Back to Customer Stories

USNS Mercy

U.S. Navy deployed pfSense Plus software on the Netgate 1537 and AWS Cloud for network security and management. The USNS Mercy leaned on Netgate Global Support for the optimal network design ideal for user experience.

Solution: Firewall, RouterVPN
Product:  pfSense Plus, Netgate Professional Services
Deployment: AWS Cloud

Company Overview

The USNS Mercy (T-AH-19) is the lead ship in its class of hospital ships in non-commissioned service with the United States Navy. Her sister ship is USNS Comfort (T-AH-20).

  • Launched: 1975
  • Crew Size: 1200+
  • Homeport: San Diego, California
  • Business: Healthcare

Customer Objectives

  • Speed. The project had to be operational within 48 hours.
  • Network must accommodate and manage civilian, medical staff, patient, and official naval vessel communications securely
  • Network devices that can process large amounts of IPsec and GRE traffic, while applying traffic policies to optimize data flow
  • Deploy network software and hardware  that can make full use of the 1 Gb/s link to shore circuit, a much faster than is typically provisioned for the ship

Customer Solutions

  • Installed a new Netgate 1537 to properly handle the new 1 Gbps link to shore IPsec encrypted traffic
  • pfSense Plus in AWS for authentication and internet breakout
  • USNS Mercy leaned on Netgate Professional Services to help with network design, deployment, and custom traffic shaping policies to create the best network user experience

Customer Results

  • In a crisis, USNS Mercy’s critical Netgate hardware upgrade was shipped overnight within minutes of being purchased and arrived hours later
  • New Netgate 1537 fully addresses current secure networking throughput needs and holds sufficient capacity for growth
  • The Mercy’s IT team was able to quickly and effectively adapt their network to COVID-19 related demands due to their quick collaboration with Netgate Professional Services and Global Support teams
  • USNS Mercy now has a high-speed network with traffic policies in place to prioritize the secure flow of critical medical data while patients are able to keep in touch with friends and family ashore

The USNS Mercy (T-AH-19) is the lead ship in its class of hospital ships in non-commissioned service with the United States Navy. Her sister ship is USNS Comfort (T-AH-20). Per the Geneva Conventions, the Mercy cannot carry offensive weaponry, and attacking her is a war crime. Both ships are serving the nation in its fight against COVID-19.

The Mercy - a 65,000 ton converted oil tanker which hosts 1000 hospital beds (including 80 intensive care beds) - is currently docked in the Port of Los Angeles to help the Southern California region cope with COVID-19. To appreciate her size and scale, the entire state of Maine has 1,061 total hospital beds, including 61 ICU beds.

With any hospital, secure networking communications are essential. The Mercy’s network must accommodate not only official naval vessel communications, but also civilian medical staff and patient communications. As with numerous US government agencies, the US Navy is a pfSense® software user, and so is the USNS Mercy.

Since the IT staff of the Mercy is charged with the task of providing secure reliable communications to a number of user groups on board, they are continually evaluating and improving network services on the ship. As part of the COVID-19 response mission, they needed network devices that could process large amounts of IPSec and GRE traffic, while applying traffic policies to ensure critical data would flow through bandwidth constrained ship communication circuits. This has historically included Netgate appliances such as the SG-4860.

However, upon arriving in the Los Angeles area, the ship was given a 1 Gb/s link to shore, a circuit much faster than is typically provisioned for the ship. To meet the unique requirements of this install, Mercy once again looked to Netgate and the XG-1537, a data center class product that can handle 16.4 Gbps of routed traffic, 14.5 Gbps of firewall-processed traffic, or 2.77 Gbps of IPsec traffic. Within an hour of being ordered, Netgate shipped the appliance to California overnight, and the device was operational the next day, replacing a SG-4860.

A faster link also brought new challenges from increased traffic. To develop traffic shaping policies that enabled the best experience for all of Mercy’s diverse users, the Mercy IT crew called on Netgate’s support team. Within a few hours, one of Netgate’s top engineers had listened to the concerns of the ship, and a policy design was proposed and implemented - allowing critical medical data to flow while patients were able to keep in touch with friends and family ashore.

The flexibility of the pfSense platform, providing robust routing, firewall, VPN, and traffic shaping technologies integrated in a small form factor, with responsive subject matter expert support, is a key enabler that made Netgate and pfSense stand out to the Mercy IT team, and is why they continue to play a central role during these critical missions.


Learn more about

pfSense Plus Software, Netgate Professional Services, Firewall, RouterVPN

Netgate Global Support

The Netgate Technical Assistance Center (TAC) is a 24x7x365 operation with a worldwide team of support engineers unparalleled at diagnosing and resolving issues - and fast. From branch office to headquarters, premises to cloud, we’ve got you covered.

Learn More