IT Security with Fortinet

Why IT security falls short in most mid-sized organizations

You have a firewall. Maybe even a good one. But who’s actually taking care of it?

In many organizations with 30 to 300 employees, the reality looks like this: the firewall was set up years ago, updates come irregularly, VPN connections have grown over time, and nobody has a complete picture of what’s actually allowed and what isn’t.

It works — until it doesn’t.

Typical risks we find at new clients:

• Outdated firmware — known vulnerabilities that should have been patched months ago.
• No segmentation — all devices in the same network. One compromised workstation is enough.
• SSL-VPN without two-factor authentication — convenient, but an open barn door.
• No email protection beyond Microsoft — phishing remains the number one attack vector.
• No centralized management — with multiple locations, every firewall is configured individually. Mistakes are inevitable.
• Admins with Domain Admin privileges on their regular workstation — highly privileged access without isolation. One phishing click, and the attacker has the keys to the entire network.

If any of this sounds familiar, you’re not alone. And it’s solvable.

Security infrastructure with Fortinet — from a single source

We work with Fortinet because the product portfolio covers everything a mid-sized organization needs — and because the systems work together instead of operating in silos. As an NSE-certified partner, we plan and operate the entire security architecture.

FortiGate — Firewalls & Network Security

The foundation. FortiGate firewalls protect your network at the perimeter and segment internally. We size them to fit your environment — from a compact appliance for a single location to a high-availability cluster for critical infrastructure.

• Next-Generation Firewall with intrusion prevention, application control, and deep inspection.
• SD-WAN — intelligent routing across multiple internet connections, saving costs and increasing availability.
• IPsec VPN & ZTNA — secure remote access, with or without traditional VPN.
• High availability — HA clusters for mission-critical environments.

FortiMail — Email Security

Email remains the most common attack vector. FortiMail intercepts phishing, malware, and spam before they reach your employees’ inboxes — regardless of whether you use Exchange, Microsoft 365, or another mail server.

• Multi-layered detection — sandboxing, signature checking, behavioral analysis.
• Protection against CEO fraud and spear phishing — the attacks that slip past standard spam filters.
• Easy integration into existing mail infrastructure, as a gateway or inline.

FortiSASE — Secure Access, Everywhere

Your employees don’t just work in the office. FortiSASE gives them secure, stable access to company resources — without the complexity and vulnerabilities of traditional VPN infrastructure.

• Cloud-based Secure Access — stable and performant, regardless of location.
• Consistent security policies — whether in the office, at home, or on the road.
• Integrated into the Fortinet Security Fabric — works seamlessly with FortiGate and FortiManager.

FortiManager & FortiAnalyzer — Centralized Management

Once you have more than a handful of firewalls, centralized management is no longer optional — it’s necessary. FortiManager consolidates configuration, updates, and policies. FortiAnalyzer delivers the reports and logs you need for compliance and troubleshooting.

In our managed service projects, we run FortiManager and FortiAnalyzer for our clients — you benefit from centralized management without having to maintain it yourself.

FortiPAM — Privileged Access Management

In many organizations, IT administrators work with highly privileged accounts on the same workstation where they read emails and browse the internet. This is one of the biggest security risks out there — and it’s widespread.

FortiPAM creates a controlled jumphost environment for privileged access: admin sessions run in isolation, are recorded, and are fully traceable at all times.

• Isolated admin access — privileged sessions separated from the regular workstation.
• Session recording & audit trail — every admin action documented, for compliance and accountability.
• Integrated into the Fortinet Security Fabric — works with FortiGate and FortiManager, no additional silo.

Especially in environments with Active Directory and multiple administrators, this isn’t a luxury — it’s a fundamental prerequisite for proper IT security.

From planning to ongoing operations

We don’t just sell hardware. We make sure your security infrastructure fits your organization — today and three years from now.

Planning & Architecture

We analyze your current environment, identify vulnerabilities, and design an architecture that fits your size, your locations, and your requirements. Whether BSI IT-Grundschutz (Germany’s federal security baseline), industry-specific regulations, or simply common sense — we plan what makes sense.

Delivery & Deployment

Hardware, licenses, configuration, migration — all from a single source. We set up, document, and train your team if desired.

Ongoing Operations (optional)

If you don’t want to — or can’t — handle management yourself, we operate your Fortinet infrastructure on an ongoing basis. Firmware updates, rule changes, monitoring, troubleshooting — through our MSP FortiManager.

You decide how much you want to hand off. Some clients want full control with occasional support. Others don’t want to think about it at all. Both are perfectly fine.

Why Fortinet from Nexilon?

• NSE-certified — deep expertise across the entire Fortinet portfolio, from FortiGate to FortiMail to FortiSASE.
• Experience with complex environments — multi-tier architectures, BSI-compliant designs, multi-site deployments with centralized management.
• Managed Security as an option — we operate your infrastructure through our MSP FortiManager when you don’t want to handle it yourself.
• Dedicated contact person — a small team that knows your environment. Reachable outside normal business hours.
• 12+ years of IT experience — with a background in security services, network planning, and IT leadership.
• Based in Germany. Available remotely — and on-site when the project requires it.

Who we implement IT security with Fortinet for

• Mid-sized organizations (30–300 employees) that take security seriously but don’t have a dedicated security team.
• Municipalities and public-sector organizations that need to implement BSI IT-Grundschutz and want a partner who understands the requirements.
• Utilities and critical infrastructure operators whose systems must be available and resilient.
• Organizations with multiple locations that need a unified, centrally managed security concept.
• Organizations that want to give their employees secure remote access — without the maintenance burden of traditional VPN solutions.