Designing a firewall solution for a complex multi-campus polytechnic

WelTec and Whitireia Community Polytechnic were looking for a firewall solution that would deliver high-quality internet access across their campuses.

pf1 v2“With REANNZ, we have a trusted partner who is flexible, cost effective and highly competent. I can pick up the phone and talk directly with a networking expert who knows us and understands our network.”

Paul Fallon, Chief Digital Officer, WelTec and Whitireia

The Wellington Institute of Technology (WelTec) and Whitireia Community Polytechnic were looking for a firewall solution that would deliver consistent, high-quality internet access across their campuses. They wanted to improve network performance, allow better connectivity, improve security and reduce their technical footprint.

Both the Firewall as a Service (FaaS) project and implementation were highly complex. At the time, it involved ten campus networks, two old firewall products and four geographically dispersed firewall clusters. The project was part of a larger programme of work which included the opening of Te Auaha (a new smart server-less building), rolling out Wi-Fi as a Service, upgrading WAN hardware, replacing the LAN, and changing the WAN infrastructure from a switching (layer 2) to a routed (layer 3) network.

Paul Fallon describes the project as, “a bit like undergoing open heart surgery whilst playing football.”

The shared WelTec and Whitireia ICT Services department approached REANNZ. They were aware that GNS had already successfully implemented REANNZ’s managed firewall. They needed a trusted partner that was flexible, cost effective and highly competent.

The solution

Together, we workshopped options. REANNZ then developed an in-house tool to translate and automate firewall configurations into the FortiGate solution (a next-generation firewall), saving months of work.

FortiGate’s policy-based traffic filter restricts traffic to that permitted by the organisation. It reports usage and flow information, which WelTec and Whitireia use to continuously improve security. The resulting firewall service provides a managed highly-available environment, consistent rule-based policy across all devices, and the underlying firewall technology is continually monitored and maintained. In addition, we merged the security zones for all staff and students across the two polytechnics which terminate on the managed firewall.

REANNZ provides the resilient WAN connectivity for both WelTec and Whitireia polytechnics to REANNZ’s Points of  Presence (PoPs) where the firewall service is hosted. Their main campuses have dual 10Gbps links to REANNZ that provide redundant connectivity. Each campus is connected to two different REANNZ’s PoPs enabling data to travel over two different paths to their Infrastructure as a Service (IaaS) platform which runs in a Hamilton data centre and the outside world.

All Whitireia and WelTec servers and services are run out of this data centre, including the telephone system. The result is virtually no jitter, very low latency and no additional networking contracts or connections as REANNZ peers directly with a telco to transit all telephone calls through the REANNZ network.

 

“We took REANNZ’s advice to not get in the way of network traffic or restrict performance with traffic shaping or proxy servers. Consequently, we’ve seen an increase in network performance, a decrease in complaints about internet speeds, and cost savings.”

Paul Fallon, Chief Digital Officer, WelTec and Whitireia 

“Firewall as a Service not only increases connectivity and security, it enables one network engineer to manage the all campuses and data centre,” says Paul Fallon.  “In addition, REANNZ engineers saved $20K in hardware upgrade costs by re-architecting the network slightly differently to require less expensive software licensing. That’s not the sort of thing that would be offered up by a vendor in a commercial setting.”

In today’s digital world, interconnectivity between geographically dispersed campuses is vitally important. The WelTec and Whitireia firewall service provides an innovative model of secure and seamless connectivity.

“Taking an ‘as a service’ approach to Wide Area Networking and firewalling has meant that we can depend on recognised experts being focused on this technology and responding to threats 24/7, enabling us to focus on getting more from our ICT investment.”

A future national model?

Looking ahead, Paul Fallon says the REANNZ Firewall as a Service model that WelTec and Whitireia have implemented could be extended to provide a potential future platform to join more polytechnic networks together to provide a seamless interconnected experience.

“If there is going to be one national polytechnic across New Zealand, which the Minister is currently considering, then high-quality interconnectivity between campuses across the country is going to be vitally important, as is security. A Firewall model may be required that can span the whole country.”

For more information about REANNZ’s firewall solutions

Find anything about our products, services, and more. Enter a query in the search input above.