Network Security Upgrade — Multi-Site Manufacturing Enterprise
Migrated a multi-site Pakistani manufacturer from end-of-life legacy firewalls to Fortinet FortiGate with Secure SD-WAN and FortiSASE — SSL inspection performance restored, branch policy centralized and OT zones segmented.
Challenge
- Legacy firewalls at HQ and 11 branches were under-spec for SSL-inspected throughput after the manufacturer adopted SaaS ERP and CRM.
- Policy drift across sites — every branch had grown its own local rules with no central oversight, no documented change history and inconsistent IPS profiles.
- OT (plant floor) network had no segmentation from the corporate LAN — a finding raised in the previous internal audit.
- Branch links were a mix of MPLS and broadband with no application-aware steering; SaaS performance was inconsistent.
Solution
- FortiGate 600F HA pair at HQ for internet edge with full SSL decryption, IPS, AV, DLP and URL filtering — sized against day-180 production traffic.
- FortiGate 100F at each of the 11 branches with Secure SD-WAN, ADVPN spoke-spoke shortcuts and SaaS application steering.
- FortiManager + FortiAnalyzer at HQ for centralized policy, log retention and reporting across all 12 sites.
- OT zone isolation with FortiGate Rugged 70F at three plant floors + FortiSwitch Rugged for the OT VLAN underlay.
- Rule-base migration from legacy SonicWall to FortiGate with object normalization, NAT mapping and a rollback bridge through the cutover.
- FortiSASE for ~400 hybrid / mobile workforce — replacing the legacy SSL VPN.
Hardware used
- FortiGate 600F × 2 (HA pair, HQ)
- FortiGate 100F × 11 (branches)
- FortiGate Rugged 70F × 3 (plant floors)
- FortiManager 200G × 1
- FortiAnalyzer 300G × 1
- FortiSwitch Rugged 112E-PoE × 6 (OT underlay)
- FortiSASE for 400 users (1-year subscription)
Business outcome
SSL-inspected throughput restored at HQ — internal speed-test improvements of 4–6× over the previous firewall pair.
Branch-level policy consolidated into 9 FortiManager templates — change time per site dropped from days to under an hour.
OT plant networks fully segmented from corporate LAN with ICS-aware application control profiles, closing the audit finding.
SaaS performance equalized across branches via Fortinet Secure SD-WAN application steering.
Hybrid workforce SSL VPN retired — FortiSASE in production with ZTNA and SaaS posture checks.
Architecture summary
Fortinet Security Fabric across HQ + 11 branches + 3 plant sites with FortiManager-driven policy, FortiAnalyzer log retention, full SSL inspection at HQ edge, Secure SD-WAN underlay/overlay across branches, ADVPN spoke-spoke, OT zone isolation with FortiGate Rugged + FortiSwitch Rugged, and FortiSASE for hybrid workforce ZTNA / SWG / CASB.
Related solutions
Related product categories
Technology partners
More case studies
Talk to an infrastructure expert
Datacenter, servers, storage, networking, firewalls — get a sized BoM, deployment plan and price within one business day.