Global Retail · Apparel Conglomerate
Three continents, one firewall program
A global apparel corporation ran seven engagements with our team over three years under our Resident Engineering model — new datacenter firewall deployments in Europe, a Hong Kong datacenter decommission, security support for major ERP and middleware migrations, and the pivot from appliance firewalls to cloud-native and NaaS architectures. One chartered relationship, re-aimed as the business moved.
North America, Europe, and Asia-Pacific engagements
From hardware cutover to Terraform-deployed cloud firewalls
Design reviews, deployment, cutover, and hypercare
The challenge
Where things stood
A global enterprise mid-transformation: aging Check Point estates in regional datacenters, a Hong Kong facility slated for decommission, business-critical ERP and supply-chain platforms (SAP, JDA→Blue Yonder, MuleSoft) migrating — each move carrying firewall and traffic-flow consequences — and a strategic shift toward cloud-native and network-as-a-service architectures.
Every change had to land without disrupting operations across global time zones, and internal teams needed to own the result — not inherit a black box.
What we did
The engagement
European datacenter refresh
New enterprise-class Check Point hardware deployed across two EU datacenters: installation QA, policy creation for the new estate, cutover from legacy internal firewalls, and a defined hypercare window — 288 engineering hours from documentation to steady state.
Asia-Pacific consolidation
Hong Kong datacenter decommissioned with its Check Point firewall cluster integrated into the regional hub — discovery, planned decommission, cluster integration, failover testing, and hypercare.
Business-platform migration security
An HLD review-and-approval pipeline governed every change: SAP program support in China, JDA-to-Blue Yonder supply-chain migration, and F5/Check Point ownership through a MuleSoft-to-CloudHub transition — Tier-3 support throughout.
The cloud-native pivot
Check Point virtual appliances replaced with Azure Firewall Premium, deployed and templated in Terraform for repeatability. In parallel, Palo Alto firewalls designed into an Alkira NaaS architecture — multi-zone design, rule migration, validation with infrastructure teams, and knowledge transfer so internal staff could own configuration going forward.
The outcome
Where things landed
- Datacenter estate modernized on schedule across three continents with no unplanned production disruption attributed to the firewall program.
- The firewall layer stopped being a blocker for business-platform migrations — security review became a pipeline, not a bottleneck.
- Internal teams took ownership of cloud-native firewall management through deliberate knowledge transfer and infrastructure-as-code templates.
Client identity withheld by design — the same confidentiality we extend to every engagement. Scope, figures, and outcomes are drawn directly from the delivered statements of work.
Want an outcome like this one?
Every engagement starts with a 45-minute scoping call. Straight questions, no pitch deck.
Explore