Tollways Management Corporation (TMC) operates and maintains the longest expressway in the Philippines - the North Luzon Expressway (NLEX). Established in 2000, TMC has been managing the NLEX and the Subic-Tipo Road since 2005 in support of the government's program to spur economic and social development in Northern Luzon. TMC, part of the Lopez Group of Companies, has also formed strategic alliances with the world's largest toll road operator - Transroute International SA - which has operations in Australia, France, Greece, and other countries.
Even before TMC commenced managing NLEX operations in February 2005, the company recognized the need to upgrade the security and capacity of its existing firewall. With the number of users expected to grow dramatically from 50 to over 200, it was clear the initial firewall could not scale to meet TMC's changing needs.
According to TMC Information Technology Manager Arthur Ong, the existing firewall presented several problems. "First, the unit's performance degraded drastically as more and more users simultaneously accessed the Internet. In addition, the cost of additional user licenses for both the firewall and the VPN was significant. And finally, since the existing firewall management system worked through a text-based program, it was difficult to use a non-GUI-based firewall interface," said Ong.
TMC had several additional requirements it wanted to address by investing in a superior network security solution.
"Because our main office and the branch offices had different ISPs, we needed a security appliance that could seamlessly integrate with the WAN connecting the two branch offices, the mobile VPN linking our headquarters' executives to our network, and the secure remote access VPN connecting our mobile users and consultants in France," added Ong.
Most importantly, TMC wanted an appliance that offered unified threat management (UTM) and failover capability with the capacity to secure at least 300 simultaneous users.
In the first quarter of 2005, TMC requested its long-standing IT solutions provider, Integrated Computer Systems, Inc., to assist in evaluating network security options. After considering a number of solutions - both appliance and software-based - TMC chose WatchGuard as its vendor of choice.
Anthony Jhay Fausto, WatchGuard Product Manager of Integrated Computer Systems, Inc. said, "We chose WatchGuard because its stand-alone security appliances could unify and integrate multiple security features onto a single hardware platform with a single management interface. Their solution can provide automatic integration between TMC's Firebox® X Core™ and Firebox X Edge units, with wireless access for their executives - which ultimately means more reliability and convenience for those connecting from remote offices to headquarters."
TMC decided to install WatchGuard Firebox X security appliances including the Firebox X700 for its main office, a Firebox X50 at its 15-user branch office, and a Firebox X15w at its 5-user branch office. Once the decision to deploy WatchGuard was made, the installation was up and running in less than a month.
"WatchGuard offered a higher return on investment compared to the other vendors because its appliances are fully upgradeable to accommodate new features and meet new threats as they emerge. In terms of economics, it made perfect sense to purchase an appliance that offered multiple firewall options and could be upgraded to higher firewall standards at a later date, without needing to replace the entire appliance unit," said Ong.
A WatchGuard network security appliance was installed as TMC's first line of defense against all external Internet traffic, working hand-in-hand with a third-party antivirus enterprise software suite. After passing through the firewall, the Internet traffic is further checked for viruses, spam, and other harmful malware.
Since the organization installed the Firebox X700, X50, and X15w appliances, TMC has upgraded the firmware to Fireware® Pro on the X700 and purchased WebBlocker, spamBlocker, and Gateway AntiVirus/IPS subscriptions.
According to Ong, the benefits of TMC's new WatchGuard security solution have exceeded the costs of implementing and maintaining the system.
"Since the implementation, we have not experienced any major network threats of any kind," said Ong. "We have secured remote network access for our mobile users and we only require minimal IT support on the remote network connections. With WatchGuard security appliances, we can now access and run critical business applications such as ERP through our VPN connection. In addition, we can remotely manage our firewall configuration via the Web and VPN," added Ong.
Ong also commented that the Firebox X700 appliance at the headquarters facility eliminated the need for another layer of security, allowing the unit to double as a router, while providing robust WAN redundancy and failover.
"Since we deployed WatchGuard security appliances, we have enjoyed more than 99% uptime on our VPN, with no WAN connection problems, and zero recorded unauthorized intrusions. As our growth requires additional users and more branch offices, we will definitely consider expanding our WatchGuard security solution to scale with our evolving needs," concluded Ong.
WatchGuard offered a higher return on investment compared to the other vendors because its appliances are fully upgradeable to accommodate new features and meet new threats as they emerge.
Arthur Ong, Information Technology Manager, Tollways Management Corporation