Connectivity

FortiGate and Aruba network architecture for Paris SMBs

Design, deployment and hardening of performant networks to guarantee connectivity, stability and scale.

Réseaux entreprise FortiGate Aruba

Secure infrastructure starts with well-designed network architecture. Threats evolve, usage multiplies, data moves — but a solid foundation stays essential. Our approach favours resilience, segmentation and access protection.

Who it is for

Who it is for

Head offices and workplaces

Companies of 20 to 300 employees needing reliable, secure, supervised connectivity.

Multi-site retail

Stores and showrooms linked to headquarters via IPsec VPN. PCI-DSS compliance on POS networks.

Event venues

Public-reception spaces with load constraints (high-density Wi-Fi), control-room needs (Dante audio, IP video) and event-grade reliability.

Regulated organisations

Finance, healthcare, defence: strict segmentation, logging, flow control, NIS2 or ISO 27001 compliance.

What we do

What we do

01

Network architecture

Full design: topology, addressing plan, VLAN segmentation, business continuity plan, carrier-link sizing.

02

FortiGate firewalls in HA

FortiGate deployment in active-passive or active-active HA, granular security policies, SSL inspection, intrusion prevention.

03

Aruba enterprise Wi-Fi

Aruba Wi-Fi 6 / 6E access points, controllers or InstantOn depending on size, guest / staff / IoT Wi-Fi segmentation, seamless roaming.

04

Site-to-site IPsec VPN

Interconnection of sites (HQ, stores, managed remote work) via encrypted IPsec VPN, dynamic routing, carrier redundancy.

05

Multi-carrier SD-WAN

Fibre plus 4G/5G aggregation, automatic failover on cut, prioritisation of critical traffic (voice, video, POS).

06

Supervision and SOC

24/7 supervision, proactive alerting, SIEM log collection, event correlation. Optional integration with an external SOC.

Methodology

Methodology

01

Network audit

Inventory of the existing network, identification of weak points, real-performance measurement, flow mapping.

02

Target architecture

Detailed design, equipment selection, migration plan, full pricing. Validation with leadership.

03

Deployment

Physical installation, configuration, progressive VLAN migration, failover testing, full documentation.

04

Operations

24/7 supervision, patch management, quarterly policy review, continuous adjustments as usage evolves.

Stack

Technologies

Proven network stack chosen for robustness and available French expertise.

Firewall

  • FortiGate 60F/100F/200F
  • FortiManager
  • FortiAnalyzer

Wi-Fi

  • Aruba Instant On
  • Aruba Central
  • Aruba 303/505/635
  • Wi-Fi 6E

Switches

  • Aruba CX 6100/6200
  • Ubiquiti UniFi
  • MikroTik (selective)

SD-WAN

  • FortiGate SD-WAN
  • Fortinet Secure SD-WAN

Supervision

  • PRTG
  • Datadog
  • FortiMonitor
  • Uptime Kuma

Case studies

Case studies

Paris office of a reinsurance group

Reinsurance · corporate workplace

Workplace network supervision and maintenance, Teams Rooms meeting-room operations, compliance and segmentation required by the group.

Paris event venue

Event space

Network sized for high-density event Wi-Fi, isolated control-room VLAN, SD-WAN with 4G/5G failover, reinforced supervision on production days.

Multi-site cultural institution

Culture · galleries

Interconnection of several Paris spaces via IPsec VPN, secured guest Wi-Fi, ticketing and reception-system supervision.

Contemporary fashion brand

Fashion · multi-store

Multi-store network, VPN to headquarters, segmented client / staff / POS Wi-Fi, continuous supervision to guarantee till availability.

Engagement

Engagement model

Architecture and deployment project billed as a flat fee. Maintenance and supervision via a monthly recurring contract covering firmware updates, policy changes, 24/7 support on critical incidents and proactive supervision. Equipment is purchased directly by the client (we can manage the order without intermediary margin).

FAQ

Frequently asked questions

FortiGate or another firewall brand?
FortiGate remains our default recommendation for Paris SMBs: excellent value for money, available French expertise, coherent Fortinet ecosystem (FortiManager, FortiAnalyzer, FortiClient), current security certifications. Relevant alternatives by context: Palo Alto Networks for large accounts demanding the best threat catalogue, pfSense for tight-budget non-critical sites.
How much does a FortiGate HA deployment cost for a head office?
For two FortiGate 100F in HA, the project breaks down into hardware plus 3-year vendor licenses and installation/configuration effort. Effort depends on the complexity of existing rules to migrate, the number of VPNs to configure and the documentation level expected. Supervision and recurring maintenance bill monthly afterwards. The investment amortises over 3 to 5 years, typical life for this equipment class. Contact us for pricing.
Aruba or UniFi for enterprise Wi-Fi?
Aruba (HPE) is our choice for demanding professional environments: high density, precise QoS, centralised governance, solid vendor support. UniFi suits small deployments (under 10 APs) or less critical environments: attractive value for money but more limited support and advanced features. Aruba InstantOn is the SMB compromise.
What is a site-to-site IPsec VPN?
An encrypted tunnel between two firewalls (typically HQ and store) that lets the local networks communicate as if physically connected. Users and equipment access HQ resources (servers, printers, shares) transparently. Encryption runs on the firewalls, no user action.
IPsec VPN versus Zero Trust?
IPsec VPN creates a network-to-network tunnel and then grants access to all resources by routing. Zero Trust (Zscaler, Cloudflare Access, Tailscale) enforces per-user policies with continuous identity and context verification. Zero Trust is finer and more modern but requires application refactoring. IPsec VPN stays the norm for inter-site interconnection.
How do we handle high-density event Wi-Fi?
Sizing by expected density: 1 AP per 30-50 concurrent light users, 1 AP per 15-20 on heavy usage (streaming, video-call, POS). Wi-Fi 6E where modern devices dominate. QoS policies to prioritise critical traffic. Strict segmentation between public, staff and control-room SSIDs. Load testing before the event.
What is PCI-DSS segmentation for stores?
The PCI-DSS standard requires that the network carrying card data (payment terminals, tills) be strictly isolated from the rest (guest Wi-Fi, back office, IoT). This is enforced via dedicated VLAN with explicit firewall rules, blocked unnecessary flows, in-transit encryption. We configure and document this segmentation from the store opening.
How do you supervise a multi-site network?
Via FortiManager / FortiAnalyzer for the FortiGate fleet, Aruba Central for the Aruba fleet, complemented by external probes (PRTG or Datadog) measuring availability from the internet. Automatic threshold alerts, criticality-based escalation, weekly leadership dashboard. Major incidents trigger immediate 24/7 intervention.

Next step

A network project to scope?

We audit your existing network and design an architecture sized to your stakes.

Book a meeting Contact us

Nos autres services

Support informatique, gestion du parc
Proximity

IT Support

Day-to-day management of your IT fleet (Mac, PC, mobile) with human on-site and remote support. Built on modern tooling: MDM, inventory, SSO identity, EDR.

En savoir plus
Service managé, supervision et automatisation
Cloud

Managed Services

Monitoring, maintenance and hardening of your IT. MDM, centralised inventory, EDR, Zero Trust Network Access, SSO SAML, migrations: modern premium IT management, tooled.

En savoir plus
DSI à temps partagé
Strategy

Fractional CIO

Strategic expertise to steer your information system, without the weight of a full-time role.

En savoir plus
Stratégie IA pour PME et marques
Innovation

AI Strategy

Define, test and deploy generative AI in service of your business. Maturity audit, measured pilots, Claude for Work / Microsoft Copilot rollout, data governance.

En savoir plus