by robust and easily scaleable solutions to safeguard customer data and allow its clients to conduct transactions with confidence.

SolutionACB began its evaluation of security solutions in 2002, testing products from a range of vendors, including Check Point , but eventually chose Fortinet solutions because of the versatility of its products.

The deputy manager of the bank's Information Technology Division, Tran The Nam, notes while other solutions tend to separate firewall and intrusion detection functions, the FortiGate family unites these capabilities in a single, user-friendly appliance.

He says ACB was also impressed by the strength of Fortinet's local support and its commitment to Vietnam, a nascent market where the vendor moved to establish its presence early.

"We've had a strong relationship with Fortinet from the beginning," says Nam. "When we were first looking at really using the Internet and protecting our network, they were already there to help."

Initially, the bank had installed at its head office two FortiGate-500 systems, which have recently been replaced by one FortiGate-1000AFA2 and one FortiGate-1000A with IPS and anti-spam features activated.

The FortiGate systems are used to secure access to the corporate network and its core banking platform. The core network is currently being overhauled to incorporate business intelligence, online banking, and imaging functions.

The FortiGate-1000AFA2 and FortiGate-1000A are supplemented with a FortiGate-200 at ACB’s card center, which runs antivirus and intrusion prevention solutions around the clock protecting the data generated from the tens of thousands of credit and debit cards the bank has issued to its customers. ACB has also deployed FortiGate-60 firewalls at 20 key branches.

34


Success Since implementation, Mr. Nam says the Fortinet devices have run remarkably smooth and ensured ACB’s network has yet to suffer a single intrusion or security-related downtime incident.

As the bank prepares to develop its range of online services and boost its presence in underserved parts of Vietnam, Nam says it will build up its Fortinet deployment to match.

Over the next year ACB plans to invest in FortiManager-400 and FortiAnalyzer-800 management and reporting systems, as well as more FortiGate-60 firewalls for additional branch offices.

“The biggest advantage of Fortinet is that the company manages to combine so many functions in one appliance and still keep prices reasonable,”he says. “We were also impressed by the help we received from Fortinet’s local team in the planning and deployment stage, which made sure the solutions were easy for administrators to install and use.”

Nam says the bank's management and employees are also increasingly appreciative of the role Fortinet has played in supporting ACB's technologycentric strategy and safeguarding the institution's reputation.

"They may not see the tools working, but they're aware that the solutions are keeping our networks safe and giving customers confidence as we grow, expand, and move more banking online," he says.

"(Fortinet) solutions are keeping our networks safe and giving customers confidence as we grow, expand, and move more banking online” Tran The Nam, Deputy Manager, Information Technology Division

CHALLENGES• Keep up with of banking

network expansion and the introduction of new services such as Internet banking and securities trading

• Define a solid defense strategy backed by robust and easily scalable solutions

OBJECTIVES• Secure access to the corporate

network and core banking platform

• Protect the data generated from tens of thousands of credit and debit cards the bank

DEPLOYMENT1 x FortiGate-1000AFA21 x FortiGate 1000A2 x FortiGate-5001 x FortiGate-20020 x FortiGate-60FortiGuard Services

INDUSTRYFinancial Services

COUNTRYVietnam

35


A financial services company with multiple locations throughout the Americas, the company sells financial packages including loans from their offices as well as via the internet. As a financial institution, the company processes sales transactions and financial transactions to a wide range of customers.

Financial Services CompanyFortinet’s FortiDB protects critical databases

SituationWithin the company, there are many custom built applications primarily for processing transactions and these systems are based on an SQL Server back-end and Oracle databases. Database security and meeting compliance mandates was a key requirement for this company due to the nature of the business. Within the company, there are four critical systems that have average transaction volumes of approximately 500 per second and 720,000 per day.

There were multiple drivers and benefits for a database security and compliance product. The first driver was database security. There are a number of power users and database administrators (DBAs) who can directly access the production applications. By implementing a database security solution, these users can be monitored when they access critical databases and, if somebody uses a tool such an SQL Server Management Studio, an alert is generated. Additionally, a vulnerability scan needs and can be implemented on a monthly basis.

The second driver for the company was compliance. The company needs to provide COBIT-based reports to external auditors. Naturally the company had to go through an internal audit process followed by an external audit.

SolutionThe company evaluated a number of database security and compliance products, but in the end they selected Fortinet’s ForitDB solution for numerous reasons. FortiDB offers the most complete and accurate audit data due to the use of the databases’ native audit functionality. None of the other vendors

were able to provide this. FortiDB was the easiest solution to deploy because it did not require changes to the network infrastructure and there were no agents to install on the databases. Finally, the FortiDB solution offered the most functionality with the best model for the lowest total cost of ownership.

In order to provide the company with highest level of database protection, they selected Fortinet’s FortiDB. FortiDB is the most comprehensive solution to secure databases and applications such as ERP, CRM, SCM and custom applications. The deployment of the appliance followed Fortinet’s best practices methodology for securing databases.

During the configuration, the decision was made to use the native audit functions of the databases to collect security and audit data. The reason for this decision was that native audit provides the most complete and accurate security and audit data. FortiDB also supports other options for data collection such as network protocol agents and a network sniffer.

The first step of the deployment was to run the vulnerability assessment function and lock down the databases as much as possible. For the lockdown, FortiDB’s standard reports for the remediation advice sections were used. In addition the using the standard reports available in the FortiDB appliance, there was an account review whereby the “Privilege Summary” function was utilized to see which users had access to which schemas and also which privileges they have.

36


The next step included identifying polices for all users and coinciding alert conditions were defined in case a user was accessing the database using the SQL Server Management studio on the SQL Server databases and Oracle SQL Plus on the Oracle databases. If users come through the standard applications there should not be any alerts generated. However, if users gain access via untraditional methods or applications, an alert would be generated.

