Due to its location in rural Indiana, East Noble School Corporation at one point had to rely on three different internet providers to get enough bandwidth for the district’s students and educators.
Only a small number of cybersecurity vendors could provide firewall capabilities for all three, and East Noble’s vendor charged based on bandwidth. This meant that as the district’s use of online resources grew, so did its security bills. Eventually, the cost increases led the district to adopt a FortiGate next-generation firewall (NGFW) from Fortinet. While the move was initially driven by cost, the new firewall also gave the district access to new security features, including web filtering, intrusion prevention and load balancing.
“We slowly started testing it, because we truly didn’t believe that it would do what they told us it would do,” says Rick Williams, the district’s network manager. “But we found that the FortiGate did the work of four security appliances, and now our entire network runs through it.”
Amy McLaughlin, project director for the CoSN cybersecurity and CIRCUITS initiatives, notes that most vendors have largely phased out their legacy firewalls in favor of NGFWs. However, these newer offerings typically come with only certain baseline capabilities activated out of the box, allowing districts to turn on new features over time as new budget becomes available.
“The key upgrade opportunity is when your current firewall is ready to age out,” McLaughlin says. “If you have other solutions behind it, you can always plan to scale up the licensing on your NGFW as those other solutions come offline. So, it does take planning and timing, but you don’t have to do everything at once.”
Click the banner below to discover how next-generation firewalls keep K–12 districts secure.
NGFWs Represent ‘A Massive Change’ for East Noble
Almost immediately, the FortiGate NGFW resulted in a $45,000 annual savings in tech costs for East Noble, as well as a savings of approximately 10 staff hours a month, says Joanna Cook, the district’s CTO. “We have a staff of eight,” Cook notes. “Having the FortiGate helps us use our resources more efficiently because it does so many things all wrapped into one.”
Over time, East Noble activated more NGFW features, such as FortiGate’s VPN capability, which gives staff secure remote access to district resources such as grading systems and security camera footage. The district has also implemented Fortinet wireless access points, identity management tools, and endpoint detection and response capabilities.
In just one example of how the FortiGate solution has protected the district, Williams says, the NGFW detected and contained an attack on the machine of an administrative assistant who had access to a wide range of critical systems. “It saved us from a ransomware attack, and the attack never really even had a chance to get started,” Williams says. “We’ve also had some denial-of-service attacks that it’s done a really good job of stopping.”
“It’s been a massive change,” Williams adds. “We can see everything on our network, and it’s done everything we’ve asked it to do. It’s made doing my job a lot easier.”
Back to the article
Autoplay
Full Screen
Grid View
Exit Full Screen
Back to the article
Autoplay
Full Screen
Grid View
Exit Full Screen
NGFW Success Depends on Configuration
Mecosta-Osceola Intermediate School District, which provides administrative support to six local districts in Michigan, adopted WatchGuard NGFWs several years ago. Fred Sharpsteen, assistant superintendent for technology services, says the organization made the move largely for cost reasons, and he notes that custom rules configurations are often just as important as the choice of vendor.
For example, when a major learning management system was compromised in late 2024, the WatchGuard firewalls caught the attack because officials had enabled geofencing features.
“As I see it, a firewall by itself doesn’t secure anything,” Sharpsteen says. “It’s about building the rules behind it.”
Mike Schonert was with Mecosta-Osceola during the WatchGuard implementation, and he is now an analyst at MiSecure, the state’s K–12 cybersecurity program. In addition to enabling geofencing, districts should configure their NGFWs to disable remote administration without a VPN connection protected by multifactor authentication, he suggests.
We can see everything on our network, and it’s done everything we’ve asked it to do.”
Rick Williams
Network Manager, East Noble School Corporation
“If you leave remote management open to the outside world, even with geofencing, somebody inside the U.S. — or even somebody with a VPN connection into the U.S. — is going to try to break in. I know of two districts that were compromised because their firewall was poorly set up, and that’s not abnormal.”
Matt McMahon, a project director for MiSecure, says districts around the state use NGFWs from a variety of vendors, including Fortinet, SonicWall and Palo Alto Networks. “A lot of smaller districts probably don’t vary much from their baseline configurations,” he notes. “Some aren’t even quite sure how to do some fairly basic things on their firewall. It’s just a matter of funding. That’s why we support all 56 ISDs in the state. We’re well beyond the days when schools can just go it alone.”
NGFWs Put an End to Outages
With its legacy firewall, Athens Independent School District in Texas experienced frequent network downtime that disrupted teaching and learning.
“We were constantly getting hit with DDoS attacks that took down our firewall,” recalls Tony Brooks, director of technology. “We would be down anywhere from two to six hours, and we had to work with our internet provider to help get us back up. It was horrible.”
That all changed after the district adopted a next-generation solution from Fortinet. Athens ISD initially purchased a FortiGate 900D and now has a FortiGate 2200E after several refresh cycles.
The shift, Brooks says, made an immediate difference.
57%
The percentage of K–12 districts using a next-generation firewall
Source: CoSN, “2025 State of EdTech District Leadership,” May 2025
“We hardly ever have outages now. The only time we do is when we have a power surge or power loss,” Brooks says. “Now, when we have a DDoS attack, the FortiGate firewall just stops it. It has more brainpower than our previous firewall, and it’s able to withstand the hit.”
The district has adopted switches, access points and other solutions from Fortinet, and Brooks says the integrated approach has streamlined management. Previously, he would have to travel to physical campus locations to get faulty switches back up and running; he can now manage much of the network centrally through the FortiGate firewall.
Brooks says that Athens ISD uses its NGFW for a number of security features, including intrusion prevention, anti-virus, web filtering, email filtering and application control. “It’s just got so many features,” he says. “When you integrate all of these together in a firewall policy, it gives you so much control, and it gives you so many ways to either block something or allow something. It’s been a game changer.”
llustration by Matt Chinworth
