Universal Mental Health Services Eliminates Branch Firewalls


Universal Mental Health Services Eliminates Branch Firewalls

Branch Appliance Elimination
Simple Network Automation


UMHS network was originally designed to have all 12 branches connected via MPLS and backhauling to a primary datacenter with one central firewall. However, after the process began, UMHS realized that MPLS was too expensive to deploy in all locations. Additionally, some locations were outside of the MPLS provider’s service area. This then forced the organization to connect 5 branches via SonicWALL Firewalls with site-to-site VPN’s. This resulted in a mesh of two network architectures that were more complex to run and manage.

Running this environment proved to be challenging, especially due to the burdens of updating the hardware and maintaining firewall software. It was labor intensive and updates didn’t always go smoothly. “Specifically I remember updating the firmware on some devices that caused us to lose connectivity. This created a disruption in our record keeping as our branches send key reports directly to our headquarters. Employees generally scan records using copiers, and those records are then stored directly into the appropriate folder at corporate. Additionally, because we deal with sensitive issues like abuse and drug use, employees need free access to internet resources. Policy management was difficult because SonicWALL does not offer agile options to balance the blocking of banned websites while still providing access to necessary information.”


UMHS came across Cato opportunistically. “I was at an industry event, and there was a quite a bit of excitement around Cato’s booth and its services. I decided to visit the booth to see what the buzz was all about.” After a thorough review of the services, UMHS selected Cato to replace all of its SonicWall Firewalls.

The first step was to establish an IPSEC tunnel to Cato from the datacenter firewall. Then, each branch location had a Cato Socket replace the SonicWalls firewalls.

Now connected to the Cato network, UMHS has eliminated connectivity issues, saved money and simplified its policy management. Cato protects all connected locations and seamlessly scales to secure all traffic, without the need for unplanned hardware upgrades and resource-intensive software patches. It also coexists with the MPLS-based network.

UMHS on Cato Cloud

As a healthcare organization, security and agility are two of the biggest drivers when it comes to providing good customer service. With Cato, UMHS is now armed with the ability to clearly see all network traffic and application usage, create policies and enforce them across all branches, and identify security gaps and policy violations. Cato has given the organization a completely new perspective on how easy network security can be.

Future Plans

UMHS is so satisfied with the decision to switch its firewalls to Cato that it plans to migrate all locations using MPLS as soon as their contracts expire. A cost analysis done by the organization shows that this change will save thousands of dollars by having all of its 13 locations connected to the Cato Cloud.