Finally, the compliance policies were configured for the Oracle databases which run the financial systems. Configuration was made easy because of an existing compliance policy group integrated into FortiDB. The automated reports consist of the following:

• Verification of Audit Settings Control Code: DS3.5, DS5.5, DS13.3 (to track changes to configurable audit)

• History Of Privilege Changes Control Code: AI2.4, DS5.3, DS3.5, DS5.4 (to track changes to user access rights)

• End of Period Adjustments Control Code: AI2.3 (to track changes to the general ledger)

• Abnormal Use of Service Accounts Control Code: DS5.3 (to identify service accounts)

• Abnormal Termination of Database Activity Control Code: DS10.1 (to identify failed database processes)

• Abnormal or Unauthorized Changes to Data Control Code: AI2.3 (to track all changes made to data)

This process has allowed the definition of:• Tight access control - If there

are users accessing the database directly, without going through the applications

• Compliance automation, the data collected is used for reporting for the auditors

Success The company has seen many benefits since installing Fortinet’s FortiDB appliances. At the top of the list is the reduction in the amount of time needed for the database team to manage and maintain the security policies. Part of this simplification is the scheduled vulnerability assessment scans that run at the beginning of each month. These policies are automatically updated with Fortinet’s FortiGuard Network security services which automatically push security updates to databases thereby reducing the amount and time and effort needed by the security team. Now the team only has to review access reports and remediate issues if necessary.

In addition, ForitDB monitors all users, so when new users are added they will be included in the appropriate user groups. Unusual activity will create an alert which will then be reviewed by the security team. Finally, compliance reports are automatically generated and can be given to both internal and external auditors. These reports allow the security team to keep an eye on the verification of audit settings which can reveal if somebody tampered with the audit settings.

CHALLENGES• Protect sales and financial

transactions to a wide range of customers

• Ensure database security and meeting compliance mandates

OBJECTIVES• Monitor 4 internal servers and

database activity

• Assess database vulnerability – with periodic policy updates

• Meet compliance through CoBit framework based reports

DEPLOYMENTFortiDB-1000C

INDUSTRYFinance

COUNTRYUnited States

37


Retail

Fortune 500 retailers rely on Fortinet to deliver wired and wireless security across their network of stores and core datacenters


Migros is Switzerland’s largest retailer and a Global 500 company. With 50 companies and 84,000 employees, the Migros Group generates an annual turnover of 25 billion CHF. Migros is a federation of ten regional cooperatives with over 2 million members. Besides the traditional areas of Grocery Retailing and Specialized Goods Retailing, the Retailing Department (with the Swiss discounter Denner, the Globus department stores, the oil company Migrol, etc.), the Travel section (with Hotelplan, Interhome, etc.), and the area of Financial Services (Migros Bank) also represent important areas of business for the Group.

MigrosMigros relies on Fortinet to provide perimeter protection for the entire group network

SituationMigros' independently operating companies as well as ten regional cooperatives have consolidated essential parts of their IT. This for example includes the group-wide ERP - which contains the master data of more than 785,000 food, near-food and non-food items resulting in more than 10 terabytes of stored data - with SAP, but also perimeter security.

The Internet traffic relies on two different, redundant providers (dual homing) and is protected by Fortinet’s high performance UTM appliances. All Migros companies and branch offices are connected via MLPS in the group’s internal network, which enables a widely consolidated Internet access.

According to Philipp Jacky, Telecommunications Manager at Migros IT services, the data traffic is enormous – and continues to grow: “To provide Internet traffic without performance loss even in peak hours, we need a high performance security platform. We constantly need to filter the entire inbound and outbound HTTP traffic of every Migros company in real time, scan for viruses and use IPS to fight off attacks".

SolutionWhen the security specialists of Migros evaluated the ideal security appliance, they had several key criteria in mind, including the ability to deliver high speed, latency-free throughput, and a large number of 10

Gig ports. Furthermore, they required an appealing price performance ratio, moderate maintenance and operation costs, prompt updates of anti-threat signatures and ease of use.

For Philipp Jacky, all of these criteria spoke for Fortinet’s powerful UTM appliances: “We now rely on two high performance FortiGate-3951B UTM appliances. We have integrated them as a cluster in our data centers with one active firewall controlling and securing all data traffic and the second in hot standby as backup. Multi-threat security appliances integrate a wide range of security features within one system. This includes classic firewall as well as antivirus, IPS, URL or spam filtering, and VPN access. Pooling these functions in a 64-bit Fortinet appliance perfectly matched our requirements.”

Implemented by Fortinet’s partner Sidarion, the FortiGate-3951B device combines three essential elements to achieve wire-speed firewall performance at 10-GbE and GbE link speeds and ensure that security will not slow Migros’ network: custom hardware including FortiASIC processors, a modular architecture for future growth, and consolidated security from the FortiOS operating system.

According to Jacky, their FortiGate-3951B appliance offers substantial benefits over best-class point solutions. One example is the significant ease of

40


"It was definitely the right choice [...] we benefit from an enormously robust and easy to use security platform. [...] We are repeatedly impressed with (Fortinet) quick reaction times and competent support.”Philipp Jacky, Telecommunications Manager

use gained with UTM appliances in comparison with configuring, operating, upgrading and maintaining systems from multiple vendors. With only the FortiGuard subscription services and FortiCare maintenance contracts in place, it’s easy to keep all UTM functions and signatures up to date.

Moreover, Jacky mentions striking price benefits: “Integrating several functions into one system reduces both purchase and installation costs as well as expenses for maintenance, support and upgrades. When building a redundant environment, these expenditures even double and price differences multiply.”

SuccessMaximum security and high availability were core requirements for Migros’ ICT infrastructure. The Migros Group now relies on Fortinet integrated multi-threat network security appliances to protect effectively its entire network at the perimeter and fundamental security functions such as firewall, IPS, antivirus and web filtering have been consolidated into a single firewall cluster.

Choosing a UTM appliance to protect Migros’ massively growing data was innovative and proved right in every aspect. With FortiGate-3951B, Migros now relies on one of today’s most powerful UTM appliances with Fortinet’s innovative FortiASIC processors ensuring a firewall performance of 120 Gbps max.

This remarkable performance ensures latency-free protection of the entire Internet traffic as well as high availability of core applications such as SAP, Oracle and SQL.

The appliance monitors and controls no less than 145 SAP instances, 220 Oracle and 230 SQL databases, as well as data traffic for 325 Unix servers plus 4,239 physical and 405 virtual Windows servers.

