COVID-19 aid for pfSense software users LEARN MORE
CASE STUDY

Lisbon School Department

Lisbon School Department Case Study

OVERVIEW

Nestled down in the lower reaches of Maine sits Lisbon - a small town of 9,000 that serves as a bedroom community for the greater Portland area, including well-known companies like Bath Iron Works and L.L.Bean. With an eight-month wet season and seasonal temperatures ranging from 11°F to 80°F, Lisbon is inhabited by the rugged individualists that define the New England region.

The Lisbon School Department provides for the educational needs of the surrounding community. Four campuses comprise the Department: Lisbon High School (350 students), Philip W. Sugg Middle School (275 students), Lisbon Community School (650 students), and the central office. Campus interconnect with speed and security are essential to the Department’s IT infrastructure.

This is where our story begins. Campus interconnect was in need of an upgrade. Equipped with 1 Gbps circuits at each site - that previously could not be fully tapped due to underperforming firewalls - newer, more robust, terminating equipment was needed. And, as with all municipal school districts, capital funding was tight and support resource bandwidth was thin.

James Churchill, the School Department’s Technology Systems Director went on the hunt. A linux-based solution had been in-use since 2002, so any solution would need to support existing needs including routing through iptables, while adding VPN connectivity from building to building, a single firewall at each location (with the ability to authenticate users at the firewall), remote access for as many as ten concurrent remote users per building, and the ability to scale up for an annual two-day October conference that draws a slew of vendors.

Churchill did what we hear so often, he asked others. Super busy, he opted to speed his solution search by checking in with fellow IT compatriots (in this case the Association of Computer Technology Educators of Maine, ACTEM) for recommendations. A number of school departments were using pfSense® software running on Netgate® appliances for their firewalls.

He reached out to Netgate, and our collaborative discovery process of finding the best product fit began. Together, we determined a Netgate SG-5100 would be the perfect fit for each location. With up to six fully-independent 1 Gbps Ethernet connections, the SG-5100 provides a 1 Gbps Layer 3 router/firewall at a bargain price. Additionally, its Intel®1 Atom C3558 2.2 GHz CPU - with QuickAssist, AES-NI, and SHA instructions (which helps in OpenSSL and OpenVPN) - provides all the horsepower needed to support high-bandwidth encrypted traffic processing between each campus.

Two more needs were discussed. Here in Maine, we know how things fail - no matter how robust the product. Having a school go offline due to a hardware failure is no one’s dream day. But, it also doesn’t financially justify a fully redundant Layer2 / Layer3 network. So, we jointly decided on a five device solution - four live, and a fifth as a cold spare. Rather than have the spare sit in a closet, it would be fired up in a school lab where students could use pfSense software themselves to learn all about networking.

The last solution consideration was that installation and configuration needed to be fast, transparent, and error-free. While pfSense software and Netgate appliances are respected worldwide for their robustness, ease of use, and reliability - Lisbon School Department needed assurance that a cutover would go off without a hitch. The details always matter - and in this case, they included base configuration of pfSense firewalls in four locations, migration of iptables configuration, firewall rule configuration, DHCP configuration migration to pfSense, site-to-site VPNs reformed from OpenVPN to IPsec, OpenVPN remote access configuration, lab modeling, testing, and deployment.

Churchill quickly recognized the need for professional service and three-year support contracts to address initial design, configuration, and turn-up, as well as business assurance support down the road would be well worth the expense. While he has the tech chops, his time is valuable, and Netgate engineers do this every day - faster and more cost-effectively than almost any customer can for themselves. It didn’t hurt that Netgate Global Support customer satisfaction ratings are stellar.

With deployment now complete, Lisbon School Department is set to sail into the future with a pristine, powerful, gigabit per second, secure network - as well as robust remote user connectivity - which should serve it well for years to come. As a bonus, inquisitive students get to learn networking with the real thing. Best of all? This was all done at a fraction of the cost of what legacy big-brand vendors would have charged.

CHALLENGE

  • The Lisbon School Department needed new and robust equipment to interconnect four campuses that serve over 1,200 students and faculty
  • Their 1 Gbps circuits at each site could not be fully utilized with their old equipment
  • Limited funding and support resources required a solution that could manage potential hardware failures without a completely redundant Layer2 / Layer3 network

SOLUTION

  • The SG-5100 with its six fully-independent and high-performance CPU could fully tap their Layer3 router/firewall bandwidth capabilities between each campus
  • Their new IT infrastructure utilizes a five device solution, four live, plus one cold spare, to provide the the broad connectivity and reliability they need
  • Netgate Professional Service and three-year TAC Support contracts to address initial design, configuration and deployment, as well as business assurance support down the road

RESULTS

  • Campus-wide deployment was quickly executed without a hitch due to a coordinated effort between Lisbon’s IT team and the Netgate Professional Services team
  • Lisbon School Department is now set with a high-performance 1 Gbps secure network with robust site-to-site VPN connectivity
  • Their network can now support the demands of all of their remote workers with plenty of room for growth with the upgraded VPN concentrator included in pfSense software