Widener Universitys IT department is not your typical college network services department. Not only does it serve 8,000 students distributed across three campuses in Delaware and Pennsylvania, it also acts as ISP for a public school system and a new business incubator.
This meant that when Larry Pfeifer, network engineer at Widener, in Chester, Pa., went shopping for a new firewall, he had to look for a solution that was flexible enough to meet the needs of all the entities he serviced.
In May 2004, as the existing firewall solution from Nortel Networks Ltd. came up for renewal, Pfeifer recognized that it was no longer meeting the increasing security demands of his various constituencies and began looking for alternative firewall solutions.
Widener needed a solution that would give it more flexibility, a wider variety of security features and the ability to scale as the network grew.
Whats more, the solution needed to integrate smoothly into the existing Nortel network and the installed solutions.
"The firewall that was in place was a basic firewall that did port filtering," Pfeifer said. "We needed the same services with the new firewall, but there were certain other services we wanted to see, such as anti-virus, intrusion detection and intrusion prevention, and VPN."
Whenever Wideners IT department makes a purchasing decision, it has to take into account not only the computing needs of students and faculty but also the needs of the Widener Information Network Services, or WINS, the universitys community ISP program. Perry Drayfahl, director of technical resources at Widener, said the university developed WINS as a public service to build community rapport and as a way to defray its own costs and make use of excess network bandwidth.
"WINS was created to best use our Internet bandwidth and provide [customers] with ISP services at a cost they could afford. Were acting as ISP and maintaining the backbone supporting 13 Delaware County school districts and the Technology Park buildings [a joint-venture technology business park between Widener and Crozer-Keystone Health System]," Drayfahl said.
Pfeifer had an ongoing relationship with systems integrator Corporate Networking Inc., in Worcester, Pa., and he asked for advice on a new firewall from Tim Slattery, his account executive.
Slattery had worked with the WINS customers and was familiar with Wideners range of requirements, so he suggested Fortinet Inc.s firewall solution. The Widener team did look into Fortinets product and also evaluated products from Cisco Systems Inc., Crossbeam Systems Inc., Juniper Networks Inc. and Symantec Corp.
"Other vendors had pieces that you could put in line, but you needed multiple boxes for each service," Pfeifer said. "Fortinet had everything in one box. The other vendors also couldnt scale to the level that Fortinet could, and Fortinet worked in a multitiered environment where they provided edge-of-network anti-virus protection. We had Symantec inside [on the desktop] and Sophos [plc.] anti-virus on the e-mail server, and Fortinet worked with all of these solutions."
Pfeifer said he especially liked that Fortinet allowed his staff to put two firewall boxes in line on the network and share sessions across boxes, meaning that they could pull one box off the network and traffic could continue on the remaining box. While Pfeifer points out that no product can totally eliminate downtime, this capability provided a way to service the network while minimizing downtime.
According to Pfeifer, Fortinet offered the best price/performance ratio of the competing products. Equally important, it also provided the flexibility to set individual policies for each school district and each company at the Technology Park business incubator. This flexibility was essential to those businesses, Pfeifer said, because it provided their customers—each of which had unique needs—with the means to establish their own individual security settings.
In June, Pfeifer and Drayfahl made their decision and purchased two FortiGate-3600 systems, Fortinets enterprise security appliances for large enterprises and service providers. The boxes included real-time anti-virus, content filtering, firewall, VPN, intrusion detection and prevention, anti-spam, and traffic filtering capabilities.
Pfeifer and his staff waited until Christmas break to install the Fortinet boxes to minimize the disruption to the network.
"We have up to 60,000 people coming through our network, so we had to migrate at specific times that would not interfere with production," Pfeifer said.
So far, Pfeifer reports that the Fortinet solution has exceeded his expectations. In fact, the company has already added new services to help him better manage his security needs.
Pfeifer said he and the network team are so happy with Fortinet that they have plans in place to expand the Fortinet solution.
"We have actually in line two more 800 Series Fortinet boxes, and we want to establish an internal DMZ, which will allow us to have more open policies for end-user PCs and more stringent policies for the servers, so all servers will be behind [a protected] zone and will have stricter access policies," Pfeifer said.