Migros does not use all of the service options the UTM appliance offers: “So far, we haven’t configured VPN services, for example,” Jacky says. “But it’s great that we can activate every single function at any time, assign different profiles to our group’s companies and configure the respective services.

Also, new services such as application control for peer-to-peer and social media platforms can be integrated any time.”

Beyond technical performance and cost, Migros appreciates the support, partnership and knowhow delivered.

“It was definitely the right choice. First of all, we benefit from an enormously robust and easy to use security platform. Secondly, we profit from our partners’ strong customer orientation. Whenever vendor involvement is needed, we are repeatedly impressed with our partners’ quick reaction times and competent support. This applies to Fortinet as well as our systems integrator Sidarion, an excellent partner in terms of IT security.”

CHALLENGES• Implement integrated multi-

threat security appliances in a cluster to effectively protect entire network at perimeter

OBJECTIVES• Ensure maximum security for

ICT infrastructure

• Secure Internet access for all entities, including independently operating companies and regional cooperatives

• Secure Internet traffic without performance loss in peak hours

DEPLOYMENTFortiGate-3951B FortiGuard Subscription ServicesFortiCare Maintenance Contract

INDUSTRYRetail

COUNTRYSwitzerland

41


Roche Brothers Supermarkets has been stocking Massachusetts pantries for more than 50 years. The regional grocery chain operates 15 Roche Brothers Supermarkets and three Sudbury Farms stores in eastern Massachusetts, as well as an online shopping and delivery service. Founded in 1952 as a meat and produce store by Pat and Bud Roche, the business is still owned and operated by the Roche family.

Roche Brothers SupermarketsWireless network deployed throughout all stores and headquarters

SituationAs a retailer, if the network goes down, Roche Brothers loses money because credit card transactions can’t be completed therefore a back-up network needs to be in place.

As such, the selection of a network security provider and carrier was critically important for Roche as they needed a back-up network that was reliable, cost effective and offered complete uptime. “It is critical for us to have a network and back-up network that has 99.9% uptime,” said John Lauderbach, Vice President of IT at Roche Brothers. “If our network goes down, even for a few minutes, we lose money.”

SolutionBack-Up VPN Network As a retailer, Roche Brothers had a need to create an automatic back-up VPN network in case the network went down for any reason.

The original Fortinet deployment at Roche Brothers was 19 FortiGate-80C appliances with Sprint Wireless Air Cards, partner of Roche Brothers. The FortiGate-80C appliances are providing back-up for the existing frame relay network. Security7 utilized the OSPF routing protocol between the FortiGate appliances and the primary network to automatically route upon network failures.

Because the secondary network was Internet connected and would be routing financial information, PCI compliance was required.

FortiGate-80C appliances provide deployment flexibility for a wide range of situations, including an ExpressCard slot supporting 3G WAN connectivity and back-up modem.

Rapid, turn-key deployment and easy management lowers total cost of ownership and easily facilitates compliance with policies and regulatory requirements that protect access to personally identifiable information, secure remote access and prevent unauthorized access to applications and data.

In Store Wireless NetworkAfter successfully completing and seeing the benefits of the back-up VPN network at Roche Brothers, Security7 started a new in store wireless project for inventory and order management. Currently deployed at 19 different locations (18 stores and Roche Brothers headquarters) are 6-8 Fortinet FortiAP appliances.

The size of the location determines the amount of FortiAP appliances deployed. The wireless LAN controller functionality built in FortiOS was leveraged to save additional money and space at Roche Brother locations.

In addition, two FortiAP-220B appliances will be deployed at Roche Brothers headquarters. The FortiAP-220B appliance is a dual radio thin AP that is designed for simultaneous security air monitor and AP operation in the same physical enclosure.

42


Users of FortiAP-220B can employ one radio to meet the PCI DSS regulatory compliance by dedicating a radio full time to air scanning on both 2.4GHz and 5GHz bands, while the 2nd radio provides full speed client access on 2.4GHz band.

Having two radios in one enclosure reduces not only the capital cost of equipment, but also amplifies deployment with increased monitoring coverage.

ManagementIn addition to the FortiManager and FortiAnalyzer deployed at Security7 Networks, the ManageWerx solution is also maintaining a detailed historical record of information gathered, which is used by analysis and reporting engines.

Security7 Networks is able to locate data related to specific Roche activities, provide reports on incidents, long term trends, bottlenecks, as well as summarizing compliance data required by auditors.

“As a family owned business that is growing, it was important for Roche Brothers to reduce costs but not at the risk of reducing security or reliability,” said Jay Smith, President, Security7 Networks.“Fortinet’s OSPF capability allows the back-up network to seamlessly talk to the main network ensuring that there is always uptime. Combined with Fortinet’s wireless appliances and management by Security7, it was a perfect storm that was great for Roche.”

Success By using Fortinet’s FortiAnalyzer appliance, Roche Brothers has been able to meet more reporting mandates required by the PCI Security Council.

Fortinet’s FortiManager is proving to save Security7 a lot of time. Instead of having to do manual updates to each of the more than 160 appliances, Security7 can easily make global changes without having to touch each individual appliance remotely. In addition, once configurations have been completed and pushed out to the appliances, they are saved to both the FortiManager as well as Security7’s own ManageWerx platform. This will help the retailer in case there’s ever an issue where a recovery of configurations is needed.

At the individual stores, there is a Fortinet-based cellular router, consisting of a Sprint wireless card, with the Fortinet-based back-up VPN as well as a LAN controller. Having the LAN controller within the FortiAP appliances allows Roche Brothers to save money, space and management by not having to have a separate appliance deployed.

"We are very pleased with both of our Fortinet deployments throughout our network. We finally have a back-up VPN and in-store wireless solution that offers cost savings and security that we can rely on.”John Lauderbach, Vice President of IT

CHALLENGES• Deploy a cost effective, secure

network that has automatic failover using OSPF

• Deploy a secure in store wireless network

OBJECTIVES• Implement FortiGate and

Sprint network to create a back-up VPN

• Create a wireless in-store network

DEPLOYMENTFortiGate-80Cs FortiAP-220AsFortiAP-220Bs FortiAnalyzerFortiManager

INDUSTRYRetail


43


Valvoline Instant Oil Change (VIOC) is the second largest quick-lube chain in the United States and provides oil changes and preventive maintenance to millions of customers at its 800 U.S. locations each year. VIOC is owned by Ashland Inc. (NYSE:ASH), a Fortune 500 company and a diversified chemical company which provides innovative products, services and solutions to customers around the globe.

