When ServiceTec started at Salt Lake City International Airport in 2020, part of our scope was to manage the Other Systems Network (OSNet). The network was in its infancy with fewer than 60 endpoints, 16 VLAN segments, and a small handful of VPN users. Within just a few years, SLCIA had significantly grown. The Airport completed all phases of its concourse expansions, causing OSNet to expand at the waistline. The rapid growth had OSNet busting at the seams with over 1,700 endpoints, 35 VLANs, and 60 VPN users. With this increase in network traffic and resource demand, we needed a more powerful and secure firewall to keep everything manageable!
The research phase of the project kicked off in the summer of 2023. After carefully considering many different products, we proposed three viable solutions: Cisco 3110 ASA, FortiGate 900 series, and the Palo Alto 5445. With these potential solutions in mind, the next step in the project was a collaborative effort between all parties. We needed to compare and contrast the feature set of each device to determine the functionality gain and any potential issues with integration into our environment. The most suitable candidate was the FortiGate 900 series.
Early 2024 everyone agreed on the FortiGate 901G. We created a lab environment to physically test the unit to ensure its capabilities would satisfy the demand. After months of testing and researching, the decision was made in July of 2024 to purchase and deploy FortiGate 901G devices. Next was the design and planning phase. New fiber links were installed and preparation for the firewall cutover began. Preparing for the firewall cutover we needed to verify the new FortiGate firewalls were configured with all the same access rules, network/service objects, and VPN user profiles. Once we verified the new devices were ready to be deployed into production, we had to reach out to all system owners of critical infrastructure to set the date of the firewall cutover. Finally on June 11th 2025 we successfully completed the firewall cutover to the FortiGate 901G Next Generation Firewall. For the next few weeks, we closely monitored the changes and assisted the VPN users with the new adjustments.
The FortiGate 901G represents a substantial upgrade from our previous system at SLCIA. This change brings a number of notable improvements designed to bolster our overall security posture and streamline operations. A key benefit is the implementation of enhanced security for our remote users, utilizing two-factor authentication to provide an additional layer of protection beyond traditional password logins. Furthermore, the FortiGate system includes ongoing licensing that provides regular firmware updates, proactively addressing potential vulnerabilities and ensuring we maintain the highest levels of protection. Finally, we’re excited about the more intuitive and user-friendly interface, which simplifies many administrative tasks and allows our admins to manage our network with greater efficiency.
In summary, the project to cutover to new FortiGate firewalls has been a challenging but fulfilling venture for our team. The new firewalls will greatly improve the security and scalability of the SLCIA Other Systems Network. Providing us with a template for how to conduct future upgrades and expansions, such as another cutover planned for the airport’s Common Use Network within the next three years. We look forward to future opportunities to apply what we have learned and to build on that knowledge in our administration of the SLCIA systems.
