This page is focussing on giving assistance on conceptualising, planning, realising projects with Fortinet products. We will try to give useful insight about common mistakes that come to bite you later on in the project. How would one plan a workshop and ask the right questions to understand what Fortinet product works for the customer.
Understanding the customers needs
Let’s assume that we know nothing about our customer. Following questions have proven to give the needed information:
What challenges are you currently facing that you hope we can solve?
Why is the customer seeking change? Is their current solution end-of-life? Is their current solution satisfying their needs? Is it well sized?
Are there internal or industry-specific compliance standards we must meet?
Are we subject to any regulations that concern certain industries? Are we in the banking sector? Are we in the medical sector? Are we doing OT?
How many users are there, and where are they located?
Are we producing or is it just offices? Do we need WiFi or NAC or both?
What are your most critical applications?
Is it SAP? Is it a web application? What is mission critical?
Do you have an in-house IT team or rely on MSPs/vendors? Is there a need for training?
An in-house IT might be the team later supporting Fortinet products, do they need training? How many FCP and FCSS are available for maintaining the environment?
Let’s put this to the test. Our mock customer is called „Willow & Stone Winery“ and they are looking for a workshop to modernise their IT-infrastructure. We are their potential partner for Network Security.
| What challenges are you currently facing that you hope we can solve? | “ We are a winery with two offices, multiple spread out locations where we grow our grapes, manufacturing and storage facilities where we produce and store our finished produce. Our major challenges are upholding 24/7 service, as well as providing all of our workers on the field reliable access to our resources and servers. They have a hard job as it is, no need for IT-disruptions“ |
| Are there internal or industry-specific compliance standards we must meet? | „Thankfully no, nonetheless our IT-infrastructure needs to work 24/7, producing wine is a delicate endeavor that can result in great financial losses over multiple seasons if there is outages or unstable access to our IT-resources. We have a catalogue of requirements that we will send you over“ |
| How many users are there, and where are they located? | „We have 65 office workers in total, 35 in our CA office and headquarter, 20 in our NV office and a few salespeople that are on the road but still count as office workers.“ |
| What are your most critical applications? | „ERP, CRM, our warehouse software, HR software and a dedicated infrastructure for monitoring our crops via more that 4000 moisture and temperature sensors. We have close to a hundred acres of land after all.“ |
| Do you have an in-house IT team or rely on MSPs/vendors? Is there a need for training? | „We have a server admin and a network admin, can we get dedicated training for whatever you are planning to implement? Also we have internal documentation that we can send over, it should be very much up to date“ |
How do we dissect this:
Who is our customer?
Winery with two offices, distributed grape-growing locations, manufacturing, and storage facilities
What is important to them?
24/7 service
Field workers rely on reliable access to resources and servers
How about compliance?
Not legally required but they have a catalogue of internal requirements. The goal is minimising outages that lead to long term production losses
Documentation?
Will be provided
Pain points?
ERP, CRM, HR software to name a few, 4000 sensors that send data to servers
Is training the staff needed?
Training two IT-workers is needed
This is not enough information to provide a full concept but a rough one for sure:
The HQ needs Internet for offices and winery+hotel. According to the docs that we just got sent over, they seem to have a 2gbit fibre uplink and a 100mbit backup fibre line, a 10G Switch infrastructure. We would advise a 120G cluster at the headquarters. The current infrastructure has six access points in the office and another eight in the hotel/winery area. FAP231Gs would be a great budget fit here. And a FSW124F-FPOE to power them.
The NV office only need internet and a stable connection to HQ, let’s do a 70G cluster, for cost saving sake a 70G-PoE, so the access points can be powered by the firewall without a need for extra PoE injectors/PoE-Switch.
The 100 acres of land are all connected by 12 data loggers that use LoRaWAN for transferring the data from the sensor to the server.
This infrastructure already exists, but these data loggers are all connected to a non manageable switch, then straight to a modem. This is no secure setup whatsoever, so we would set up a 50G-5G cluster at each