Valvoline Instant Oil ChangeFortinet secures wireless network at more than 800 locations

SituationTo differentiate itself among competitors and enhance customer satisfaction and loyalty, Ashland decided to replace its previous dial-up network with a new wireless network.

In doing so, there were some requirements that the company had to meet. Separate secure service set identifiers (SSIDs) were required so that multiple functions such as point of sale (POS) applications, wireless handheld scanners and wireless laptop use for managers could be used.

More importantly, VIOC was planning to offer customers free wireless connection while they waited for their oil change. In order to this, a splash page was required so that customers would agree to the terms and conditions of network usage and thereby release VIOC from liability.

When considering security providers, Fortinet was the only unified threat management vendor that could meet these needs.

“It was imperative that we have a splash page where guests would be required to accept terms and conditions of using our network and Fortinet was the only vendor that could offer us this extra level of protection for us,” said Bryan Justice, manager of business technology and computer services at Ashland.

“Having multiple security functions within one appliance was an added bonus for us.”

SolutionTo help provide virtual private network (VPN) and Web content filtering for the new wireless network located at more than 800 of its Valvoline Instant Oil Change locations throughout the United States, Ashland has deployed Fortinet’s FortiWifi-60 appliances as well as Fortinet’s enterprise-class FortiGate-5000 Series, FortiManager and FortiAnalyzer management and reporting appliances at its headquarters.

Located at the company’s Lexington, Ky. headquarters, Fortinet’s FortiGate-5001 and FortiGate-5020 chassis-based appliances are being used as VPN concentrators for the 800-site Fortinet roll-out to the VIOC stores. A third FortiGate-5020 chassis is located in Columbus, Ohio, for VPN fail-over in the event that the Lexington, Ky. site goes down.

Ashland has also deployed Fortinet’s FortiWifi-60B and FortiWifi-60A appliances at all VIOC locations. The FortiWiFi-60 appliances offer the same network security protection as FortiGate appliances, but for a wireless network infrastructure. The type of Internet connectivity at each location (DSL, cable or 3G wireless) determined which Fortinet appliance was deployed – the FortiWifi-60B supports 3G. Each FortiWifi appliance delivers four SSIDs for each wireless network: one for POS information, one for traveling managers of Valvoline to wirelessly connect to the network, one for handheld devices such as scanners, and the final for wireless guest access. By viewing a splash page, and then consenting, Ashland is able to allow only appropriate Websites to be viewed while on the network. Fortinet’s Web

44


"Fortinet has allowed us to dramatically improve customer service with the wireless network. Not only are customers able to be productive while getting a vehicle oil change, but the time to process the information for such service has gone from three to five minutes to three to five seconds." Bryan Justice, Manager of Business Technology and Computer Services

content filtering allows this by giving Ashland’s IT the ability to select which Websites are deemed “inappropriate” for the guests to view and therefore block them.

Ashland was also in need of a network security management, reporting and analysis solution so that management and analysis of the stores’ networks could be more easily done. Ashland purchased Fortinet’s FortiManager-3000 and FortiAnalyzer-2000 carrier-class appliances for deployment at its datacenters in Kentucky. The FortiManager system is being used as the centralized management platform for the Fortinet security infrastructure. The FortiAnalyzer system is easily aggregating, analyzing and reporting on Internet usage of the 800+ VOIC stores and monitoring and analyzing attempted network attacks.

By deploying FortiManager and FortiAnalyzer, Ashland can provide its individual stores with detailed reports on network usage.

All the FortiGate systems at the VIOC locations are centrally managed by Fortinet's FortiManager appliances which minimize the administrative effort required to deploy, configure, monitor and maintain the full range of network protection services provided by Fortinet products.

FortiAnalyzer is allowing Ashland to simplify and centralize the collection and analysis of log and event data from the FortiGate appliances and can then deliver highly relevant network reports and valuable intelligence on network usage.

SuccessDeploying Fortinet throughout its distributed network, Ashland has seen many unexpected benefits including meeting regulatory compliance, service and increased employee efficiency and customer satisfaction.

Part of PCI compliance is a requirement stating that there is firewall segmentation between wireless networks and the point of sale networks or any network that comes in contact with credit card information. Because of Fortinet’s use of SSIDs, VIOC can easily separate the guest wireless network from the point-of-sale network at each location.

Faster customer service is an additional benefit of Fortinet’s wireless network security appliance. VIOC employees can now use handheld devices to greet guests on the lot before they even get into the VIOC office. As a result, guests save time because they don’t have to wait in line within the office and information can be processed as soon as they are greeted. Because VIOC can now service more guests throughout the day it is seeing an increase in financials.

As a result of this wireless security implementation, Ashland employees have become more efficient and its customers more loyal due to the convenience of being able to browse the Internet while their vehicles are being serviced.“Since deploying the FortiWifi appliances, we have enabled our employees to work more efficiently and have also given customers the benefit of working on their laptops in a secure and wireless environment.

45

CHALLENGES• Provide secure wireless

access to customers

OBJECTVES• Create splash page for terms

and conditions

• Separate and secure SSIDs

DEPLOYMENTFortiWifi-60sFortiGate-5020FortiGate-5001FortiAnalyzerFortiManager

INDUSTRYRetail



Manufacturing

Leading manufacturing firms have opted for Fortinet to benefit from multi-threat protection, secure connections and centralized security management across their facilities


AAMWorld's largest automotive drivetrain manufacturer secures distributed and core network with Fortinet

SituationAAM's customer base includes world-class automotive companies such as Audi, Chrysler, Ford, Harley-Davidson, Nissan, Saab and Volvo.

AAM has grown from its original five North American manufacturing facilities to 32 facilities around the world. The growth of the business has led to the expansion of the network and the need for better management of that expanded network.

