Home / Services / Secure Networking and SD-WAN
Secure Networking and SD-WAN

Secure networking that delivers reliable connectivity, controlled access and resilient multi-site operations

Branches, warehouses, manufacturing sites, clinics and project sites: wherever the business operates, performance, connectivity, cloud access, users, carriers and security controls have to work cleanly together. We engineer that layer end to end across firewalls, SD-WAN, remote access, ZTNA, SASE-aligned architecture, carrier links and segmentation, on platforms such as Fortinet and Cisco Meraki.

Secure networking is not only a carrier, firewall or SD-WAN decision.

Operate across
SD-WANFirewallsSecure accessZTNASASECarrier linksCloud accessSegmentation
How we help

Practical network support across SD-WAN, secure access, firewalls and operating design

The right starting point depends on the network position: site performance and connectivity, firewall and VPN policy, SASE or ZTNA access, carrier and underlay, cloud and Microsoft 365 paths, or uncertainty about the next architecture decision.

Not sure where the issue sits? A Network Review can help clarify the right pathway before a major decision, whether the next step is SD-WAN, firewall uplift, SASE/ZTNA, carrier change, cloud-path improvement, documentation or operating-model work.
Start with a Network Review
Secure networking services

How we support secure networking

The right starting point depends on the current environment: site performance, firewall policy, VPN exposure, SASE planning, carrier position, cloud application performance or uncertainty about the next architecture decision.

Managed SD-WAN

Managed SD-WAN supports organisations running multiple sites, regional operations, warehouses, branches or distributed teams where connectivity, failover, application performance and centralised control matter.

The work is not only about replacing links. It is about designing, deploying and operating a network that supports cloud access, branch operations, failover, security policy and visibility across locations. Where Fortinet is the right fit, FortiGate, FortiManager, FortiAnalyzer and SD-WAN can be managed as one operating environment.

Best for multi-site connectivity, failover and network visibilityExplore Managed SD-WAN →
SASE and Zero Trust Access

SASE and Zero Trust Access is for organisations whose workforce, contractors and applications no longer fit a perimeter-based access model. VPN may still be in place, but access may need to become more identity-aware, device-aware and application-specific.

The work can include Microsoft Entra ID hygiene, Conditional Access posture, device compliance, application dependency mapping, Entra Internet Access and Private Access design, ZTNA migration sequencing and Australian secure access requirements. The platform follows the architecture, not the other way around.

Best for VPN replacement, contractor access and secure application accessExplore SASE and Zero Trust Access →
FortiGate firewall and secure edge

FortiGate firewall and secure edge work is for organisations that need stronger control around firewall policy, VPN exposure, branch security, segmentation, lifecycle position or Fortinet operating visibility.

This can involve firewall review, rule clean-up, policy redesign, FortiGate replacement, FortiManager and FortiAnalyzer alignment, VPN remediation, segmentation improvement, secure edge design and implementation. A firewall that is passing traffic is not the same as a firewall that is being properly operated.

Best for firewall uplift, FortiGate implementation and secure edge improvementDiscuss firewall and secure edge →
Network design, deployment and operation

Network design, deployment and operation is for environments where the issue crosses WAN, firewall, VPN, branch connectivity, Microsoft 365 performance, cloud access, carrier contracts, SD-WAN readiness, SASE readiness, documentation or operational ownership.

This is the broader pathway for organisations that need the network position clarified and then acted on. The output should not be a report that sits on a shelf. It should lead to a practical design, implementation plan, carrier decision, firewall uplift, SD-WAN rollout, secure access change or supportable operating model.

Best for unclear network direction, architecture decisions and implementation planningDiscuss your network environment →
The operating view

Network, security and cloud access need to be designed together

Older network designs were often built around predictable paths: offices, data centres, private links and central firewalls. Many environments still carry that structure, but the way organisations operate has changed.

Users work from more places. Applications sit in Microsoft 365, SaaS platforms, Azure, AWS and private infrastructure. Branches need stable cloud access. Firewalls need consistent policy. Remote access needs stronger control. Carrier decisions affect performance, resilience and supportability.

CARRIER UNDERLAYNBN EE · Fibre · 4G / 5G · Satellite · MPLSHead officeBranch and warehouseClinic / project siteRemote and field usersSECURE EDGESD-WANFortiGate firewallSASE · ZTNAPolicy and inspectionMicrosoft 365 · TeamsSaaS platformsAzure · AWSPrivate infrastructureSITES and USERSCLOUD and APPLICATIONS
How Inlight designs the environment: sites and users, through a secure edge, to cloudCarrier underlay chosen per site

Connectivity

Sites, branches, warehouses, clinics, project locations and remote users need the right underlay, failover, routing and visibility.

Security

Firewall policy, segmentation, VPN, ZTNA, SASE, identity and access controls need to match how people and systems actually connect.

Cloud access

Microsoft 365, SaaS, Azure, AWS and private infrastructure need secure and efficient paths, not inherited backhaul or unclear routing.

