University of Würzburg Enjoys a Smooth Rollout of Forcepoint NGFW Security
The Bavarian institution seamlessly deploys a new network security solution with minimal service interruption.
Julius-Maximilians-Universität Würzburg has seen remarkable scientific discoveries over the centuries, including William Conrad Röntgen’s discovery of X-rays in 1895. With nearly 30,000 students learning at the University of Würzburg today, protecting the next great research breakthrough—and all student and faculty network traffic—is paramount. Seeking to upgrade its network infrastructure and improve its remote workforce security, the university turned to Forcepoint for a smooth deployment of NGFW clusters.
- Replace old firewall infrastructure with an up-to-date Next Generation Firewall for a modern security setup.
- Conduct implementation without disrupting network services.
- Increase capabilities for supporting and securing remote users.
- Switch out old, overworked firewalls for Forcepoint NGFW appliances installed by system integrator Magellan.
- Installation of new firewalls achieved with less than a minute of network downtime.
- Increased network throughput, increased VPN capabilities for remote education and faculty access.
- Better attack prevention.
- Extended network segmentation for improved protection.
- Reduced administrative workload.
Julius-Maximilians-Universität Würzburg is one of Bavaria’s largest universities as well as one of the oldest academic institutions in all of Germany. Founded in 1402 and operating continuously since 1582, the University of Würzburg has seen 14 Nobel Laureates walk its halls and today comprises 10 faculties with some 425 professors and 29,000 students. The university operates a publicly accessible computing network for faculty and students that must meet the highest standards for uptime, throughput, and security.
A university network is designed to enable network and internet access for all students, administration and science areas. Each faculty has different security needs and are in most cases not centrally managed. Because faculty networks and systems are often managed by non-security experts, it’s even more important that a state-of-the-art firewall helps to protect the networks
“The right next generation firewall can virtually patch and protect an imperfectly configured server,” according to University of Würzburg Head of Network Security, Markus Krieger. The selection of the right firewall solution and vendor is very import to network security for the whole institution, and the university chose Forcepoint NGFW to provide that protection.
Fast-tracking a new firewall
The University of Würzburg decided to implement the NGFW project in order to refresh their entire network security infrastructure. It needed a new firewall provider in order to safeguard students and faculty using the university network with a modern security platform. The university’s main requirements for a next-generation firewall included:
- Firewall appliances to secure network traffic generated on and off campus
- The ability to transition to the new network security framework without taking the network offline
- Smooth migration of rules and policies
- Increased capabilities for supporting and securing more remote users
The university had already planned to increase its ability to support and secure remote users of its network, but that goal became even more pressing when the pandemic hit, Krieger said.
“Our initial plan was a 3-month proof of concept with leading firewall solutions from various vendors until the end of April 2020. We would then carryout the implementation of the chosen firewall solution through the end of the year.”
“But the plan was affected by Covid-19. Due to the pandemic shutdown, the university had to quickly switch its focus from
on-site to remote teaching. This naturally resulted in a huge increase in network traffic between the university and the internet which changed our timetable considerably: We had to fast-track the firewall implementation. It was clear very quickly that Forcepoint NGFW was the best overall candidate according to our high-level requirements and also the best fit for the fast-track implementation we wanted to do.”
A smooth transition to NGFW
The University of Würzburg was able to quickly install the new firewalls with the help of Forcepoint system integrator partner Magellan—it took less than a day to convert the old network policies using the Forcepoint migration tools. The university now runs a firewall solution that provides best-in-class cybersecurity and a level of redundancy never seen before.
“It worked right out of the box. We converted our previous rules and policies from the old solution, and only minor tweaks were necessary to switch over to Forcepoint NGFW. It went very smoothly—during the changeover, we planned a maintenance of one day, but the switch took less than one minute. From my point of view, the implementation by Magellan and Forcepoint was nearly perfect.”
“The one slight adjustment we had to take into account was that the older firewall had rules based on interfaces, while the Forcepoint NGFW has a zone-based approach. But the zone-based setup actually makes it much easier for us to manage, because it removes many of the complexities of our old firewall.”
Krieger pointed out that the Forcepoint NGFW’s licensing is very straightforward and fully equipped with nearly all necessary features included in the base license compared to other vendors. As a huge benefit, none of the components require internet access for activating the licenses.
Forcepoint NGFW introduced additional capabilities and a strong partnership
The University of Würzburg is now able to run three different firewall-protected network security areas—an intranet zone, a data center zone, and a zone for the decentralized faculty networks. With the multi-domain feature, different groups of IT administrators can manage their own segments of the university’s network—each redundant and highly secure.
“We were in a position where we had to increase our VPN capacity quickly because of the pandemic. We had to increase the delivery of streaming services for our students and teachers. With our old firewalls in place, we had bottlenecks with our internet throughput with all the services being accessed by people working from outside the university grounds,” Krieger said.
"But the speed at which we had to change didn’t mean we took a chance on Forcepoint: during our testing it became quite clear that Forcepoint was the best match in regards to our technical and organizational requirements. Luckily, since March 2020, Jens Roesen completes our Security Team. Due to his longstanding experience with next generation firewalls, including Forcepoint, he was able to support us in the transition right from the start. In the meantime, the daily experience with the new solution validates our decision. It’s clear to everybody on the team that the switch was necessary.”
In addition to the performance of the products, the university is very enthusiastic about the supportive relationship Forcepoint has developed with academic institutions across the country.
“The willingness of Forcepoint to listen to the problems or requirements of the educational community which often differ from commercial companies is very important to us,” Krieger said. “These aren’t ‘ivory tower’ issues—they’re real use cases out of our daily lives. We’re pleased that Forcepoint will take suggestions from the community, when possible.”