Before the deployment of Fortinet’s security devices, AAM was using network security products from other vendors.

However, the add-on features such as content filtering, antivirus could not meet this customer’s needs and requirements in protecting its network against multiple threats.

Specifically, AAM reckoned that the security features in the previous appliances used were neither adequate nor of sufficient quality to counter the threats posed by the external environment.

Moreover, the deployment of these products required more IT employees and incurred greater costs than what AAM expected. Facing new network threats and network management challenges, the customer considered switching to a single vendor for their network security requirements.

SolutionAfter going through the options in the market, AAM decided to go ahead with Fortinet’s integrated security platform, mainly due to the flexibility and feature-rich capabilities its UTM appliances are able to offer.

Moreover, being a global enterprise, AAM was very interested in the extensive range of products under the FortiGate network security series, which can cater to different office sizes and deployment scenarios, be it at the datacenters or branch office.

The FortiGate-1240B appliance is currently deployed at AAM’s data centers. A mix of FortiGate–311C, FortiGate-111C, FortiGate-81C devices are used for its satellite offices around the world. In addition, the FortiGate-60C is also used in offices whereby the AAM team is either just starting up or operating on a smaller scale.

Among all the features integrated in Fortinet’s UTM appliances, content filtering, DLP, WAN optimization and VPN stand out as being highly valuable to AAM’s business. The combination of security and application networking capabilities is particularly enticing to AAM’s objective of achieving greater synergies between its global offices. All the FortiGate devices deployed in the remote offices are used as the company’s core routers handling all OSPF and BGP route distribution, with VPN failover to provide a seamless failover in case of a circuit outage.

American Axle & Manufacturing (AAM) is a leading automotive supplier of driveline and drivetrain systems and related components, chassis systems and metal formed products. It is a world leader in the design, engineering, testing, validation and manufacturing of driveline, drivetrain and chassis systems, related components, and metal formed products.

48


The highly technical nature of AAM’s business also makes it critical for the company to ensure the integrity of its intellectual property, along with a greater need to provide for more efficient use of WAN bandwidth in light of the typically large files being transferred around its offices.

The FortiGate-1240B integrated multi-threat network security appliance has a purpose-built processor, the FortiASIC Network Processor, which is integrated into the FortiGate platform to deliver security throughput at switching speeds and an additional purpose-built processor, known as the FortiASIC Content Processor, which provides additional acceleration for intrusion prevention and anti-virus scanning.

In addition, AAM is leveraging the WAN Optimization option available on the FortiGate appliances, which has enabled good bandwidth improvement.

Fortinet's FortiManager-400A and FortiAnalyzer-800 management and reporting appliances, deployed at AAM’s Detroit, Mich. headquarters, are monitoring and analyzing the worldwide network for activity and attempted attacks and in doing so, are reducing the complexity of security management, reporting and analysis.

By deploying FortiManager and FortiAnalyzer, AAM can provide country-level and site-specific reports to its worldwide offices.

Success Deploying Fortinet throughout its So far, the switch to Fortinet’s UTM solution has helped AAM save about 15% of the costs incurred as compared to that spent with previous vendors.

The cost savings achieved here is mainly attributed to the lower cost of adopting feature-rich consolidated security platforms; AAM found itself having greater security coverage despite spending less.

Likewise, human resource cost has also dropped, due to the need for less IT employees with the adoption of converged platforms offering easier manageability.

Looking ahead, AAM expects to adopt more security features on the highly scalable Fortinet platforms, as security requirements increase along with growing business expansion.

CHALLENGES• Address limitations of previous

security solution in terms of features and quality to properly counter multi-vector threats

• Drive down costs and IT resources required to manage deployed solution

OBJECTIVES• Deploy an integrated multi-

threat security solution, including DLP, WAN optimization and VPN

• Deploy a flexible and centrally managed solution, which can cater to different office sizes and deployment scenarios

DEPLOYMENTFortiGate-1240BFortiGate– 311CFortiGate- 111C FortiGate-81CFortiManager-400A FortiAnalyzer-800

INDUSTRYManufacturing


49


Havells Sylvania is one of the world’s largest designers and suppliers of lighting systems. The group primarily has presence in Europe and South America, and the current emphasis is on growth in Asia and the Middle-East. Havells Sylvania focuses its resources and technical knowledge on innovative and customer-focused lighting solutions, offering a complete range of lights and fixtures for both professionals as well as private individuals. The company sells its products on all markets under the brand names of Sylvania, Concord and Lumiance.

Havells SylvaniaFortinet guarantees Sylvania’s worldwide network security

SituationIn 2004, Sylvania undertook some major changes in its network infrastructure and security strategy. The business that once consisted of just four decentralised sites, now boasted more than fifty, making the management of separate security applications almost impossible. So, the main criteria for the selection of the new security solution was to allow an all-in-one approach to facilitate the management of the various sites, increase the stability of the applications to limit the number of potential security breaches to an absolute minimum, enhance user-friendliness for IT managers out in the field, and considerably reduce the overall solution cost.

Koen Moors, former IT Manager of Havells Sylvania explains: “After a thorough analysis, we opted for the then less well-known Fortinet. They were the only supplier able to cope with all these objectives, and above all, a pioneer in the UTM appliances in which I strongly believed.

Fortinet had the advantage to offer an entire range of security solutions that were adapted to the specific needs and amplitude of a site, but that was also based on a single home-grown platform, allowing an easy-to-use but highly performing network security solution. Now, five years later, I am proven to have made the right decision at the time.”

SolutionHavells Sylvania has a relatively centralised IT structure, consisting in two large data centres in Amsterdam and Brussels, plus around fifty sites spread all over the world. Amsterdam is the centre for connectivity, including the worldwide mail server, VPN and Web servers; whereas Brussels is the centre for management programs, such as ERP. The data centres and the remote sites are interconnected via one large MPLS network.

Fortinet’s FortiGate integrated multi-threat security appliance screens all incoming and outgoing traffic, which is dispatched via the leased line or via the local Internet connection. The various worldwide locations are interconnected through a virtual private network, also enabled by FortiGate appliances.

