Network Design Project

Request

Dancing Potatoes Youtube channel is expanding offices to across the street and would like a direct link to their other offices for the purposes of sending/receiving large files and communicating with the other network without using their internet bandwidth. They need it to be a secure connection to prevent theft of company strategies and ideas which could cost the company the profits of a few videos which on average amounts to around $10,000. Also, the two networks should act as one in that resources from either location should be accessible locally regardless of which location a user is physically at.

Solution

We believe the best solution would be to implement a pair of Ubiquiti Prismstation dishes to create a point-to-point connection and a Fortigate IPsec VPN tunnel between the two sites over that connection.

 

Ubiquiti Prismstation PTP Connection

Functionality

  • The two dishes act as a private connection in which data can travel to and from either network, directly, without using any internet bandwidth.

Speed

  • PrismStation delivers throughput speeds up to 500+ Mbps and signal ranges up to 3+ miles.
    • Nanobeams are up to 450+ Mbps

Security

  • Can be managed and monitored via private IP so that they are not publicly accessible.
  • WPA2-AES Wireless
    • Latest Wi-Fi encryption standard
  • Can also be secured with a very strong device access, and wireless passphrase
  • Ubiquiti is responsive with firmware updates to combat known any exploits found

Additional Benefits

  • Free, easy-to-use cell phone app for managing and monitoring the device on apple store and google play.
  • Small and lightweight, easy to mount in a window
  • Built for reliability in the public 5Ghz range.
    • Tightly Focused beam blocks out RF signals that are not to/from that specific direction.
  • Probably won’t cause cancer if you are seated nearby.
  • You can test configuration changes that would possibly break the connection and require a trip to the other building (revertive mode)

Cost

  • No monthly cost unless assistance is needed for upgrading and maintaining firmware in which case I would happy to do that for you.
    • firmware upgrades are seamless and easy to do. Won’t cause you to lose connection to the other side.
    • AirOS configuration is easy to backup and restore in case of any problems
  • Two would be needed. Cost per unit will be about $150 each in August 2017, nanobeams are comparable in performance and available now at $100

Official Documentation for further information, or feel free to contact us

Pair of Fortigate 60E Firewalls

Functionality

  • A pair of firewalls that are linked together so that both office locations can easily access files and services at opposing locations such as servers, printers, shared drives, etc. as if they were local.

Cost

  • $399 each

VPN

  • IPsec
    • From FortiGate: Encryption mathematically transforms data to appear as meaningless random numbers. The original data is called plaintext and the encrypted data is called ciphertext. The opposite process, called decryption, performs the inverse operation to recover the original plaintext from the ciphertext.
    • A secure key is required and is stored on the FortiGate. Access to the FortiGate user interface will be limited for security purposes.
    • This tunnel allows both networks to access the other networks resources as if they were physically on site.
  • SSL
    • for individual users that want to be able to access resources from home
    • username and password custom to each user and can be easily monitored
    • use can be restricted so that only certain systems at the office can be accessed with the VPN for security purposes in case of a compromise

Additional Benefits

  • Unified Threat Management comes included for one year and additional service can be purchased beyond that.
    • Every Fortinet FortiGate UTM appliance supports the same network security features: application control, advanced persistent threat protection, Web and content filtering, IP reputation, integrated WLAN controller, intrusion prevention system, data loss prevention and antimalware — antivirus and antispam.
  • Subnets can be easily configured so that more sensitive equipment is not accessible from more vulnerable areas of the network.

Official Documentation for further information, or feel free to contact us

Additional Recommendations

  1. Backup Fortigate and Ubiquiti dish for the purpose of swapping out equipment to get you back up and running as soon as possible in the case of failure.
  2. UPS (uninterruptible power supply) for any network equipment and computers that need to remain on in the event of a power outage.
    • An example would be $75 for an APC brand ups to give a computer 15-25 minutes of backup power depending on what kind of PC it is. It’s good to have for network equipment as well. Typically long outages require a generator, however, ups solutions allow a company to get through short outages and power surges without losing or disrupting work.

Conclusion

We believe having multiple layers of security such as wpa2-aes encryption and the additional encryption done by the Fortigates before data is transmitted on the IPsec tunnel will provide for peace of mind while allowing crucial internet bandwidth to be much more available and for both offices to communicate with each other freely. Please feel free to let us know of any questions or concerns you may have.