The Kenosha Unified School District (KUSD) operates a robust, enterprise-grade network infrastructure, spanning over 40 sites connected by more than 90 miles of fiber optic cable. The network includes 250 switches, 2,500 wireless access points, and more than 35,000 endpoint devices, serving over 24,000 users, including both students and staff. KUSD is seeking a next-generation firewall solution that enhances network security by providing advanced threat detection and prevention capabilities, as well as real-time threat intelligence updates. The selected product must offer comprehensive visibility and alerting features, with capabilities including: Intrusion Prevention and Application Control Ease of Policy Creation Reputable and Actionable Reporting Data The proposed firewall solution will be deployed at KUSD’s central office and disaster recovery (DR) location. The solution must be scalable to meet the demands of an enterprise-level network and must provide high reliability with minimal downtime. KUSD’s network infrastructure is managed internally, adhering to established best practices, and the firewall solution must seamlessly integrate into this environment. The solution will be implemented as an "in-line" firewall and phased into the existing network to minimize disruption to daily operations. Additionally, the district will seek funding assistance through the E-Rate program to support this project. Network Overview: Internet Access: Centralized at the district office, with each school/site connected via two redundant 10Gbps Wide Area Network (WAN) links. Current Firewall Setup: The district currently utilizes a Fortigate 3400E High Availability (HA) pair at the production facility, with a Fortigate 2200E (non-HA) at the disaster recovery site for failover. Required Firewall Features: High Availability for Redundancy: The production firewall must support High Availability (HA) for redundancy to ensure continuous operation and minimize downtime. Synchronization: The new firewall must support synchronization between the production firewall and the DR site. VPN and ZTNA Support: The solution must support both Virtual Private Network (VPN) functionality and Zero Trust Network Access (ZTNA). Multi-Factor Authentication (MFA): The firewall must include MFA capabilities for secure access control. SSL Inspection: The solution must be capable of SSL inspection to monitor encrypted traffic for potential threats. 24/7 Support: The firewall vendor must provide round-the-clock, 365-day technical support.
