SECURE BUILDING TECHNOLOGY WITH FORTIGATE AND FORTISWITCH

Siemens Switzerland is relying on Fortinet for building technology networks

You can’t ignore security – and that also applies to building technology. At Siemens Switzerland, the technical IP
networks are protected by Fortinet switches and next-generation firewalls – both in customer projects and for their
own operations.

A significant division of Siemens, the global technology group, is dedicated to building automation and energy technology; Siemens Smart Infrastructure (SI) offers its customers consulting, systems integration and services for secure, energy-efficient buildings and infrastructures. The global headquarters of Siemens SI are located in Switzerland, while the regional company Siemens Switzerland supplies its Swiss customers with comprehensive building technology solutions, including all relevant components – from fire detectors and video surveillance solutions to access control products.

“Recent years have seen building automation increasingly relying on digital technology,” explains Roger Hiestand,

Head of IT Security at Siemens Switzerland. Where analog video cameras were once used, digital cameras are now commonplace. This requires an IP-based network with switches and other network components for data transmission. “In the past, each department procured the relevant components itself, taking different manufacturers into account,” says Hiestand.

Using FortiSwitch and FortiGate gives us fundamental security for technical IP networks at low cost.” – ROGER HIESTAND Head of IT Security, Siemens Switzerland

“There was no standard and no central management.” However, the goal of his ISC department is to standardize the IT components used in Siemens Switzerland’s customer projects. At the same time, projects under the banner of Industrial IoT (IIoT) are set to increasingly shift their focus to security.

Segmentation: a basis for security

Segmentation of the IIoT network using VLANs is a core element of the new IT portfolio developed by Hiestand and his eight-person team. The idea was for it be as simple as possible to set up, centrally manage and implement with products that are compatible with IIoT projects – both in technical and pricing terms. The data throughput is relatively low compared to traditional IT solutions, with numerous smaller, distributed switches replacing the model of a few central switches with lots of ports.

Roger Hiestand weighed up several options before deciding in favor of Fortinet’s products, which underwent a successful test phase. This resulted in close contact with Fortinet’s Swiss subsidiary and with BOLL Engineering, the value-added distributor. “When it came to choosing a partner, proximity was important to me. When we develop a concept, we want to talk directly to competent specialists,” says the IT security manager. Proximity to the manufacturer was guaranteed thanks to the Fortinet subsidiary in Dietlikon and a dedicated contact. And BOLL won Siemens Switzerland’s Head of IT Security over with its clear focus on IT security. The chemistry was right too, as Hiestand explains: “BOLL’s staff are extremely customer-focused and skilled. BOLL is a strong partner with extensive expertise, its own training department and its own warehouse. This is another important factor, because we can’t wait long for the ordered goods to arrive since our projects run to such tight schedules.”

Greater security with next-generation firewalls

Mid-2017 saw the switches previously used in technical IP networks replaced by Fortinet’s powerful FortiSwitches. The technicians working in the field saw little change at first, as even the new devices weren’t centrally managed to begin with. Hiestand’s department then held security training sessions throughout 2018 and added firewalls from Fortinet’s FortiGate range to the portfolio. “This means we can now manage everything centrally and integrate it into our security fabric. We’re achieving fundamental security with little effort.” FortiGate 60E, 100E and 100F appliances are used in customer projects nowadays. The switches are usually models from the 100 series; the FortiSwitch 124-FPOE with an Ethernet-based power supply for video cameras often plays a key role.

“The fact that the smaller FortiGate models were previously only capable of managing eight switches was a problem for us. That’s not enough to meet our needs,” adds Roger Hiestand. This meant they had to use larger FortiGate models in numerous projects due to the considerable number of switches – even though the performance of smaller firewalls in the FortiGate range would have been more than sufficient. To discuss this issue with the supplier, Hiestand got in touch with the relevant product manager at Fortinet. Luckily, the partner was flexible – since FortiOS version 6.2, the smaller FortiGate boxes now also support management of up to 16 switches. “This is hugely helpful to us and shows that Fortinet is extremely customer-focused and interested in listening to its customers and partners,” says Hiestand enthusiastically.