Capability at a glance

Secure networking with scale, reach and engineering depth

110+
Site SD-WAN rollout
Large-scale SD-WAN deployment experience across distributed locations, with branch connectivity, failover, policy and operational visibility managed as one network.
150+
Sites supported
Experience supporting regional, multi-site and distributed environments where connectivity, security, carriers and cloud access need to work together.
Fortinet
and FortiGate
Firewall, SD-WAN, VPN, FortiManager, FortiAnalyzer and secure edge work across Fortinet environments.
Meraki
Cisco Meraki capability
Cloud-managed network support across switching, wireless, security appliances, visibility and multi-site administration.
Carrier-agnostic network design

Underlay decisions weighed on site criticality, resilience, performance and cost, not one preferred carrier.

SASE and ZTNA planning

Secure access across identity, device posture, VPN replacement and SASE-aligned architecture.

Firewall policy and segmentation

Firewall review, rule hygiene, segmentation, logging and secure edge improvement.

Cloud and Microsoft 365 access paths

Network design built around Microsoft 365, Azure, SaaS and cloud application performance.

Common starting points

Where network pressure usually shows up

A branch that performs poorly, a firewall no one wants to touch, VPN access that has become too broad, or a carrier decision that is about to be renewed without enough context.

01A site or branch performs poorlyManaged SD-WAN

Users experience slow applications, unstable connectivity or inconsistent performance, but the cause may sit across carrier links, routing, firewall policy, Wi-Fi, cloud access or application design.

Best fit: Managed SD-WAN →
02Firewall policy has become hard to trustManaged Firewall

Rules have accumulated over time, VPN access is unclear, logging is weak, firmware is behind or no one is confident that the policy still reflects the business.

Best fit: Managed Firewall →
03VPN access is too broadSASE and Zero Trust Access

Remote users, contractors or administrators may have wider network access than they need, creating exposure that should be reviewed against ZTNA or SASE-aligned access options.

Best fit: SASE and Zero Trust Access →
04Carrier contracts are being renewedManaged SD-WAN

NBN Enterprise Ethernet, business fibre, broadband, 4G/5G, satellite or MPLS decisions should be reviewed against site criticality, application behaviour, failover and cost.

Best fit: Managed SD-WAN →
05SD-WAN is being consideredManaged SD-WAN

The business may need better failover, centralised control, application performance, carrier flexibility or operational visibility across multiple sites.

Best fit: Managed SD-WAN →
06SASE or ZTNA is unclearSASE and Zero Trust Access

The business may know that VPN needs improvement, but not whether the right pathway is ZTNA, SASE, Entra-aligned access, firewall uplift or a staged secure access roadmap.

Best fit: SASE and Zero Trust Access →
Carrier and underlay

Carrier decisions should follow the site requirement, not the other way around

Inlight IT is carrier-agnostic. We do not design secure networks around one preferred carrier product. We assess underlay options against the site, application dependency, performance requirement, recovery expectation and cost position.

That can include NBN Enterprise Ethernet, business fibre, broadband, 4G/5G, satellite, MPLS or a combination. A critical branch, warehouse, clinic, project site or regional office may need a different connectivity model from a small office. We can help source, coordinate and manage carrier services as part of the design and operating model, evaluating availability, eSLA expectations, failover, carrier diversity, contract position and support pathways.

The practical output should be a site-by-site connectivity position: what each location needs, what options are suitable, what should be renewed, what should be replaced and what risks need to be addressed before a contract decision is made.

Key point

Carrier choice is not only a procurement decision. It affects application performance, failover, supportability, security design and the way the network is operated after deployment.

Secure networking is not only a carrier, firewall or SD-WAN decision. It is how the whole business stays connected, protected and accounted for.

How we work

Secure networking is designed around the environment, not the device list

We approach secure networking through the operating environment: how sites connect, how users reach applications, how Microsoft 365 and SaaS traffic flow, how firewalls are governed, how remote access is controlled and how carriers, documentation and escalation work after deployment.

01
Map the operating environment
Review sites, users, applications, firewalls, VPN, cloud paths, carriers, documentation and current ownership.
02
Identify performance and access pressure
Separate carrier issues, routing issues, firewall issues, access issues, Microsoft 365 performance problems and operating gaps.
03
Validate firewall and carrier position
Confirm the current firewall policy, VPN exposure, segmentation, lifecycle position and carrier underlay, so the design starts from the real operating state.
04
Design the secure network pathway
Set the architecture, underlay, security policy, access model, failover position and support approach before implementation.
05
Deploy, document and operate
Document, monitor, manage change, coordinate carriers and keep the network supportable after deployment.
Why Inlight IT

Network engineering across sites, firewalls, carriers and secure access

We are a strong fit where the network needs more than general support. Our work brings engineering depth across SD-WAN, Fortinet, FortiGate firewalls, SASE, ZTNA, VPN replacement, carrier underlays, Microsoft 365 access paths, branch networks and operating documentation.

01

SD-WAN deployment experience

Large-scale SD-WAN deployment and operating experience across distributed sites, branch networks, carrier links, failover and centralised visibility.

