Replacement of 19 firewalls at multiple locations
Projects
Anastasia Timmermans
Projects
06/26/2024
2 min

Replacement of 19 firewalls at multiple locations

06/26/2024
2 min

For one of our customers in the education sector we have replaced all 19 firewalls at 15 locations. The ICT network, including the firewalls, has been entrusted to us for management and maintenance for years.

The cyber security of any organization is a major responsibility. Recent research however shows that the education sector is an above-average target of cyber attacks (source: Check Point Software Technologies).

Why do the firewalls need to be replaced?

Most firewalls need to be replaced after about 5 to 7 years. That is why we generally consult with our customer at the beginning of the fifth year after installation about their wishes and requirements for the replacement.

Of course we also think about the costs, because you may not want to replace it until a year later. Replacing every five years is actually a guideline based on depreciation and whether the firewall is end-of-sale. Many firewalls become end-of-sale within 5 years on average.
Is the end-of-sale phase over? Then you still have a maximum of 5 years of support from the supplier.

End-of-support must really be an important trigger for you, because you will no longer receive software updates and support.

Why is it so important to replace firewalls in a time and maintain them properly?

Repeatedly outdated firewalls – and in particular firewalls that are not patched in a timely manner – pose a risk of cyber attacks and data leaks. As firewalls age, their vulnerability to new threats increases. Older models are often no longer updated with the latest security patches and updates.

Maintain your firewalls frequently and replace them in time. By upgrading to new models supported by the manufacturer in a timely manner, you can optimize the security of your network and minimize the risk of breaches. A well-maintained and patched firewall ensures that your network remains secure and confidential data is protected against malicious cyber attacks.

The choice of the right firewalls

A new generation Fortinet firewall was chosen for the replacements.
From the 3O E for the small locations and from the 60 E for the larger locations, we switched to the 40 F for all 19 firewalls. The 40F has higher technical specifications than the 60E and the 30E, but is cheaper in support and security services than the 60E.
The 40F is the smallest firewall of the F generation, but because the specifications are better than the E generation, it is more than sufficient for the coming years, even for the larger locations where a 60E was located.

When selecting this type of firewall, careful consideration was given to the performance of the firewall such as 'firewall through-put' and 'inspection through-put'.

The implementation – well prepared is much more than half the battle

Thorough preparation is almost everything, so every step is discussed, planned and prepared in advance. By setting up and following a thorough implementation process we ensure everything runs smoothly and securely.

We took over the configuration from the existing firewalls and carried it out on site. The customer does not need to be disturbed for anything. In addition, the most recent software version was installed and of course attention has also been paid to the physical replacement.
When you stand in front of the patch cabinet with your new firewall, you don't want to find out that you can't hang the device on anything, do you?
We measured and tested the dimensions of the mounting brackets in advance. The order of placement was discussed and coordinated with each location in a advance. Of course, we consciously opted for replacement during the school holidays in May. As little disruption and downtime as possible.

The results are impressive! On Monday after the holidays, all 15 locations were able to work undisturbed. Replacing 19 firewalls silently, all in less than two weeks. At  the surface it seems nothing has changed, but the network is well secured again for the foreseeable future.

Categories