Through the use of one unique FortiGate security appliance, Fortinet provides all the essential security functionalities. These include a firewall, an anti-spyware and anti-virus program, an intrusion detection and prevention system (IDS/IPS), content filtering (URL filtering) and SSL VPN. Given the increasing performance of Fortinet’s security appliances, smaller appliances can today also guarantee the security of large networks.

At Havells Sylvania, Fortinet provides global security with more than 50 FortiGate systems in total. Recently, 31 appliances were renewed: 20 FortiGate-60B appliances, nine FortiGate-110C appliances and two larger FortiGate-310B appliances. The entire configuration is completed with FortiManager and FortiAnalyzer for centralised management and reporting. 50


Moors explains: “The FortiAnalyzer performs the analysis, logging and reporting of the data recorded by the Fortinet appliances. Reporting can be tailor-made, which means that the administrators can manage the network efficiently, analysing it from a policy and compliance perspective, but also in terms of attack patterns against the network.

This also provides us with a clear view of our network status and it enables us to quickly respond to any changes.”

He continues: “With the FortiManager which we recently purchased, we also have a central management tool available, which enables us to monitor the various sites from one single location, to analyse and configure it and even to update its software. This is an enormous gain, both in time as well as in the uniformity of our applications.”

SuccessThe FortiGate appliances have been developed to offer cost-efficient, complete network protection against sophisticated and numerous Internet threats, including blended attacks from cybercriminals.

“The two FortiGate-310B appliances are the core of our network, as they secure the data centres in Amsterdam and in Brussels and by consequence have to cope with a lot of traffic.

This appliance truly offers unique firewall and VPN throughput performance and has the ability to provide security segmentation which allows greater flexibility in managing networks with a higher degree of precision” says Moors.

“Naturally, we do not have unlimited IT budgets available, so it was important to make a well-considered and carefully thought out choice. With the validated Fortinet solutions, we have opted for a progressive player, a choice which we certainly do not regret, because since the beginning of our collaboration we have not had any more security issues and we are not losing any processing speed either.“ “In addition, all Fortinet boxes are produced identically and offer the same features. In contrast to many other suppliers, this simplifies configuration and management and it also enables us to work in a much more personalised way. Fortinet is an extremely powerful, highly user-friendly and cost-efficient specialist in network security,” concludes Rajesh Bhatia, vice president IT at Havells Sylvania.

"Fortinet is an extremely powerful, highly user-friendly and cost-efficient specialist in network security.” Rajesh Bhatia, Vice President of IT

CHALLENGES• Management of separate

security applications

OBJECTIVES• All-in-one approach to facilitate

the management of the various sites

• Limit the number of potential security breaches to an absolute minimum

• Enhance user-friendliness for IT managers out in the field

• Reduce overall solution cost

DEPLOYMENTFortiGate-60BFortiGate-110CFortiGate-310BFortiManagerFortiAnalyzer

INDUSTRYManufacturing

COUNTRYBelgium

51


Other Sectors

Fortinet solutions improve performance, increase protection and visibility while simplifying the IT security infrastructure of companies from all market sectors


Amadeus Hospitality provides thousands of international hotel and catering industry customers with applications for profitable hotel management, worldwide distribution and IT hosting. Due to the multitude of personal data held in hotel IT systems ranging from guest addresses, staff payrolls to customer credit card and bank details, it is vital that Amadeus Hospitality guarantees the hotels and their guests 100% security for this data.

Amadeus HospitalityThe hotel IT arm of Amadeus sleeps easy thanks to Fortinet

SituationFollowing a series of security breaches and data corruption at a number of hotels, Amadeus Hospitality in Germany made the decision to completely re-work their security infrastructure.

The need for a complete overhaul of the security infrastructure was first recognized in 2005 following complaints from hotels about virus attacks resulting in server crashes and data loss.

The IT staff at the German Amadeus Hospitality realized that their existing firewall – which had been in use for over five years and was limited in terms of performance and features – was no longer able to cope with the increasingly cunning cyber threats and the speed and depth of attacks. In addition, the remote monitoring and maintenance to the hotels via 1300 ISDN call up lines was increasingly slow and cumbersome.

“At Amadeus Hospitality, we make long-term decisions relating to our IT infrastructure. When we came to assessing new security solutions, we had to consider how the security provider was positioned on the market and be sure that the technology would provide us with a fully secured environment and would not only meet the current stringent requirements but also be able to adapt to new security challenges and demands”, said Marcus Schmid, Director IT Projects and Services at Amadeus Hospitality.

SolutionAmadeus Hospitality ran a comparative test with three vendors – Netscreen, SonicWall and Fortinet – looking for the solution that would allow a simple and secure network environment. To do so, there were two main issues that had to be solved. First of all, the new firewall platform should offer high performance and add on security features such as virus scanning and intrusion prevention internally and for the hotels and branch offices. Secondly, to replace the ISDN lines, the platform should offer two-way security using VPN functionality. Finally, with the main task of hotels being to concentrate on their guests and not IT issues, ease of deployment and management was also a key criterion. After a detailed analysis of all three solutions, Amadeus chose an infrastructure based on FortiGateTM integrated multi-threat appliances from Fortinet.

“We were impressed by the range of features that Fortinet offers,” says Marcus Schmid. “None of the other firewalls we looked at were able to offer us integrated IPS or anti-virus functionality. Fortinet offered us a complete package. Also, the performance of the Fortinet firewall was second to none.”

Amadeus Hospitality has deployed two FortiGate-400A and two FortiGate-1000A appliances in their headquarters in Vaterstetten near Munich. The FortiGate-1000A appliances are clustered for high availability and provide all the critical security functions – including firewall, anti-virus, anti-spam,

54


web content filtering and IPS - to the core network on which the 130 employees of the German Amadeus Hospitality are connected. The load balancing functionality helps maintain high performance levels and the flexible zoning feature means that Amadeus Hospitality can create separate security policies for internal departments and applications. The two FortiGate-400A appliances serve as the VPN hubs for the remote connections to the hotels served by Amadeus Hospitality. Due to strict SLAs with their customers, these appliances are installed in a clustered configuration. The hotel business works 24/7 and has the same expectations of the security solution. Also, Amadeus Hospitality in Vaterstetten is not just serving hotels in Germany or Central Europe but 6.700 hotels around the world – in a range of different time zones.

