COVID-19 aid for pfSense software users LEARN MORE

Netgate Blog

Lisbon School Department Scales Campus Interconnect with SG-5100s

Nestled down in the lower reaches of Maine sits Lisbon - a small town of 9,000 that serves as a bedroom community for the greater Portland area, including well-known companies like Bath Iron Works and L.L.Bean. With an eight-month wet season and seasonal temperatures ranging from 11℉ to 80℉, Lisbon is inhabited by the rugged individualists that define the New England region.

The Lisbon School Department provides for the educational needs of the surrounding community. Four campuses comprise the Department: Lisbon High School (350 students), Philip W. Sugg Middle School (275 students), Lisbon Community School (650 students), and the central office. Campus interconnect with speed and security are essential to the Department’s IT infrastructure.

This is where our story begins. Campus interconnect was in need of an upgrade. Equipped with 1 Gbps circuits at each site - that previously could not be fully tapped due to underperforming firewalls - newer, more robust, terminating equipment was needed. And, as with all municipal school districts, capital funding was tight and support resource bandwidth was thin.

James Churchill, the School Department’s Technology Systems Director went on the hunt. A linux-based solution had been in-use since 2002, so any solution would need to support existing needs including routing through iptables, while adding VPN connectivity from building to building, a single firewall at each location (with the ability to authenticate users at the firewall), remote access for as many as ten concurrent remote users per building, and the ability to scale up for an annual two-day October conference that draws a slew of vendors.

Churchill did what we hear so often, he asked others. Super busy, he opted to speed his solution search by checking in with fellow IT compatriots (in this case the Association of Computer Technology Educators of Maine, ACTEM) for recommendations. A number of school departments were using pfSense® software running on Netgate® appliances for their firewalls.

He reached out to Netgate, and our collaborative discovery process of finding the best product fit began. Together, we determined a Netgate SG-5100 would be the perfect fit for each location. With up to six fully-independent 1 Gbps Ethernet connections, the SG-5100 provides a 1 Gbps Layer 3 router/firewall at a bargain price. Additionally, its Intel®1 Atom C3558 2.2 GHz CPU - with QuickAssist, AES-NI, and SHA instructions (which helps in OpenSSL and OpenVPN) - provides all the horsepower needed to support high-bandwidth encrypted traffic processing between each campus.

Two more needs were discussed. Here in Maine, we know how things fail - no matter how robust the product. Having a school go offline due to a hardware failure is no one’s dream day. But, it also doesn’t financially justify a fully redundant Layer2 / Layer3 network. So, we jointly decided on a five device solution - four live, and a fifth as a cold spare. Rather than have the spare sit in a closet, it would be fired up in a school lab where students could use pfSense software themselves to learn all about networking.

The last solution consideration was that installation and configuration needed to be fast, transparent, and error-free. While pfSense software and Netgate appliances are respected worldwide for their robustness, ease of use, and reliability - Lisbon School Department needed assurance that a cutover would go off without a hitch. The details always matter - and in this case, they included base configuration of pfSense firewalls in four locations, migration of iptables configuration, firewall rule configuration, DHCP configuration migration to pfSense, site-to-site VPNs reformed from OpenVPN to IPsec, OpenVPN remote access configuration, lab modeling, testing, and deployment.

Churchill quickly recognized the need for professional service and three-year support contracts to address initial design, configuration, and turn-up, as well as business assurance support down the road would be well worth the expense. While he has the tech chops, his time is valuable, and Netgate engineers do this every day - faster and more cost-effectively than almost any customer can for themselves. It didn’t hurt that Netgate Global Support customer satisfaction ratings are stellar.

With deployment now complete, Lisbon School Department is set to sail into the future with a pristine, powerful, gigabit per second, secure network - as well as robust remote user connectivity - which should serve it well for years to come. As a bonus, inquisitive students get to learn networking with the real thing. Best of all? This was all done at a fraction of the cost of what legacy big-brand vendors would have charged.

We now live in incredibly challenging times. This holds for every organization - education or otherwise - worldwide. But life goes on. Education must go on. At Netgate, we are proud of helping each and every one of our customers in their mission. If we can help you meet your secure networking challenges fast and cost-effectively, connect with us here.


1Intel is a trademark of Intel Corporation or its subsidiaries.