Home / Case Studies / JQZ Corporate Firewall
Case Study · Property Development · Corporate Firewall · FortiGate · Sydney NSW

JQZ strengthened its corporate network edge with a managed FortiGate firewall deployment.

JQZ operates a substantial Sydney property development environment across head office, sales suites and project locations. The business depends on secure access to Microsoft 365, finance systems, project information, consultant collaboration, settlement communication and executive workflows every day. The corporate firewall could not be treated as a simple perimeter appliance. It needed to support secure connectivity, user access, branch and site traffic, VPN requirements, Microsoft 365 performance, threat prevention and ongoing manageability.

Inlight IT delivered a corporate firewall deployment for JQZ, aligned to a cyber-first managed IT model. The focus was not only installation. It was to create a supportable firewall environment with clearer policy control, stronger perimeter protection, managed access pathways and a better operating foundation for future network and SD-WAN requirements.

JQZProperty DevelopmentCorporate FirewallFortiGate PlatformSydney NSW
Bespoke project image
Engagement at a glance
JQZ
JQZ Corporate Firewall
Corporate firewall deployment and managed network security
Industry
Property development and construction
Environment
200+ users across head office, sales suites and project locations
Engagement
Corporate firewall deployment and managed network security: replace or establish a more supportable firewall environment for secure internet access, site connectivity, VPN access, Microsoft 365 traffic and perimeter control
Outcome
A managed firewall platform supporting stronger perimeter security, clearer traffic control, controlled remote access and improved network supportability
Why this matters

A corporate firewall is not just a device at the edge. It is the control point between the business, the internet, cloud platforms, users and remote access.

JQZ’s technology environment had to support a busy property development operating model: head office users, sales suite activity, project locations, finance workflows, consultant communication, settlement activity and Microsoft 365 collaboration.

In that context, firewall deployment needed to do more than restore internet connectivity. It needed to provide a cleaner security and network control point for the business: policy, inspection, VPN access, logging, firmware lifecycle, cloud traffic handling and future network changes. Inlight IT treated the deployment as a managed firewall and network security project, not a hardware installation.

What made it important

JQZ needed a corporate firewall environment that could support a multi-site property business, not just protect a single office connection.

The firewall needed to support secure business operations across users, locations, applications and external dependencies. For JQZ, the key risk was not only whether traffic could pass through the firewall. It was whether the environment would remain secure, visible and supportable after deployment.

The firewall needed to support multiple business workflows
Property development workflows depend on email, project documents, finance systems, consultant communication, sales activity, executive access and settlement-related communication. Firewall policy had to support these workflows without creating avoidable performance or access issues.
Microsoft 365 and cloud traffic needed practical handling
Microsoft 365 traffic behaves differently from traditional on-premises application traffic. If firewall and routing decisions are poor, users feel it through Teams performance, file access, mail latency and general cloud application experience. The network edge needed to support cloud-first productivity without unnecessary backhaul or policy friction.
Remote and site access needed stronger control
Users working across project locations, sales suites and remote environments require controlled access pathways. Traditional VPN access can be useful, but it needs proper policy, MFA alignment, user control and review. The firewall platform also needed to support future access improvements, including ZTNA where the identity and application model justified it.
Firewall rules needed an operating model
Firewall rules tend to accumulate over time: temporary access, project requirements, third-party access, remote access, application exceptions and legacy rules. Without review, the firewall becomes harder to manage and less defensible. The deployment needed a cleaner operating baseline so rules, policies and exceptions could be managed properly.
Firmware and security services needed ownership
Firewall protection depends on more than the appliance. FortiGuard services, IPS signatures, firmware cadence, SSL inspection decisions and alert review all require ownership. A deployed firewall without lifecycle management becomes a future exposure.
What Inlight IT delivered

A managed corporate firewall deployment aligned to JQZ’s users, sites, applications and security posture.

Inlight IT delivered the firewall project around five practical workstreams: current-state review, FortiGate deployment, policy and traffic control, remote access and VPN, and ongoing managed operation.