And to date 150 hotels around the world have a FortiGate-50B or FortiGate-60B security appliance installed, which serve as VPN tunnels connecting to the FortiGate-400A appliances in Vaterstetten. Each appliance is equipped with full UTM functionality including IPS, anti-virus, firewall and antispam. Thanks to the VPN connections, the IT staff at Amadeus Hospitality can monitor the hotel appliances and trouble shoot remotely if necessary.

Due to the simplicity of the FortiGate appliances, the installation could be carried out by Amadeus Hospitality IT staff. In spite of the relatively large and widespread installed base, the initial infrastructure was up and running within two weeks. Adding new VPN tunnels with hotels is a matter of an hour or less.

Success Amadeus Hospitality is completely satisfied with their solution. The administration efforts for the IT department have been considerably reduced and maintenance is easy, even though the remote security appliances have to be managed centrally by the IT team in Vaterstetten. To improve the transparency, Amadeus recently extended their Fortinet solution by adding FortiAnalyzer, Fortinet’s real-time network logging, analyzing, and reporting tool. This system enables the team to collate and analyse log data from all the Fortinet appliances, giving them a comprehensive view of network usage and security information. As a result, they can create tailored reports on the activity of the appliances for internal purposes or to report connectivity and performance levels back to the hotels.

As Schmid reports, the hotels have also noticed an improvement and a drop in security breaches as a result of the new security infrastructure: “In the past, a lot of our customers had little or no security solution in place. Now they have a complete package and can rest assured that they are safe from hackers and viruses, which may corrupt the integrity of their assets. We appreciate the simplicity and manageability of the infrastructure – and our ability to meet our internal SLAs and also guarantee our customers a high quality of service so that they are free to concentrate on their own customer services.”. Schmid concudes: "We were looking to create an environment with minimal maintenance and maximum security. We have found Fortinet to have met and gone beyond our needs”

"We were looking to create an environment with minimal maintenance and maximum security. We have found Fortinet to have met and gone beyond our needs.”Marcus Schmid, Director IT Projects and Services

CHALLENGES• Address a series of security

breaches and data corruption at a number of hotels

• Provide a fully secured environment able to adapt to new security challenges and demands

OBJECTIVES• Protect personal data held in

hotel IT systems

• Benefit from high performance and add on security features such as virus scanning and intrusion prevention

• Provide all the critical security functions to the core network

DEPLOYMENT2x FortiGate-1000A 2x FortiGate-400A 150 x FortiGate-50B & 60BFortiAnalyzer and FortiManager

INDUSTRYTourism

COUNTRYGermany

55


Canon IT Solutions offers system integration and consulting as well as various software development services and sales at Canon Marketing Japan’s IT services company. The philosophy is to provide business value creation for their end customers as a total solution provider in various business fields.

Canon IT SolutionsFortiGate appliances power Canon IT Solution's managed security services

SituationThe data center services of Canon IT Solutions have been in operation, focusing on IT services for Canon Marketing Japan.

With three data centers, including two based in Tokyo and a third in Okinawa, Canon IT Solutions provides housing and hosting services for a wide range of end customers.

As part of their hosting services, Canon IT Solutions offers three types of services that provide customization to meet all customer needs: “Pro” for dedicated server, “Select” for dedicated server and shared network, and “Virtual” for multi-tenant services with virtual server and shared network.

As a value-add to hosting services, service providers are increasingly looking at offering network security functions such as firewall and antivirus.

Canon IT Solutions therefore decided, at the beginning of their hosting services business, to offer firewalling as a standard networking service feature and optional security services, including antivirus and IPS to meet end-customer specific needs.

SolutionCanon IT Solutions selected Fortinet’s FortiGate integrated multi-threat security appliances for delivering comprehensive network security services including firewall, antivirus and IPS to enhance their hosting services.

In 2009, the company chose the FortiGate-620B device for shared firewall services as a part of its “Select” hosting service offering, and deployed the FortiGate-1240B appliance to provide shared firewall, antivirus and IPS services for its “Virtual” hosting service offering, which started in June 2010.

With Fortinet’s virtual domain (VDOM) feature, the FortiGate appliances can be virtually divided into multiple, separately provisioned and managed instances.

This feature allows Canon IT Solutions to provide the best security services to each customer, while meeting its needs in terms of high reliability, high performance and high profitability.

According to Mr. Nobuyoshi Kobayashi, responsible for the Internet Data Center Infrastructure Management Department:

“The key point for us was that Fortinet’s appliances included the VDOM function as a standard feature, which would allow us to have multiple virtualized independent security domains on a single device. It meant that we could provide the best network security functions to each of our end customers through our physically shared common firewall

56


service, by assigning a different security policy to each of the VDOMs.”

Before implementing the FortiGate solution, Canon IT Solutions was offering shared firewall services only through a general-purpose server, which had firewall software installed.

“Based on our long experience in hosting services, we were concerned that using the one same firewall for multiple end users would weaken their protection and we were convinced that the only way to cope with this critical issue was to move forward with the VDOM function,” continued Mr. Kobayashi.

Through its “Virtual” service, Canon IT Solutions started offering antivirus and IPS as optional functions while providing firewalling as a standard one via the FortiGate-1240B.

Mr. Kobayashi said: “In the past, we were using different servers for different security functions. The FortiGate deployment enables us to provide comprehensive security functions with a single UTM device, which bring us higher service availability thanks to the reduction in the potential points of failure.”

Success

Now, Canon IT Solutions is considering the deployment of the FortiAnalyzer centralized platform to improve its end customers services in terms of reporting, logging and analysis.

Fortinet’s appliance would enable end users to modify their security policies remotely, by providing a simple user interface with selective configuration items.

At Canon IT Solutions, there is an ongoing plan to open a tier-4 class data center by 2012, which would be an IT service foundation for Canon Marketing Japan.

