Communications Retailer Relies on Next-Generation Security from Watchguard
CellularOne of Arizona provides comprehensive communication solutions to more than 80,000 customers in Northern Arizona and New Mexico, equipping them with state-of-the-art phones and services. The company offers everything from air-cards for laptops to Mobile Web capabilities, giving customers a way to stay connected to every aspect of their lives through the CellularOne global communications center. Products are sold over the Internet from the retail side of the corporate web site and in storefronts in shopping malls and large retail establishments.
With the company’s continuous success and growth came new demands on the IT infrastructure, which included an upgrade to the next generation of network security products. Besides strong security protecting the main office, the company needed to securely connect with customers, third-party vendors, and employees over a wide geographical area. Throughout the evaluation process, CellularOne worked closely with Internet Contrasts, their long-time technology consulting partner, to determine the best solution at the best price.
After considering different network security solutions from other major vendors, CellularOne selected WatchGuard’s XTM 5 Series appliances for the core office for strong security that includes full HTTPS inspection. Four high-performance XTM 8 Series appliances with 10 1-Gigabit Ethernet ports were deployed on the ISP side of the business. CellularOne also installed an XTM 2 Series box in each of its 22 retail locations to keep its extended network protected.
“We are a long-time WatchGuard customer. Last year when it was time to upgrade the system I also looked at other vendors, including Check Point and Juniper, ” explained Paul Calvin, IT manager for CellularOne of Arizona. “We were looking at all the features these companies offered. I wanted web blocking, intrusion prevention â€“ pretty much all vendors do those things now. So it was a matter of who does them efficiently and at what cost. For the price, WatchGuard really can’t be beat. Some solutions were almost twice as much. That’s one reason why I chose WatchGuard.”
Another reason CellularOne selected WatchGuard was interoperability with the many third-party vendors they work with. These vendors can be using any manufacturer’s firewall and CellularOne needed products that are not only IPSec-compliant, but supported across the board with the other major VPN and firewall companies. Internet Contrast’s President Brandon Zumwalt summed it up by saying, “WatchGuard has always had a good reputation for being friendly with other vendors, and they have a truly intuitive interface.
“For example, you access the Traffic Monitor in the management console and you can actually see what’s happening in real time with VPNs as you’re setting them up. Usually, the most difficult thing is to get everyone to agree on both ends what the security settings are going to be – what’s going to be allowed to go in and out of those tunnels. With Traffic Monitor you’re able to see exactly what’s happening, so if somebody does misconfigure a setting, it’s a quick fix. This makes trouble-shooting so much easier.”
Overcoming the Location Challenge
Operating a headquarters in a rural area of Northern Arizona presents its own kind of challenge. It can take six hours one-way for IT staff to get to a location, and sometimes the task is as simple as rebooting. Strong centralized management was the answer to save time, money, and valuable resources for this widely dispersed organization.
As Zumwalt said, “Management was key. Paul has to know what’s going in and out of all his branch offices – and since everything is so dispersed, he’s got lots of entry points into his corporate network. These remote offices are direct funnels into the main office, and that’s why it’s critical for Paul to have tight controls so people aren’t bringing in malicious code, spyware, or viruses.”
Paul uses WatchGuard’s centralized management console to see all of CellularOne’s WatchGuard devices, what they are doing, and who is connected to what. He can see what the bandwidth is and if any device is down. He can also generate reporting for all security activity logged from those firewalls to a central database at the main office, including reports on specific firewalls, users, and devices. Every WatchGuard XTM appliance includes the centralized management console as part of its suite of management tools. The suite also includes a scriptable command line interface and a convenient Web UI for anywhere, anytime management activities.
Benefits of Adding SSL
Saving money with the WatchGuard deployment paid off immediately for CellularOne. As Calvin explained, “Because I was able to come in under budget on the firewall upgrade, I was able to buy the WatchGuard SSL appliance I didn’t have before. I was pretty stoked about that.”
CellularOne selected the WatchGuard SSL 100 because it’s an easy-to-use, secure remote access appliance that provides reliable client and clientless connectivity to corporate data and resources, such as email, file shares and CRM. This all-in-one appliance offers the flexibility to provide basic access to networks with an auto-loading client, and more sophisticated access to web-based resources and non-native applications including SSH and RDP.
Having a dedicated WatchGuard SSL appliance was important for CellularOne because, like so many other businesses today, they have a small army of mobile users – from technicians and sales people to managers who travel frequently and require secure access no matter where they are.
Zumwalt, who advised CellularOne on the SSL setup, said, “We’ve always found that traditional IPSec software is troublesome. With IPSec, any time you change a policy you have to re-deploy a profile file for every user. The profile has to be in place for authentication to work.
“It’s the other way around with SSL. First a user authenticates and then the system tells you what your policies are. The client the SSL 100 uses is just an Active X control, so as long as you have a web browser you can download it and it runs. You don’t have to install a specific piece of software. It makes things so much easier for both the remote user and the IT staff.”
Expansion without the Growing Pains
As the business continues to grow, CellularOne needs to be able to quickly scale to meet market demand. “Deploying new boxes is easy,” said Calvin. “Originally, when we put the XTM 2 Series appliances in the field, Internet Contrasts worked with us to create a configuration template. Now, if we have a new store opening, we just throw the template on the new appliance, put the name and feature code on it, ship it out and tell them to plug it in. Once you get one up and going it’s just like cut and paste, from location to location.”
Calvin credits Zumwalt and his team at Internet Contrasts for a successful deployment. “I’ve always gone through Brandon for recommendations and he has some really good people over there who know WatchGuard products very well.” As for the WatchGuard products themselves, he said, “We’ve had no issues. These are good, solid appliances.”
To learn more about Internet Contrasts, visit http://www.internetcontrasts.com