Higher Education Institution Improves Network Visibility and Control
Challenges
Vandis has been a trusted advisor to this organization for many years with previous engagements revolving around improving their wireless infrastructure. Due to the extensive relationship that has been built, this higher education institution reached out to Vandis to work on a firewall replacement project. The university was concerned that their recent growth would cause instability on their network and critical applications. The institution was unhappy with their current legacy equipment and wanted to find a new solution that would be flexible, reliable and cost effective.
Unlike many higher education institutions, this school only has three weeks throughout the entire year when classes are not in session. Vandis realized this window of time would be most opportune to complete the project as the students would be gone and the network could undergo the necessary downtime to complete the cutover. As with most educational opportunities, budget constraints played a factor and needed to be taken into account by the customer as well as Vandis.
Selection Criteria
The main objective of this project was to replace the school’s existing firewall platform with a single solution that reduced the footprint of their security infrastructure while increasing visibility and control within the network. Also, the school asked Vandis to migrate all of its security and NAT policies over to the new technology and create a proposal for professional services to perform the configuration.
Solution
Vandis Engineers were involved in several discovery calls to discuss the policies, setup, and issues that were being faced. During implementation of the new solution there was a Vandis Senior Network Security engineer onsite to architect the deployment and address any questions or concerns the school might have.
A POC was not done as the school trusted Vandis to provide them with a viable solution that met their requirements and addressed their pain points. Vandis introduced Palo Alto Network’s firewall technology to the school through a hands-on demonstration that took place onsite. This demonstration included a half-day technical workshop where the customer learned to configure security policies that would enable visibility and control over the applications, users, and content traversing the network. After working hands-on with the technology and experiencing the advanced features, the school was ready to make a purchase and looked towards Vandis to decide which size appliances met their needs. The school ultimately purchased an HA pair of PA-5050s and two HA pairs of PA-3020s based on Vandis’ recommendations. Vandis’ experience and architect-level engineers not only addressed their current situation, but took into account future growth as to best protect their investment in the technology. Vandis then suggested activating Threat Prevention (IPS) for security and URL Filtering for control and visibility of the network. In addition, this school deployed a virtual edition of Panorama which is Palo Alto’s management platform. By enabling this feature, the school is able to centrally manage and configure firewalls across their network from a single pane of glass while also providing valuable forensic reporting and logging.
Results
With the new solution deployed as a perimeter firewall at multiple locations across the country, the customer was able to replace their legacy solution and drastically improve both the student and faculty network. Due to IPS and URL Filtering built into the Palo Alto Networks platform, the client was able to reduce the footprint on their security infrastructure. The strategic planning and pre-staging efforts from Vandis’ professional services team enabled the cutover to be completed in two days. Vandis then returned onsite for the first two days of the new semester to ensure system stability when students returned to classes. In addition, there was a follow up call that took place two weeks later to address any questions over policy configuration and testing.