THE CHALLENGE
The Lisbon School Department covers the educational needs of the surrounding community. Four campuses comprise the Department: Lisbon High School (350 students), Philip W. Sugg High School (275 students), Lisbon Community School (650 students), and Head Office. The interconnection of the campus with speed and security is essential for the IT infrastructure of the Department.
The campus interconnect needed an upgrade. Equipped with 1 Gbps circuits at each site, which previously could not be fully exploited due to poorly performing firewalls, newer, more robust termination equipment was needed. And, as with all municipal school districts, capital funding was tight and the bandwidth of supporting resources was tight.
THE SOLUTION
James Churchill, the School Department’s Director of Technology Systems began the search. A Linux-based solution had been in use since 2002, so any solution would have to accommodate existing needs, including routing via iptables, while adding building-to-building VPN connectivity, a single firewall at each location ( with the ability to authenticate users across firewalls), remote access for up to ten concurrent remote users per building, and the ability to scale for an annual two-day conference in October that attracts a large number of vendors.
Churchill did what we hear so often, he asked others. Super busy, he opted to speed up his search for solutions by consulting fellow IT folks (in this case, the Maine Association of Information Technology Educators, ACTEM) for recommendations. Several school departments were using pfSense® Plus software running on Netgate® devices for their firewalls.
He approached Netgate and began their collaborative discovery process to find the best product. It was determined that the Netgate 5100 would be the perfect choice for each location. With up to six fully independent 1 Gbps Ethernet connections, the 5100 provides an affordable 1 Gbps Layer 3 router/firewall. In addition, its 2.2 GHz Intel®1 Atom C3558 CPU with QuickAssist instructions, AES-NI, and SHA (which helps with OpenSSL and OpenVPN) provides all the power needed to support high-bandwidth encrypted traffic processing between each campus.
Two more needs were discussed. Having a school go offline due to hardware failure is no one’s dream, but it also does not financially justify a fully redundant Layer2/Layer3 network. Therefore, a solution of five devices was decided together: four live and a fifth as a cold spare. Instead of keeping the spare in a closet, it would be powered up in a school lab where students could use pfSense software to learn all about networking.
The final solution consideration was that installation and configuration needed to be fast, transparent, and error-free. While pfSense Plus software and Netgate appliances are respected around the world for their robustness, ease of use, and reliability, the Lisbon School Department needed reassurance that the transition would go smoothly. Details always matter and in this case they included the basic configuration of pfSense Plus firewalls in four locations, migration of iptables configurations, configuration of firewall rules, migration of DHCP configuration to pfSense, Site-to-Site VPN reformed from OpenVPN to IPsec, OpenVPN remote access configuration, lab modeling, testing, and deployment.
Churchill quickly recognized the need for professional services to help with the design, configuration, and implementation of the network. He added three years of TAC support for future business assurance support. While he has technical skills, his time is valuable, and Netgate engineers do this every day, faster and more cost-effectively than almost any customer alone. The decision was even easier to make once he looked at Netgate Global Support’s stellar customer satisfaction ratings.