Challenge
Three sites, more devices, and remote access to secure.
The organization ran three interconnected facilities with growing infrastructure demands, more connected devices, and expanding remote-access needs. The existing network needed stronger security controls, better traffic isolation, and standardized management across locations.
Key challenges
- Multiple facilities needing centralized security governance
- Diverse device types sharing the same network
- Remote workforce requiring secure VPN connectivity
- Traffic isolation between critical systems
- Protection of servers and business applications
- Secure integration of IP telephony, CCTV, and wireless
- High availability for critical services
Solution
FortiGate firewalls and VLAN segmentation, multi-site.
Designed and implemented a multi-site enterprise security architecture built on FortiGate next-generation firewalls and VLAN-based segmentation.
A high-availability FortiGate cluster at the primary site delivered resilient VPN services and centralized inter-site communications, while FortiGate appliances secured the secondary facilities under consistent security policies.
Traffic was segmented into dedicated VLANs by business function and device type — reducing lateral-movement risk and improving operational control — with secure remote access, centralized management, and stronger protection of critical assets.
Results
A secure, segmented enterprise network.
- Centralized security governance across all sites
- Traffic isolated by function and device type
- Reduced lateral-movement risk
- Secure remote access for the workforce
- High availability for critical services
Technical specifications
Architecture & segmentation.
Security infrastructure
- FortiGate NGFW
- FortiGate high-availability cluster
- IPS
- Application control
- Web filtering
- VPN security policies
Network architecture
- Three interconnected facilities
- VLAN segmentation
- Layer 3 routing
- Secure inter-site communications
- Centralized policy management
Network segmentation
- User network — office workstations
- Wireless — corporate & guest Wi-Fi
- Infrastructure — servers, virtualization, storage
- Security systems — CCTV, access control
- Communications — IP telephony, VoIP
- Peripheral — network printers, IoT
Connectivity
- Site-to-site VPN
- Remote access VPN
- Redundant WAN architecture
- Multi-location connectivity
High availability
- Primary site — 2 × FortiGate, active/passive HA, automatic failover
- Secondary sites — FortiGate gateways, centralized policies