case study

Fortune 500 Transaction Processor Tames a 35,000-Device Network – and Saves $500K

Before implementing Forward Enterprise, engineers spent two hours or more determining which of five different mixed-vendor firewall tiers required an update for a single request, and they spent four to six hours per day tracing routes.

Download PDF Read the Case Study

Who should read?

What is covered in this content? Why is this content important?

650 Group recently spoke with IT leadership at a global transaction-processing company that handles nearly one billion electronic payments annually. The Fortune 500 firm employs more than 50,000 people, serves over one million customers, and relies on approximately 35,000 switches, routers, and security devices spread across data centers and cloud environments.

What makes the environment unusually difficult is 15 years of "design sprawl." Over that period, IT leadership has turned over roughly every three years—each new regime introducing fresh vendors and architectures without fully decommissioning existing systems. Layers of Cisco and Arista switching sit alongside multiple generations of Palo Alto and Fortinet firewalls, with recent expansions into AWS and Cisco ACI. Routine network changes—particularly updates to firewall rules—had become increasingly slow and complex.

Streamlining Firewall Change Management Saves $500K.

Before implementing Forward Enterprise, engineers spent two hours or more determining which of five different mixed-vendor firewall tiers required an update for a single request, and they spent four to six hours per day tracing routes. This manual updating process resulted in a significant backlog, which negatively impacted the business. Now, an internal request form triggers an API call to the Forward Enterprise network digital twin, instantly mapping the exact path and the precise devices involved. What once took hours now takes about five minutes.

“Forward Networks has dug us out of a hole.”

That speed is matched by confidence: engineers can preview every change in the twin before it touches production. Before implementation, misconfigured changes had led to partial outages that lasted as long as 20 hours in one instance; based on the firm's revenue run rate, similar downtime could delay or miss as much as $9 million in transactions. With pre-change validation in place, post-change window outages have virtually disappeared.

The company's lead engineer put it plainly: Forward Networks "has dug us out of a hole." 650 Group estimates the resulting labor savings at about $500,000 per year, calculated from analyst-level salaries and the manual effort previously required for each firewall change. Perhaps more importantly, engineers are freed from routine maintenance tasks to work on projects with higher strategic value.

Simplifying ACI Implementation

Although the company initially implemented Forward Enterprise to address firewall complexity, it found additional use cases that drove even more value. The company's move to Cisco ACI introduced contract-based segmentation, which required additional policy checks before traffic could even reach a firewall. A single request now involved both security engineers and the small ACI team, multiplying the touchpoints for each change.

“Without FN, it would be unable to maintain its ACI- based network, as it frequently makes route changes due to the numerous customers and partners that require regular updates.”

Without Forward Networks, the team states, "ACI was a challenge to figure out flows and routing, especially early on." Forward Networks plays a crucial role in supporting the ACI-based infrastructure, according to the team. Because ACI incorporated contracts into the routing space, there was an added layer of complexity: the ACI contract plus the physical firewall. Resolving requests now required examining the ACI contract and everything else along the string, multiplying the points of analysis for the firewall engineers and increasing the time required. Using Forward Enterprise, they can easily see if the path is clear all the way through.

See why industry leaders use Forward Enterprise's digital twin to gain unparalleled visibility into complex multi-vendor networks, automate compliance checks, and prevent costly downtime.
Tour the entire platform in 14 minutes.

Watch the Instant Demo

Beyond Change Control

Forward's digital-twin model is now consulted by nearly 200 staff across network, security, and governance teams for tasks ranging from pre- and post-change validation to hardware lifecycle budgeting. Weekly automated discovery flags any devices absent from the firm's monitoring system, providing leadership with a continually accurate inventory and a five-year replacement forecast.

Results at a Glance

Operational efficiency: Firewall-rule analysis cut from up to two hours to five minutes.
Hard-cost avoidance: $1.5 million saved by stabilizing, rather than rolling back the ACI fabric.
Scalable governance: 167 users leverage the same data model for security audits, budget planning, and cloud-

Conclusion

Forward Networks has delivered measurable value to this Fortune 500 transaction processor by reducing operational overhead, eliminating manual configuration risk, and helping the company avoid a costly network overhaul. What began as a tactical solution for firewall rule complexity has evolved into a foundational platform for change control, inventory visibility, and governance across a sprawling, multi-vendor infrastructure.

As one senior executive put it, the impact has been so significant that he "wouldn't go to another company without Forward Networks."

4.7 - from 33 Gartner Ratings

"The overall experience has been phenomenal, from onboarding the application in the environment to the timely and concise response from the Forward team about any questions we raise. The Forward team has been super helpful throughout this whole experience."

Request a personalized tour