01
Firewall design and deployment
The firewall was deployed as a production security control, not simply a replacement appliance. Inlight IT reviewed the operating requirements and deployed the corporate firewall around the traffic patterns, access requirements and support needs of the business.
Corporate firewall deployment
Internet edge and traffic flow review
Firewall policy baseline
NAT and routing considerations
Application and service access requirements
Migration and rollback planning
Production cutover support
02
Policy, rules and traffic control
Firewall rules were structured around business access requirements and supportability. The deployment created a clearer policy foundation for allowed traffic, blocked traffic, remote access, internet access, cloud application access and business system dependencies.
Firewall rule review and implementation
Policy structure aligned to business use
Removal or avoidance of unnecessary open paths
Application control considerations
Logging and visibility considerations
Rule documentation and support handover
Ongoing rule review pathway
03
Threat prevention and FortiGuard services
Security services were considered as part of the firewall operating model. FortiGate value depends on how its security services are configured and managed. Inlight IT aligned the deployment to practical threat-prevention controls, with attention to performance, inspection depth and operational support.
FortiGuard subscription awareness
IPS and application control considerations
Web filtering considerations
DNS security considerations
SSL inspection decision pathway
Firmware and patch cadence considerations
Security alert and escalation pathway
04
VPN, remote access and ZTNA readiness
Remote access was treated as an access-control problem, not only a connectivity feature. The firewall environment needed to support users who access systems from outside the office, while keeping access appropriately controlled.
VPN and remote access review
MFA and identity alignment considerations
Remote user access policy
Third-party or contractor access considerations
Segmentation and least-privilege access considerations
ZTNA readiness discussion where appropriate
Break-glass and support considerations
05
Managed firewall operation
The firewall was brought into the managed IT rhythm. After deployment, the firewall needed operational ownership. Inlight IT aligned the firewall to ongoing managed support, review and escalation so it would not become unmanaged perimeter infrastructure.
Firewall monitoring considerations
Firmware lifecycle review
FortiGuard renewal awareness
Policy change management
Issue escalation
Service review alignment
Ongoing security and network improvement
Market context

The network edge is now a priority attack surface.

Firewall, VPN and perimeter devices are no longer background infrastructure. Attackers actively target edge devices because they can provide initial access, credential capture, configuration exposure and lateral movement pathways.

22%
Of vulnerability exploitation actions targeted edge devices and VPNs in 2025, an almost eightfold rise from 3% the previous year.
54%
Of exploited edge-device vulnerabilities were fully remediated, with a median remediation time of 32 days.
1,700+
Times the ACSC notified Australian entities of potentially malicious cyber activity, an 83% increase year on year.

Sources: Verizon 2025 Data Breach Investigations Report and ASD’s Annual Cyber Threat Report 2024–25.

For a property developer, the firewall protects more than internet access. It protects the network path behind sales activity, finance workflows, project records, settlement communication, remote access and Microsoft 365 connectivity. Edge-device exposure is now a board-level cyber risk, not a network-engineering footnote.

What changed

JQZ gained a more supportable corporate firewall environment for users, sites, cloud services and secure access.

The deployment gave JQZ a stronger firewall operating baseline. The environment became easier to support, easier to review and better aligned to the business’s security, network and access requirements.

Perimeter security
The firewall became a clearer control point for internet access, inbound and outbound traffic, remote access and perimeter policy.
Policy control
Firewall policy could be managed with clearer structure, reducing the risk of unmanaged rules, unclear exceptions and unnecessary access paths.
Cloud productivity
Microsoft 365 traffic was treated as part of the firewall and network operating model, not as generic internet traffic.
Remote access
Remote access could be reviewed against identity, MFA, user access and future ZTNA suitability.
Managed operation
Firmware cadence, security services, rule review, escalation and improvement became part of ongoing IT management.
Proof from the work

A corporate firewall environment treated as a managed security and network control point.

200+ users supported
Corporate network security aligned to a 200+ user property development business.
FortiGate managed platform
Firewall deployment structured around security, traffic control, policy management and ongoing operational ownership.
M365 cloud traffic considered
Microsoft 365 and cloud application access considered as part of the firewall and network design.
Cyber-first perimeter control
Firewall, access, firmware, rules, VPN and security posture treated as managed disciplines, not once-off configuration.
Remote access pathway
VPN, MFA and ZTNA suitability considered as part of the access model.
Managed lifecycle
Firmware cadence, FortiGuard services, rule review and escalation brought into managed IT.

The strongest firewall deployment is not the one that finishes at cutover. It is the one that remains controlled after the first change request.

Engineering-led, cyber-first

Technology and service scope.

Firewall & edge
FortiGate Firewall Deployment
Corporate Firewall Policy
Internet Edge Security
Firewall Rule Review
Threat prevention
FortiGuard Services
IPS & Application Control
SSL Inspection Decision Pathway
Network & access
NAT & Routing
VPN & Remote Access
Microsoft 365 Traffic Considerations
Network & SD-WAN Readiness
Lifecycle & operations
Firmware Lifecycle Review
Managed Firewall Operation
Practical next step

Need a firewall deployment that stays managed after cutover?

We review firewall policy, access and lifecycle, then manage the environment after cutover.

Discuss Firewall Review