Petrol Ofisi delivers Secure SD-WAN to 1,800 branch locations

Petrol Ofisi delivers Secure SD-WAN to 1,800 branch locations

The modernisation of network infrastructure is just one key component on the journey to achieving Digital Transformation. Handan Karakuş, CIO, Petrol Ofisi, discusses the implementation of Fortinet’s Secure SD-WAN technology for increased continuity and reliability of business services across Petrol Ofisi’s entire infrastructure.

Petrol Ofisi was founded in 1941 as a public enterprise committed to the import and distribution of fuel and lubricants. The company was floated on the stock market in 1983 and later privatised in 2000. Today, it is one of Turkey’s leading fuel, LPG distribution, and lubes and chemicals companies with more than 1,800 fuel stations, one lubricants factory, eight fuel terminals, one LPG terminal, 20 airport supply units and approximately 1 million cubic metres of storage capacity. According to the 2019 data from Capital 500, Petrol Ofisi is Turkey’s third-largest company with a turnover of nearly 54 billion TL.

Digital Transformation for enhanced customer experience

To support the company’s rapid expansion and growing portfolio of consumer services, Petrol Ofisi’s IT team embarked on a journey of Digital Transformation, starting with a major modernisation of its network infrastructure.

A fundamental objective of this project was to ensure 100% Business Continuity across the entire network of filling stations, fuel depots, factories and air terminals, without compromising on performance or security.

This meant replacing older multiprotocol label switching (MPLS) satellite links with lower cost, more reliable digital subscriber line (DSL) or Long-Term Evolution (LTE) connections, and to deploy these in an active-active load-balancing and failover configuration to maximise connection reliability as well as bandwidth.

“We had all this great new software to transform the customer experience, but our legacy network was no longer up to the job,” said Handan Karakuş, CIO, Petrol Ofisi. “The best distributed software applications in the world are useless without a reliable and secure infrastructure to run them on.”

To achieve the greatest flexibility and price performance, the IT team opted for a software-defined wide-area network (SD-WAN) architecture. In addition to the inherent cost savings of switching to SD-WAN, it would also provide the local branches with the Internet access that some of the new services required.

The challenge, however, was to implement this without introducing vulnerabilities in the expanded attack surface created by SD-WAN. With the old network, security had been imposed centrally, and since all traffic was backhauled through the data centre, it was deemed secure. For the new SD-WAN, a common centrally defined security policy would now be applied at every remote branch, potentially increasing the complexity of branch office deployment.

Deployment and management

With the network extending across more than 1,800 fuel stations — many in remote rural locations — another key criterion was the ability to manage every part of the network from a central location with new deployments requiring as little on-premises intervention as possible. This was especially important considering that the common security policies applied at every branch would have to be updated as new services were introduced. If every device deployment and reconfiguration required the local presence of a skilled network engineer, the investment in time and resources could escalate quickly.

The solution: Fortinet Secure SD-WAN to branches

Following the successful completion of rigorous proof-of-concept trials, Petrol Ofisi decided to proceed with the Fortinet Secure SD-Branch offering, comprising Fortinet Secure SD-WAN combining the advanced threat protection of FortiGate next-generation firewalls (NGFWs) with integrated SD-WAN functionality. These same FortiGate NGFWs manage the FortiSwitch secure Ethernet switches. Lastly, FortiNAC network access control provides secure visibility and control of all devices connecting into the network. Branches that needed LTE connectivity leveraged FortiGate devices with built-in LTE. For branches that required redundancy, a FortiExtender WAN extender was deployed in conjunction with the firewall.

The resulting distributed branch network would be centrally administered using a combination of the FortiManager network management platform and FortiAnalyzer logging and reporting solution, collectively known as the Fabric Management Center.

“The Fortinet Secure SD-Branch solution exceeded our requirements for functionality and price performance — the built-in LTE is just one example of that,” said Karakuş. “But the level of service and support we experienced from the local Fortinet team left us in no doubt we were partnering with the right company.”

Advantages of an integrated solution

Through the Fortinet SD-Branch solution, Petrol Ofisi was able to reduce the total number of devices required at each location, significantly simplifying deployment. Furthermore, thanks to a common security operating system, the Fortinet firewalls, switches and any other devices sitting behind the branch firewall (such as a FortiAP wireless access point) will automatically apply the same centrally determined security policies and come under the same central management umbrella.

In other solutions, such levels of integration might lead to reductions in effective throughput. But the FortiGate employs a purpose-built SoC4 SD-WAN security processing unit (SPU) to deliver the industry’s fastest identification and steering for over 5,000 unique applications. This drastically reduces latency and accelerates overlay performance.

Enhanced user experience

From the perspective of the IT team, one of the most noticeable changes after the Fortinet solution was deployed across their network of remote filling stations was the immediate reduction in problem reporting and support cases.

With faster, more reliable connectivity, the vast majority of issues relating to application usage and continuity disappeared, allowing the IT team to focus more of their time and resources on planning and optimisation.

“Fortinet enables us to differentiate between all the different types of traffic crossing our WAN, so we can now confidently manage latency and prioritise business-critical applications to deliver the experience our users expect,” said Karakuş.

Increased security and control

An additional benefit of differentiating traffic flows based on application usage is the ability to segment the traffic into virtual domains and tailor the security posture accordingly. This segmentation also confines any successful intrusions to the segment penetrated, preventing lateral propagation and thus limiting its potential impact.

FortiManager provides full visibility and control of the entire infrastructure, its traffic and any potential threats. Leveraging its central provisioning, policy updates and change management for all Fortinet devices, Petrol Ofisi was able to rollout the new infrastructure with both speed and confidence.

The addition of FortiAnalyzer brings deep insight into current threats and allows for the automation of key tasks such as attack mitigation, logging and reporting.

By correlating real-time information from across the network, FortiAnalyzer helps the company to identify and automatically mitigate a range of advanced targeted threats, whether they are isolated incidences or persistent attacks.

Browse our latest issue

Intelligent CISO

View Magazine Archive