The Trusted Internet Connection (TIC) initiative, designed to enhance network and perimeter security across the federal government, has evolved considerably since it was conceived a decade ago as an attempt to tame the “Wild West” of federal Internet access through thousands of disparate – and in many cases – undocumented connections with varying levels of security.
TIC 1.0 standard consolidated federal Internet connections to a few high-bandwidth gateways. Implementation was uneven, resulting in continued vulnerability across the federal government due to the continued use of legacy connections.
TIC 2.0 introduced a reference architecture that featured an expanded set of capabilities such as VPN’s. However, the only way mobile users and field offices could connect to the public Internet or services such as Microsoft Office 365 is through the core backbone connections on the main agency infrastructure. Hence, traffic destined for places such as Office 365 had to be backhauled over each VPN connection to the core agency data center, then routed to the appropriate public cloud service. This undercut the key advantages of a cloud-based architecture, increased backbone traffic, and degraded the end-user experience and application performance.
TIC 3.0 was released in September 2019 and introduces needed flexibility to allow federal users provide direct Internet connectivity to remote users and field offices. It allows direct connection from the end user to the cloud. In other words, remote users can directly access services such as Office 365 or Google Cloud without backhauling the traffic to the core data center, thereby speeding performance and lowering bandwidth requirements – and saving money for the agency.
Fortinet Secure SD-WAN is the perfect solution for TIC 3.0
Fortinet’s Fortigate Next-Generation Firewall appliance is the perfect technology for federal agencies to take advantage of TIC 3.0. Each Fortigate. – even the lowest-cost solution – comes built-in with SD-WAN already included in the price. SD-WAN allows each remote Fortigate firewall to determine the best path for the traffic based on a variety of user-defined performance metrics. Traffic destined for Office 365 can go directly there using a secure tunnel, while traffic destined for the agencies own servers can route along that path, whether those servers are in the public cloud or private data centers. Below is a white paper on how Fortinet SD-WAN fits perfectly with the federal government’s TIC 3.0 standard.
Move from a hub-and-spoke architecture to a software-defined architecture
Fortinet SD-WAN allows federal agencies to move from a dated, inefficient hub-and-spoke architecture to a much more modern mesh architecture, where branch office users can directly access the necessary cloud-based resources without backhauling all traffic to a central agency firewall. This frees up bandwidth, lowers costs, and improves performance significantly for remote branch offices and mobile users.
Central design and control, local deployment
Fortinet SD-WAN allows departments to have centralized control of their firewall and intrusion detection software using products like Fortimanager, and push those policies and updates to remote locations with ease. The path through the network is defined by software, not physical hardware, and can change based on traffic flows, security policies, and circuit availability. In addition, because each remote “router” is actually a fully functional Fortigate Next Generation Firewall, security is pushed to the edge rather than at the core. Packets can be inspected locally for malware, and isolated depending on the traffic payload.
Fortinet SD-WAN and TIC 3.0 brings government WAN traffic into the modern business age while maintaining high security standards
The Fortinet SD-WAN solution, coupled with the new federal TIC 3.0 standard, allows federal agencies to take advantage of modern software-defined networks and move their remote users and agencies into modern technology such as cloud architecture and software-as-a-service, all while maintaining the heightened security posture needed by federal agencies.
Fortinet SD-WAN is easy to deploy and extremely cost-effective
Best of all, Fortinet SD-WAN is built into every single Fortigate firewall. There is no need to purchase anything new, add a new device to manage, or learn new software. If you have Fortigate firewalls now, all you need is to start setting up SD-WAN rules and policies. No licensing, no software, no additional hardware. If you need new firewalls, you can purchase cost-effective Fortigate firewalls knowing that they have SD-WAN capabilities built right in, at no additional cost.