Case Studies Ardmore Construction Group picks a winner with Palo Alto Networks

Case Study - Ardmore Construction Group picks a winner with Palo Alto Networks

Next Generation Firewall against other vendor firewalls

Computrad beats off the competition including Juniper, Checkpoint, Cisco and Barracuda to win a new account within the construction industry with Palo Alto Networks, Next Generation Firewalls.

An extensive bake-off between a number of leading vendor’s firewalls were put to the metal, with Palo Alto Networks, Next Generation Firewall emerging as the victor for network security and control.

The Ardmore Group were in the process of evaluating a number of firewall technologies and was approached by senior engineer Sunny Gill from Computrad Europe Ltd, to add Palo Alto Networks Next Generation Firewall into the mix.

Here is what Ardmore Group, IT Infrastructure Implementation and System Design Co-ordinator, Slawomir Kunach had to say:-

“Thanks to the Palo Alto next generation firewall and its extraordinary visibility into application traffic, we’ve gained ability to control and block all unsafe network applications and stop all users from abusing the network.

Main Targets:

  1. Block all applications classified as unsafe according to company’s policy
  2. Stop all users trying to bypass company proxy server
  3. SSL decryption
  4. First line of defence against potential threats
  5. Content filtering

The Ardmore Group is comprised of an integrated set of construction companies that together encompass the whole of the construction process from inception, to completion and maintenance. The Group operates throughout the UK and Ireland with the Head Office at Enfield in North London and regional offices in East London, Docklands, Heathrow and Dublin.

With over 35 building sites located all over the UK, network security and control over the end users became the priority. The intention was to increase staff productivity, network security and control the bandwidth utilisation.

Linux security solutions were employed by the company up until recently, offering very basic functionality which was becoming more and more outdated. The point was reached where various applications that tunnel network traffic over HTTP or change TCP/IP ports couldn’t be blocked effectively, without interfering with web browsing security rules. Also lack of any in-line UTM functionality on the firewall caused virus infections and security breaches on several occasions.

To find the best solution for this company, we evaluated several firewall and security gateway solutions from different vendors, including: Cisco, Juniper and Barracuda Networks. Unfortunately none of them proved that they had the functionality, control and logging facility found prevalent in the Palo Alto Networks device. From a firewall point of view, almost all of them had very similar functionality.  All of them were still trying to keep up with ever changing network security issues, by adding new functionality to their firewalls to obtain intelligence on the network traffic, beyond simply IP addresses and TCP/IP ports.

During the evaluation, the initial step was to install the PA 2020 in transparent mode, to enable the systems administrators to get an introduction and feel for the device and see the impressive and user friendly GUI in action. After a few days testing with different options and settings, it was decided to go for full NAT mode and configure it to the current needs and implement it into the live production environment. It took two days to replicate the current firewall configuration to the Palo Alto unit, but the results were stunning. The ability was now there to view all applications running on the network, detailed logs, decryption of SSL traffic, threat prevention, traffic shaping and all other functions built into PAN OS literally swept us off our feet. The device precisely identified applications, particularly various types of Web traffic, p2p programs and instant messaging, and enabled us to quickly and offered a granular level of control usage.

QoS rules helped to limit bandwidth for particular users and applications on the network while IPSec connections were utilised to connect all remote building sites and depots to HQ.

We also found that PA-2020 has the feature set and depth that enterprise competitors do. The basic firewall functionality is definitely in place and features such as Virtual LANs, Layer 2 and 3 devices in one box, captive portals and VSYS work very well.

To summarise everything, the Palo Alto next generation firewall does a stellar job by classifying applications and giving network administrators the ability to create rules based on applications. All logs sent to the sys-log server are very clear and easy to interpret by external programs/scripts. Also, the free built in log viewer with its extremely useful filtering ability lets you forget about the external logging server. Content filter rules combined with scheduling give us the ability to specify different web browsing rules for different users authenticated via Captive Portal to our RADIUS server, in different times of a day/week.

During the PA-2020 evaluation period we’ve experience something new in the security market which made us realise the large amount of functionality we were missing before”.

Slawomir Kunach
Ardmore Group, IT Infrastructure Implementation and System Design Co-ordinator

Tags

  • WAN Optimisation
  • Network Acceleration
  • Network Managed Services
  • Network Support Services

News & Events

Live Chat
+44 (0)208 997 9888
Location: