The document outlines Mondi Group's transformation from a legacy hub-and-spoke network to a modern direct-to-cloud architecture, showcasing the deployment of local internet breakouts across over 100 locations. It highlights the benefits of this transition, including cost savings and improved user experience, while emphasizing the integration of security into network transformation. The presentation serves as a guide for organizations considering similar changes, offering best practices and considerations for successful implementation.

1. ©2019 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION0
Secure network transformation:
How I transformed a global
network and survived!
WEBINARS

2. ©2019 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION1
About the Speakers
Thomas Vavra
Manager Communication Networks
Mondi Group
Naresh Kumar
Principal Product Manager
Zscaler Inc

3. ©2019 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION2
This presentation has been prepared by Zscaler Inc. (“Zscaler”) for informational purposes only and not for any other purpose. Nothing
contained in this presentation is, or should be construed as, a recommendation, promise or representation by the presenter or Zscaler
or any officer, director, employee, agent or advisor of Zscaler. This presentation does not purport to be all-inclusive or to contain all of
the information you may desire. Information provided in this presentation speaks only as of the date hereof. Zscaler assumes no
obligation to update any information or statement after the date of this presentation as a result of new information, subsequent events,
or any other circumstances.
This presentation includes express and implied “forward-looking statements” within the meaning of the Private Securities Litigation
Reform Act of 1995. In some cases, you can identify forward-looking statements by terms such as “anticipate,” “believe,” “estimate,”
“expect,” “intend,” “may,” “might,” “plan,” “project,” “will,” “would,” “should,” “could,” “can,” “predict,” “potential,” “continue,” or the
negative of these terms, and similar expressions intended to identify forward-looking statements. However, not all forward-looking
statements contain these identifying words. These statements may relate to our future financial performance, strategic plans or
objectives, revenues or earnings projections, or other financial items. By their nature, these statements are subject to numerous
uncertainties, including factors beyond our control, that could cause actual results, performance or achievement to differ materially and
adversely from those anticipated or implied in the statements. You should not rely upon forward-looking statements as predictions of
future events. Although our management believes that the expectations reflected in our statements are reasonable, we cannot
guarantee that the future results, levels of activity, performance or events and circumstances described in the forward-looking
statements will be achieved or occur. Moreover, neither we, nor any other person, assumes responsibility for the accuracy and
completeness of these statements. Recipients are cautioned not to place undue reliance on these forward-looking statements, which
speak only as of the date such statements are made and should not be construed as statements of fact. Except to the extent required
by federal securities laws, we undertake no obligation to update these forward-looking statements to reflect events or circumstances
after the date hereof, or to reflect the occurrence of unanticipated events.
Safe Harbor

4. Forward-looking statements disclaimer
This document includes forward-looking statements. All statements other than statements of historical facts included herein, including, without limitation, those regarding Mondi’s financial position, business strategy, market growth
and developments, expectations of growth and profitability and plans and objectives of management for future operations, are forward-looking statements. Forward-looking statements are sometimes identified by the use of forward-
looking terminology such as ‘believe’, ‘expects’, ‘may’, ‘will’, ‘could’, ‘should’, ‘shall’, ‘risk’, ‘intends’, ‘estimates’, ‘aims’, ‘plans’, ‘predicts’, ‘continues’, ‘assumes’, ‘positioned’ or ‘anticipates’ or the negative thereof, other variations
thereon or comparable terminology. Such forward-looking statements involve known and unknown risks, uncertainties and other factors which may cause the actual results, performance or achievements of Mondi, or industry
results, to be materially different from any future results, performance or achievements expressed or implied by such forward-looking statements. Such forward-looking statements and other statements contained in this document
regarding matters that are not historical facts involve predictions and are based on numerous assumptions regarding Mondi’s present and future business strategies and the environment in which Mondi will operate in the future.
These forward-looking statements speak only as of the date on which they are made.
No assurance can be given that such future results will be achieved; various factors could cause actual future results, performance or events to differ materially from those described in these statements. Such factors include in
particular but without any limitation: (1) operating factors, such as continued success of manufacturing activities and the achievement of efficiencies therein, continued success of product development plans and targets, changes in
the degree of protection created by Mondi’s patents and other intellectual property rights and the availability of capital on acceptable terms; (2) industry conditions, such as strength of product demand, intensity of competition,
prevailing and future global market prices for Mondi’s products and raw materials and the pricing pressures thereto, financial condition of the customers, suppliers and the competitors of Mondi and potential introduction of
competing products and technologies by competitors; and (3) general economic conditions, such as rates of economic growth in Mondi’s principal geographical markets or fluctuations of exchange rates and interest rates.
Mondi expressly disclaims
a) any warranty or liability as to accuracy or completeness of the information provided herein; and
b) any obligation or undertaking to review or confirm analysts’ expectations or estimates or to update any forward-looking statements to reflect any change in Mondi’s expectations
or any events that occur or circumstances that arise after the date of making any forward-looking statements,
unless required to do so by applicable law or any regulatory body applicable to Mondi, including the JSE Limited and the LSE.
August 2018 3

5. ©2019 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION4
Agenda
A Transformation Journey
• A real-world example of how Mondi Group transformed from a
legacy hub-and-spoke network to a modern direct-to-cloud
architecture that enables them to manage over 100 locations and
rapidly onboard new acquisitions
The Best Approach
• How to successfully deploy local internet breakouts on a global
scale to provide application access to branch offices with a future-
proof network & security architecture
• How you can decentralize internet access, simplify IT administration
and deliver consistent security for all users in all locations

