City of Beaumont Undergoes Network Refresh with VPLS to Support CJIS Compliance

Published

Filed under

The City of Beaumont, California’s third fastest-growing city, partnered with VPLS for a city-wide network refresh project, which included replacing the City’s aging firewalls, switches, and endpoint protection software with new solutions from Fortinet. In addition to just replacing aging equipment, VPLS also architected and implemented several network enhancements, such as internal network segmentation to support the City in their goal of achieving Criminal Justice Information Services (CJIS) compliance.

City of Beaumont's Security Fabric

The Security Fabric

During the network refresh, aging SonicWall firewalls and HP switches were replaced with FortiGate firewalls and FortiSwitches across eight buildings in the City of Beaumont campus. This new hardware became the backbone of the City of Beaumont’s new Security Fabric, a term coined by Fortinet to refer to the entire security solution as a single “fabric” of interworking hardware and software. All devices participating in the Fabric share telemetry data, which adds additional security intelligence and automation capabilities between all devices participating in the Fabric.
Fortinet Security Fabric
Fortinet's Security Fabric

After the firewalls and switches were in place, another key component added to the City of Beaumont’s Security Fabric was FortiClient. FortiClient is an endpoint protection software from Fortinet and replaced McAfee on all city-owned and -issued devices. All FortiClients are centrally managed with FortiClient EMS (Endpoint Management Server) and provide client-side antivirus, web filtering, and application control functions.

Finally, FortiAuthenticator and FortiAnalyzer were added to the Fabric to centralize authentication and logging, respectively. 

Network Enhancements

During the deployment of the Fortinet security fabric, additional improvements were made to the network, including:

Comprehensive Internal Network Segmentation

FortiGates were placed at key boundaries within the City of Beaumont campus. Within each boundary, devices were placed in different VLANs on the FortiSwitches. Within each boundary, the FortiGate performs all inter-VLAN routing, requiring traffic to be thoroughly inspected at the application layer before being routed. The benefits of segmentation include limiting potential attack vectors and minimizing “east-west” threats and malware proliferation.

SSL Deep Packet Inspect

The FortiGates were configured to perform SSL decryption on critical traffic to ensure no threats are hiding in encrypted payloads.

Centralized Multi-Factor Authentication

The FortiAuthenticator acts as a centralized authentication point for all FortiGates in the Security Fabric. When first deployed, the FortiAuthenticator was integrated with City of Beaumont’s Microsoft AD, and then AD users were tied to a FortiToken. The FortiToken, Fortinet’s secure token offering, is used to enforce multi-factor authentication for remote user VPN access, ensuring all network access is secure.

Centralized Logging, Alarming, and Reporting

The FortiAnalyzer acts as a centralized point for network administrators to monitor and respond to network threats in real-time in the Fortinet dashboard.

Realtime Network Threats
FortiAnalyzer real-time network threats

The Results

A complete network refresh is a large undertaking, but the City of Beaumont knew the security objectives they needed to reach and what it would take to achieve those objectives. By partnering with VPLS, the City of Beaumont was able to quickly deploy the new equipment and software across the entire city campus with minimal downtime, while at the same time revamping the network design to meet the stringent security standards demanded by today’s sophisticated, and unfortunately all-too-common, cybersecurity threats.

Read about other successful VPLS projects:

Case Study

Case Study: VIP Foodservice

VIP Foodservice partnered with VPLS to enhance its network with Fortinet’s secure SD-WAN solution. Learn how VIP Foodservice achieved improvements in its overall security posture.

Read More »
Scroll to Top