Customer Name: University of Cambridge Institute for Sustainability Leadership
Industry: Education
Location: Cambridge UK, offices in Brussels and Cape Town

Business Impact

End-to-end, integrated high performance, high availability security for growing needs.

Dramatically improved visibility, reporting and management of application and network behavior.

Peace of mind against new and emerging threats at highly competitive performance/price point.

The world needs practical solutions to sustainability challenges such as climate change and energy security, and global leaders are expected to deliver. This is the purpose of the University of Cambridge’s Institute for Sustainability Leadership (CISL) – a specialised institute delivering the highest quality executive education and support to government, NGO and corporate leaders from around the world.

Based in the UK city of Cambridge and with offices in Cape Town (South Africa) and Brussels (Belgium), CISL retains around 50 full time staff and collaborates closely with many other key industry and academic contributors in the delivery of sustainability leadership courses and events. This international collaboration has placed increasing pressure on internal IT resources to ensure network services are continually available,
and that the user experience of applications and access to shared files is unimpinged and highly secure.

Concerned about new and emerging threats, time-consuming configuration and management challenges, poor throughput performance and a lack of visibility into applications on the network, CISL sought to replace its 3Com Superstack 3 firewall with a far more robust, high performance security solution for the network perimeter. This has led to the deployment of two FortiGate-100D integrated security appliances to provide a host of protection capabilities including next-generation firewall, application control, IPS, anti-virus scanning and traffic shaping.

Solutions & Results

As an institute within University of Cambridge, CISL has sufficient autonomy to seek out the best possible solution to its unique IT needs, and drew up a ‘wish-list’ of technical capabilities for its replacement firewall, including: Application control, URL filtering, AV scanning, intrusion alerting (IPS), high availability (HA) mode, identity based policy enforcement, on-premise IP routing and browser-based management providing an understandable, actionable dashboard view and quick, easy configuration.

Having helped thousands of leaders over 25 years, CISL wanted to grow its business and its IT network into the future, as CISL IT Manager Ellis Karim explained. “We’re a small IT team who cover everything and, while we aren’t firewall experts, we just knew that the old devices would only get more troublesome in the face of extra demands. We were worried that threats were in danger of breaking through though we had no visibility of what was going over the network. We felt there must be firewalling capabilities out there which went beyond simple port and protocol blocking.”

Karim turned to his peer group of IT managers at other institutes and colleges, to gather views and advice about where to turn for a solution. The turning point was the successful Fortinet implementations he encountered, which led to an install project for two FortiGate 100Ds (in High Availability cluster) at CISL planned with Fortinet Gold Partner, Metropolitan Networks.

“Suddenly the network was made visible to us and we started to see where the bandwidth was being spent and where to take action,” recalled Karim. “The FortiGate-100D gives us great value per Gigabit performance and terrific functionality, including the ability to now route all our traffic internally
with each IP packet security-inspected, and receive daily emailed reports. We’re able to create simple, clear rules about specific applications and user groups – which is a great benefit that reduces the burden on me being the only person on the IT team with the skills to manage security.”

Helping each stage of the implementation was the team at Metropolitan Networks. “Setting up the FortiGate solutions and segmenting each virtual network domain is very straightforward, but we chose to take a two-stage approach to the rollout because of the challenge caused by the extremely
complex, non-standard configuration on the old firewall,” added Karim. “Metropolitan Networks were fantastic and we relied heavily on them to ensure no downtime during the changeover. We weren’t firewall experts before, and now we never have to be thanks to Fortinet and Metropolitan Networks.”

Each FortiGate-100D is backed by FortiGuard, Fortinet’s extensive global research capability, that protects against new and emerging threats by examining the latest cyber-criminal activities and techniques to deliver real-time, around-theclock protection.
Looking to the future, CISL are cognisant of the potential to derive even greater value out of their FortiGate-100Ds by exploiting more of its on-board integrated capabilities.
Among these is the two-factor authentication server that comes with every FortiGate, and extracting more use from its IPSec and SSL VPN functions. “Time will tell what else we select from the toolset, but we’re confident we can do more without affecting performance or the stability of our growing.