02

Fortinet and secure edge depth

FortiGate, FortiManager, FortiAnalyzer, VPN, firewall policy, segmentation and secure edge design.

03

Carrier-agnostic advice

Underlay recommendations based on site requirement, performance, resilience, availability and cost, not one carrier product.

04

SASE and ZTNA planning

Secure access design across identity, device posture, application access, VPN replacement and SASE-aligned architecture.

05

Cloud access context

Network decisions considered against Microsoft 365, SaaS, Azure, AWS, private infrastructure and branch application performance.

06

Operational documentation

Design, deployment, handover, diagrams, escalation paths and support documentation so the network can be operated after change.

Our recent work

Network work across sites, firewalls and secure access

Client mark · case visual
National branch and commercial sites · Staged SD-WAN rollout across every state
Beijer Ref
110+ sites operated as one managed network
Beijer Ref operates a national branch and commercial site environment across Australia, where the network needs reliable site connectivity, centralised visibility, standardised policy and a supportable operating model across many locations. Inlight IT delivered a staged SD-WAN rollout that replaced fragmented site-by-site connectivity with a single managed network: architecture before deployment, staged cutover, validated change, centralised policy, carrier coordination, documentation and ongoing support.
A national SD-WAN environment operated as one network, not a collection of isolated site decisions.
Read the Beijer Ref case study →
Client mark · case visual
Sydney property development · Managed FortiGate firewall deployment
JQZ
A corporate network edge strengthened with a managed FortiGate deployment
JQZ operates a substantial Sydney property development environment across head office, sales suites and project locations, depending on secure access to Microsoft 365, finance systems, project information and consultant collaboration every day. The corporate firewall could not be treated as a simple perimeter appliance: it needed to support secure connectivity, user access, branch and site traffic, VPN requirements, Microsoft 365 performance, threat prevention and ongoing manageability.
A firewall treated as an operating platform, not a perimeter appliance.
Read the JQZ case study →
Common questions

Practical questions about SD-WAN, secure access and network design

What does secure networking mean in practice?

Secure networking means the network is designed and operated around access, performance, resilience and security. It includes sites, users, firewalls, switching, wireless, cloud access, remote access, carrier links and segmentation.

The goal is to make sure people can access the systems they need without creating unnecessary exposure or unmanaged technical risk.

When should a business review its network?

A network review is useful when the business has recurring outages, poor application performance, unclear firewall rules, unreliable site connectivity, weak remote access controls or poor visibility across carriers and devices.

It is also useful before a major change, such as SD-WAN, SASE, cloud migration, firewall replacement, office relocation or contract renewal.

Is SD-WAN the same as SASE?

No. SD-WAN focuses on connectivity, traffic routing, path selection, link resilience and application performance across sites and internet links.

SASE is broader. It combines networking and security controls for users, sites and cloud access, often with stronger identity-aware access and cloud-delivered security.

When should we consider SD-WAN?

SD-WAN is worth considering when the business has multiple sites, unreliable internet links, expensive carrier services, cloud application performance issues or a need for better failover.

The decision should be based on site criticality, application behaviour, carrier options, security requirements and the operational model, not just on replacing one network product with another.

The business case should compare performance, resilience, carrier flexibility, application behaviour, security policy and operational visibility, not only monthly link cost.

Should we replace MPLS with SD-WAN?

Not automatically. MPLS may still be suitable for some environments, especially where specific latency, private connectivity or performance requirements exist.

Many businesses now use SD-WAN to combine multiple links, improve resilience and support cloud access more flexibly. The right answer depends on the sites, workloads, carriers and risk profile.

Do we need ZTNA if we already have VPN?

Possibly. VPN can still be suitable for some use cases, but it often provides broader network access than the user actually needs.

ZTNA can provide more controlled access to specific applications or resources based on identity, device posture and policy. It is especially useful where remote access needs to become more secure and less network-wide.

A good ZTNA decision should consider identity, device posture, application dependency, user groups, administrator access and whether the existing VPN exposes more of the network than necessary.

When does a firewall review make sense?

A firewall review makes sense when rules have accumulated over time, remote access is unclear, logging is weak, firmware is outdated, segmentation is poor or no one is confident that the policy set still reflects the business.

The review should look at exposure, access paths, admin controls, VPN or ZTNA configuration, rule hygiene, logging and whether the firewall still supports the current environment.

For Fortinet environments, the review may also consider FortiManager, FortiAnalyzer, VPN configuration, lifecycle position, logging, segmentation and whether firewall policy is still supportable.

What does a Network Review cover?

A Network Review can cover site connectivity, carrier links, firewalls, routing, switching, wireless, remote access, segmentation, SD-WAN readiness, cloud access, monitoring, resilience and documentation.

The output should show what is working, what is fragile, what is risky and what should be improved before the next major outage, renewal or project.

Work with Inlight IT

Build a more reliable and secure network position

Tell us what is happening across sites, firewalls, carriers or remote access — we will find the starting point.

Prefer email? contact@inlightit.com.au