“BOLL is a strong partner with extensive expertise, its own training department and its own warehouse, and short delivery times to boot.” -ROGER HIESTAND Head of IT Security, Siemens Switzerland

Successful projects implemented

The Siemens SI headquarters in Zug are a showcase project for the new network and security portfolio. Siemens Switzerland has set up a Fortinet-based IIoT core network for the newly constructed building – with 35 FortiSwitches and two 300E FortiGates configured as failover clusters.

SieFortiSwitch and FortiGate for the IIoT: the highlights • Affordable switches with eight to 48 ports • Robust segmentation • Smooth integration into the Fortinet security fabric • Next-generation firewalls with ASIC acceleration • Switch management: up to 16 (FortiGate 60E/F), up to 32 (FortiGate 100E/F), up to 48 (FortiGate 300E) mens’ own Scalence switches can still be found on the final level, in the switch cabinets of the individual building areas. Roger Hiestand: “This proves that we can use our standard solution from the portfolio and integrate other solutions at the same time.”

The next job for the ISC team was to start work on Siemens Switzerland’s new site. The former Steinhausen and Volketswil sites were brought together on the Siemens campus in Zurich, where – in addition to the Siemens network which holds responsibility for general IT – there is a “TechNet” which they use for simulating customer projects. Each workstation and meeting room is equipped with a dedicated network cable that provides access to this technical IP network. Currently, the TechNet consists of a core area with two 524D FortiSwitches, 14 424E FortiSwitches and 44 access switches from the FortiSwitch 100E series. Two 100F FortiGates are used for central management and security, supporting the operation of a 10-gigabit ring. This means that all 60 switches can be managed in combination with another 100E FortiGate. The TechNet contains about 1,500 ports in total and offers a separate VLAN for each department. What’s more, there’s an entire WLAN infrastructure for the TechNet with 16 access points at present; not just useful for the company’s own employees, they are also used as a test environment in planning out comparable building network WLAN solutions for customers.

FortiSwitch and FortiGate for the IIoT: the highlights

• Affordable switches with eight to 48 ports
• Robust segmentation
• Smooth integration into the Fortinet security fabric
• Next-generation firewalls with ASIC acceleration
• Switch management: up to 16 (FortiGate 60E/F), up to 32 (FortiGate 100E/F), up to 48 (FortiGate 300E)

ABOUT SIEMENS SWITZERLAND

Siemens, the technology group founded by Werner von Siemens in 1847 which has long since become a major global player, first entered the Swiss market when it built the Wynau power plant in the canton of Bern. Over the ensuing 125 years, Siemens has continuously developed its areas of activity. Today, the regional company Siemens Switzerland employs a staff of over 2,200 and in 2019 generated revenue of CHF 798 million. A total of more than 5,700 employees work for the Group in Switzerland at over 20 locations, one of which is the global headquarters of the Smart Infrastructure division, which focuses on building technology and energy systems.

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Infovista announces sQLEAR a ML-based standard for 5G VoNR voice quality testing approved by ITU

Posted on: December 2, 2021

Paris, France. December 2nd, 2021 – Infovista, the global provider of network lifecycle automation (NLA), announced that its sQLEAR machine learning-based algorithm has been approved by ITU for QoE testing of mobile all-IP voice services, including Voice over LTE (VoLTE), Voice over New Radio (VoNR) and OTT voice.

Read more

Infineon’s AIRO cloud connectivity manager supports the AWS IoT expressLink

Posted on: December 2, 2021

Munich, Germany, and San Jose, California. 30 November 2021 – Infineon Technologies AG announced the company’s new AIROC IFW56810 Cloud Connectivity Manager (CCM) solution supports the AWS IoT ExpressLink standards and specifications. This combined offering makes it easier and faster for companies and end customers to connect products such as industrial sensors, home appliances, irrigation systems

Read more