Case Study - The Holy See

WatchGuard Secures Holy See Pavilion at EXPO 2015

Challenge

The Holy See (the authority, jurisdiction, and government function associated with the Papacy) was present with its own pavilion at EXPO 2015 - a world’s fair embracing technology, innovation, culture, traditions and creativity, held in Milan, Italy. During the six month run of the public exhibition, the Holy See welcomed nearly two million visitors and hosted two highly revered works of art – the painting The Last Supper by Tintoretto and the tapestry The Institution of the Eucharist by Rubens.

With various vendors supplying a large array of production equipment inside the pavilion to account for, from video surveillance to projection equipment, the Holy See required a network security solution that would enable reliable and safe connectivity for all appliances on the network. Operators inside the pavilion, as well as administrators of the technical equipment, (who had to monitor their appliances remotely and make related adjustments), needed a secure Internet connection. Additionally, all visitors to the pavilion would require reliable, secure Wi-Fi access. Maximum security of the entire network was critical, as was the ability to segments guests from operational networks.

Solution

The Holy See’s requirements were met with WatchGuard’s XTM 330, galvanized by an AP100 access point for Wi-Fi, centrally located in the pavilion. An Internet connection was supplied through two wireless broadband lines, with a 4G emergency line to be used in the event of failover. Subnets were configured so that each supplier could safely and autonomously access their equipment through a Mobile Office VPN connection. Segmented Wi-Fi was created through two subnets: one for on site operators to access the network, the intranet site and the Internet, and another subnet for guest Wi-Fi access.

The XTM 330 and AP100, like all other devices on the network, were monitored 24 hours a day through a SNMP (Simple Network Management Protocol) with the network monitoring software PRTG. Data was communicated in real time on a special console located on the Infopoint and on tablets supplied to operators. Logging of all WatchGuard traffic was recorded through Dimension - a reporting and visibility solution that comes standard with WatchGuard’s Unified Threat Management platform - on an off site server.

Results

In the words of one Holy See official, WatchGuard was chosen because “...in addition to significant savings in terms of secure connectivity compared to solutions proposed by other suppliers, we were given the opportunity to configure security policies with a high level of detail so that we were able to create a configuration exactly according to our needs and requirements. The ability to monitor the firewall in real-time and get detailed reports was crucial to better control the general operation of the entire network during the whole event. A few weeks after the close of EXPO, we can say that everything worked well and that safety was effectively ensured for all six months.”