July 10th, 2015

Large Civilian Agency Employs a Secure Network Access Control Solution

Force 3 worked with one of the largest sub-agencies within the US Federal Government, consisting of over 1,200 network connected locations, across all 50 US States and Puerto Rico. These network connected locations are typically multi-purpose government facilities, housing different agencies and other government offices. In most cases, this civilian agency is the larger tenant agency and is responsible for providing all communication or network access services. As the facilitator, the agency themselves, identified a critical security problem in segmenting or isolating different agency networks, providing secure guest or partner access, and complying with security regulations set by the parent department.

To combat these issues, this agency consulted with Cisco and ultimately Force 3 to help architect a scalable, multi-phased network access control solution. Force 3 had the unique position and customer knowledge to guide the agency through the initial proof of concept solution, leveraging Cisco NAC, to the production solution of deploying Cisco ISE across their entire connected network.

  • Force 3 successfully deployed both, Wired and Wireless ISE in Closed Mode to over 50,000 end points within the Forest Service, across the country.
  • The ISE deployment included authentication, authorization, guest, 802.1x configuration, and profiling services.
  • To allow for AnyCast VIP services, Force 3 deployed ISE into the main datacenters to account for that and DR.
  • Force 3 successfully integrated ISE with the agency’s Wireless LAN (WLAN) infrastructure, providing ISE capabilities to all WLAN Access Points (AP) being managed by the their Wireless LAN Controller (WLC).

The deployment Develop training and Knowledge Materials (KMs), customized to describe the agency’s ISE instance, are intended to establish a common body of knowledge for CIO Lines of Service to understand the basics in troubleshooting, as well as provide examples of IT service incidents potentially related to 802.1X and/or NAC/ISE services. Force 3 also provides a “Tier 3” support to their own help desk to assist with more advanced ISE service requests.

After several years of strategic partnering and service engagements between this civilian agency and Force 3, several critical services are now a reality within their production enterprise. Flexible, secure guest or partner access is an available service at all ISE deployed locations for both, wired and wireless endpoints. Research facilities that are closely partnered with universities can grant leveled and controlled access to the agency’s network resources or securely facilitate access to broader internet resources. Individual, physical port control is a reality and will help set or define the security edge for all wired access. Force 3’s innovative design and deployment ensured this agency is now ahead of schedule and fully compliant with their security regulatory standards.