“Their hosting services are planned to move to that new data center. We are considering leveraging on our expertise and experience in our current hosting services to set up a new service provisioning model, which would enable us to build customer private clouds”, said Mr. Yasushi Ishihara, Manager, Internet Data Center Services Product Planning Department.

The Fortinet solutions are expected to be an important component of those new Internet Data Center services.

"The FortiGate deployment enables us to provide comprehensive security functions with a single UTM device, which bring us higher service availability thanks to the reduction in the potential points of failure.”Nobuyoshi Kobayashi, Responsible for the Internet Data Center Infrastructure Management Department

CHALLENGES• Add network security as value

add to existing hosting services

OBJECTIVES• Benefit from virtualization

capabilities for high reliability, high performance and high profitability

• Provide high-level security and flexible services to customers, including firewall, antivirus and IPS

DEPLOYMENTFortiGate-620BFortiGate-1240B

INDUSTRYInformation Technology

COUNTRYJapan

57


Sodexo Nederland is part of the Paris-based Sodexo Group. With 380,000 employees working at 33,900 sites in 80 countries, Sodexo is the biggest international food & facilities management services organization in the world. In the Netherlands, Sodexo operates at 1,350 sites where more than 6,200 employees provide food services, facilities management services, remote sites services and party catering & events for more than 350,000 guests and end-users.

Sodexo NederlandRelies on FortiGate solution for nation-wide VPN

SituationIn 2008, Sodexo Nederland adopted a new purchasing policy for its food-services sites, which is web-based. This policy is based on a SAP material management system that includes all the products provided by Sodexo Nederland’s suppliers. The advantage of the web-based approach is that the application can be accessed centrally by all users on site so that they can place all the daily orders they need for their catering services on customers’ premises.

“On the other hand, however, this way of working brings an increased security risk if no further measures are taken,” says Eric Balfour van Burleigh, IT Manager at Sodexo Nederland. “The ICT infrastructure in the Netherlands comprises five offices, two data centers and about 800 sites nationwide that are linked to each other via a VPN (Virtual Private Network).”

Introducing a central purchasing system provides Sodexo with other benefits. For instance, it improves management information, which enables the organization to gain a better overview of its daily business. The sites are linked to Sodexo’s VPN network by an ADSL connection, which provides them with direct access to the product catalog.

This system enables the sites to place orders directly while invoices are sent straight to the head office in Capelle aan den IJssel.

SolutionSodexo’s previous security solution no longer answered the requirements or fitted in with the new policy. So, a shortlist of possible candidates was drawn up. Sodexo’s ICT managers were familiar with Fortinet. Fortinet’s Unified Threat Management (UTM) approach, in which the managed security functionalities are combined into a single solution appealed to them, and offered Sodexo possibilities for consolidating different security components.

“Our strategy is to achieve the maximum with the minimum amount of hardware and that also applies to the setup of our network security. The inherent benefits of Fortinet’s approach to security are entirely in line with our strategy. The bottom line is that Fortinet has managed to integrate various solutions in a single appliance.

A major advantage for us is also the ability to make the maximum use of all the benefits that this technology provides at the best possible price-performance ratio for our network – and what makes this even more important is that finally almost all sites will be connected to the network,” says Eric.

The FortiGate-1000A was selected beause it represented a robust all-in-one solution that not only includes excellent firewalling but also antivirus, antispam and intrusion prevention. Another important decision factor was the high firewall and

58


VPN throughput of 2 GBps and 600 MBps respectively delivered by Fortinet’s network security appliance. The license structure applied to the SSL VPN technology (per unit instead of per user) was another key point as it helped Sodexo ensure comprehensive security in the business use of the Internet. Success In 2008, the FortiGate-1000A became operational following a test & evaluation period that was more or less error-free. “We found that the FortiGate-1000A all-in-one security appliance provides us with the reliability and flexibility that we need to protect our nation-wide VPN,” says Eric. The use of so-called VDOMs (virtual domains), one of the virtualization functionalities of FortiGate, makes it possible to formulate security rules for each user group and to enforce their use.

“The management interface is so accessible and FortiGate is so user-friendly that system administrators need very little security expertise. FortiGate’s GUI looks good and is fully web-based; installing a firewall is simply a matter of checking boxes.”

Eric also stresses the Fortigate-1000A’s excellent price-performance ratio: it is possible to virtualise almost unlimited firewalls and to install SSL VPNs without having to buy a license in each case.

After a year and a half of use, the deployment of the FortiGate-1000A is showing clear results. “Management work has been noticeably reduced and FortiAnalyzer provides us with integral reporting that gives us a far better insight into what’s happening. There have been no security incidents as yet and, of course, we want to keep it that way.

Partly due to the FortiGuard subscription for automatic updates, we’ve had no trouble with viruses, spyware or spam. This has already relieved the system management department of a considerable burden, allowing the administrators to focus on other important issues,” concludes Eric Balfour van Burleigh.

"Management work has been noticeably reduced and FortiAnalyzer provides us with integral reporting that gives us a far better insight into what’s happening. There have been no security incidents as yet and, of course, we want to keep it that way.” Eric Balfour van Burleigh, IT Manager

CHALLENGES• Secure the web-based

purchasing application used by all Sodexo’s catering services nationwide

OBJECTVES• Create a secure

communications network comprised of five offices, two data centers and about 800 sites nationwide

• Minimize hardware requirements for security deployment

DEPLOYMENTFortiGate-1000AFortiAnalyzerFortiGuard Subscription Services

INDUSTRYFood & Hospitality

COUNTRYNetherlands

59


AMERICAS HEADQUARTERS

1090 Kifer RoadSunnyvale, CA 94086United StatesTel +1.408.235.7700Fax +1.408.235.7737

EMEA HEADQUARTERS

120 rue Albert CaquotSophia AntipolisFrance 06560Tel +33.4.8987.0510Fax +33.4.8987.0501

APAC HEADQUARTERS

300 Beach Road 20-01The ConcourseSingapore 199555Tel +65.6513.3730Fax +65.6223.6784

Copyright© 2011 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Nothing herein should be considered a representation, guarantee, warranty or contractually binding provision .

www.fortinet.com

fortinet success stories...operating under the brand “3”, hwl is paving the way for 3g...

Documents