Case Study

Replacing Firewalls in a Large Medical Corporation

Case Study – Replacing Firewalls in a Large Medical Corporation, and building a large site-to-site VPN with remote-access

A client we’ve worked with for a few years decided to move from their existing firewall brand and model to Netgate pfSense. AGIX is a Netgate partner and well suited to assist, and we took on the project.

This case study has been repeated for several of our clients. Other clients in the Critical Infrastructure and Logistics industries are examples of organisations who’ve made this move.

The client had several offices (sites) in Australia. Each needed to be connected via a VPN that would allow the Windows domain to extend over all sites. Additionally, each site would allow remote workers to connect via remote-access VPNs to their respective sites. No VPN exists to facilitate securely shared recourses.

We placed a Netgate pfSense firewall in each location with redundancies in the primary (head office) location. The firewalls each had an OpenVPN connection between them to facilitate the site-to-site requirements. The remote-access workers would also use OpenVPN as their means to establish a connection to the business, and they used Viscosity for their client-side VPN solution.

Each site has access only to appropriate remote VLANs (factoring in protocols and ports) which was managed by the firewalls.

Authentication was managed using a Radius server running on Linux. The Radius server was require to “not” use domain credentials to ensure a higher level of security. That is, if the VPN credentials and certificate/key was to be compromised, the domain resources would remain inaccessible. An incident response plan existed to facilitate issues relating to this concern. In addition to a work-flow for managing user on and off boarding. This is critical.

Because remote-access staff were connecting to their respective sites directly, performance was optimised. Netgate pfSense firewall applications are very low-cost when compared to their equivalents from other vendors. pfSense supportes Geo Fencing and IDS features which go a long way to improving security. These features were used.

The client was happy with the results, the lower costs, and the improve performance/experience for remote-access workers.

Leave a Reply

Your email address will not be published. Required fields are marked *