Customer Stories

Secure SD-WAN Improves Network Protection in Fuel Distribution System

By Rick Peters | October 25, 2021

Customer Perspectives

A petroleum distribution business developed innovative ideas for increasing customer loyalty, but it needed to upgrade its technology infrastructure to bring those concepts to life. 

The company, which operates several hundred full-service gas stations, wanted to provide direct internet access to consumers as they waited at gas pumps. The marketing group saw an opportunity to gain insights into those consumers’ behaviors—and an opportunity to leverage that knowledge to increase revenue through targeted ads and social media campaigns. 

Another opportunity lay hidden in the service stations’ snack and drink sales. This company typically operates in extremely hot climates where daytime temperatures reach above 100 degrees Fahrenheit for about half the year. Gas station customers may avoid any activity that requires them to exit their air-conditioned vehicles, so the company developed an app through which customers can purchase items from the convenience stores without leaving their vehicles. 

The fuel distribution company planned to run this new app in the Microsoft Azure public cloud, as well as to move a number of its existing apps into Azure. Unfortunately, its legacy technology infrastructure was not fast enough for users in remote locations to access core solutions running in the cloud. The network was routing all of service stations’ internet traffic over MPLS links to corporate headquarters, where firewalls inspected it. This introduced significant latency to both incoming and outbound cloud traffic, leading to sluggish performance of cloud solutions and threatening to derail the new convenience store ordering app before it even got off the ground.

A Security- and Performance-Driven WAN 

The company engaged Fortinet to rearchitect its wide-area network (WAN) to provide high-speed yet secure Wi-Fi in each gas station, with the goal of supporting the organization’s digital transition. 

As a first step, they replaced the expensive MPLS links with more cost-effective ADSL and 4G LTE connections. To flexibly allocate bandwidth across one or more of these links, they deployed FortiGate Secure SD-WAN with FortiExtender LTE at the edge of each service station network. The built-in network firewall capability in the FortiGate Secure SD-WAN performs all the security functions of the enterprise firewall at headquarters, so app users at the stations can connect directly to the cloud without putting their personal data or the company’s network at risk.

Extending the FortiGate Secure SD-WAN solution into the service station local-area network (LAN), the company created an SD-Branch architecture based on ruggedized ATEX-compliant FortiSwitch Ethernet switches and FortiAP Wi-Fi access points. This SD-Branch configuration provides direct-to-internet connectivity for public Wi-Fi users. This approach ensures consumers’ connectivity while in the convenience store, the parking lot, or their vehicles, so they can surf the web without unnecessary latency. 

FortiPresence provides insights into the behavior of network visitors in real time and across time periods. This turns the service station’s LAN into a business enabler that collects and analyzes data, providing information the company can use to engage with consumers based on their discovered behaviors. Meanwhile, the company integrates FortiNAC network access control and FortiAuthenticator user authentication to lock down access to internal resources. These zero-trust access solutions ensure that users of the public Wi-Fi have restricted privileges and are unable to access the company’s internal resources.

The fuel distributor is extending zero-trust principles by adopting a segmentation strategy via the same FortiGate technology to isolate the service stations’ IT networks from the operational technology (OT) equipment that controls gas pumps and systems in its fuel distribution centers. Such segmentation is crucial for preventing cyberattackers from moving laterally if they manage to breach the IT infrastructure, which precludes them from possibly shutting down equipment within a service station or refinery. This cybersecurity best practice helps minimize the risk that ransomware or another type of attack on the WAN will interfere with the company’s ability to provide customers with the fuel they require.

In the period leading up to the engagement with Fortinet, the company’s internal networking and security staff were essentially flying blind. They possessed limited information about network usage, and their previously deployed firewall product made it time-consuming to detect threats and attempted attacks. The streamlined management and clear visibility afforded via the FortiGate Secure SD-WAN were key factors in the company’s decision to roll out the Fortinet solution. Moving forward, internal staff can confidently and efficiently keep an eye on network activity and neutralize security threats in an expeditious manner. 

High Performance and Visibility Set the Stage for a Bright Future with Secure SD-WAN

The company has realized numerous benefits through the tight integration of security and networking throughout the new infrastructure. Operational costs are much lower. The company has eliminated its wide-scale reliance on MPLS. In addition, the Fortinet solutions’ ease of implementation has enabled the company’s small internal IT staff to take over WAN provisioning and analytics from the service provider the company formerly depended upon.

More important than the cost reduction through ease of network management are the increased customer loyalty and the opportunity to generate additional revenue through high-performance cloud apps and localized advertising. Through it all, the advanced security features in the FortiGate NGFWs sustain the security of company resources.

Fortinet’s approach to security-driven networking has prepared the company to grow rapidly. Its strategic plan calls for tripling its number of service stations, across multiple countries, over the next five years. In the legacy environment, the company’s dependence on its external service provider would have rendered this corporate vision and service to the customer impossible. Provisioning MPLS service for a new gas station used to take four months or more. Now, the internal team can deploy Fortinet networking and security to 40 or more new sites in a single month.

For the tens of millions of customers who visit the company’s service stations each month, the Fortinet solution has substantially improved their customer experience. And for the company, the networking, security, and SD-Branch capabilities delivered by Fortinet have set the stage for a bright future.

Take a security-driven networking approach to improve user experience and simplify operations at the WAN edge with Fortinet Secure SD-WAN.