6. ©2018 Zscaler, Inc. All rights reserved. / Confidential
5
More than 100,000 solutions for our customers
Group offices in Johannesburg, London and Vienna
FTSE4Good Index Series
JSE’s Socially Responsible Investment Index
26,000 employees
Over 100 operations across more than 30 countries
2.4M hectares of forest managed
Primary listing on the JSE
Limited for Mondi Limited
Premium listing on the London
Stock Exchange for Mondi plc
Mondi is a global leader in packaging and paper

7. ©2018 Zscaler, Inc. All rights reserved. / Confidential
Key
Consumer Packaging: 30 sites in 12 countries
Uncoated Fine Paper: 6 sites in 4 countries
Fibre Packaging / Paper: 10 sites in 10 countries
Fibre Packaging / Converting: 61 sites in 25 countries
Our global footprint
We operate locally with more than 100 operations in over 30 countries.
Groupoffices
Johannesburg
London
Vienna
Productionsites
Austria
Belgium
Bulgaria
China
Côte d’Ivoire
Czech Republic
France
Germany
Hungary
Iraq
Italy
Jordan
Lebanon
Malaysia
Mexico
Morocco
Netherlands
Oman
Poland
Russia
Serbia
Slovakia
SouthAfrica
Spain
Sweden
Thailand
Turkey
Ukraine
UK
US
Egypt
Finland
SouthKorea

8. ©2019 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION7
Full security stack as a service
How Mondi’s
transformation journey
began…and tips for
your journey

9. ©2018 Zscaler, Inc. All rights reserved. / Confidential
Mondi’s starting point
Centralized Internet access
One homogeneous policy
Massive bandwidth demand
Regionalization pressure
Only IP Firewall on old
Checkpoint infrastructure

10. ©2018 Zscaler, Inc. All rights reserved. / Confidential
London airspace
Even the best
plans often
result in
alternate
realities
PLAN REALITY

11. ©2018 Zscaler, Inc. All rights reserved. / Confidential
Classical stack transition
Zscaler Cloud Firewall
Zscaler Bandwidth Control
Zscaler Internet Access with
Zscaler Cloud Sandbox
Zscaler Cloud DLP
NG Firewall
Bandwidth Assignment
Proxy, Virus Scanning,
and Sandboxing
DLP Solution
Zscaler Private AccessRemote Access

12. Identifyingdefault routes
11
SaaS Open internet IaaS
Internet
Regional office Remote and branch office Data center
MPLS
Regional Firewall
SaaS Open internet IaaS
Internet
Regional office Remote and branch office Data center
MPLS
NO Firewall
SaaS Open internet IaaS
Internet
Regional office Remote and branch office Data center
MPLS
Central Firewall
SaaS Open internet IaaS
Regional office Remote and branch office Data center
MPLS Internet
Per Site Firewall

13. ● Network to network migration
- SD-WAN implemented at same time
- Old network phased out on per-site basis
● In-situ migration
- Current infrastructure is upgraded by adding breakouts
- Existing hardware is phased out after rollout
Migration options
12
Implemented SD-WAN along with Zscaler Cloud Firewall

14. ©2018 Zscaler, Inc. All rights reserved. / Confidential
Site A Site B
Open
internet
SaaS
Data Center
Internet
MPLS MPLS
Internet
MPLS
Mondi CFW
Outbound Rules
Mondi’s network and internet structure
Zscaler Direct to Cloud
For all outbound internet
MPLS Redundancy
Failover for Site A and B

15. 14
06/2016
First sites
online
04/2018
100%
completion
10/2015 11/2017 2018/19
Project start
95%
complete
Organic
growth
Timeline

16. ©2019 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION15
Full security stack as a service
Best practices and
challenges when
securely transforming
your global network

17. • Partner VPN connections
• Remote access
• FW exceptions (Blocks, special & default rules)
• Authentication Strategy
• Proxys (forward and reverse)
• Middlewares
• Published Websites
• Virus scanner/IDS/IPS/DLP... devices
Identify pain points

18. ● GRE tunnels
o Best method
o It’s internet traffic only anyway
o Use two per device to different data centers
● IPSec tunnels
o Used on Firewall and non-Cisco devices
o Many different implementations of IPSec
● .PAC files (DON’T)
Identify access methods
17

19. 1. Acquire desired licenses from Zscaler
2. Create copy of analysed current FW rule base on Zscaler
3. Create bandwidth, virus scanner, DLP and application
policy on Zscaler (start with minimum!)
4. Segregate default route surf traffic from "pain traffic"
5. Migrate authentication strategy (or go unauthenticated)
6. Move first site default route
7. (Fall-back)
8. Adapt Zscaler policy
9. Iterate with next site
Migration best practices

20. Connect new sites post-acquisition to Zscaler
Permit-any policy
Enable Advanced Threat, Malware and
Sandboxing
Generate actionable results
Adopt policy to new site
Fully integrate site into network
Acquisition strategy

21. ©2019 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION20
FW / IPS
URL Filter
Antivirus
DLP
SSL
Sandbox
Global LB
DDoS
Ext. FW/IPS
RAS (VPN)
Internal FW
Internal LB
Internet & VPN Gateway
SaaS Open Internet
HQMOBILE
BRANCHIOT
IaaS
Zscaler enables secure IT transformation to the cloud
Securely connect the right user to the right app – Eliminate the branch network challenge
Better User Experience Reduced Business Risk Business Agility Lower TCO Competitive Advantage
APP ACCESS TRANSFORMATION
DATA CENTER CLOUD (SAAS/IAAS)
SECURITY TRANSFORMATION
USER AND DATA SECURITYNETWORK SECURITY
NETWORK TRANSFORMATION
HUB AND SPOKE DIRECT-TO-CLOUD

22. ©2019 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION21
Benefits
Fast scalable security on
ANY Internet cable
Transformation journey - summary
You can’t transform your network without transforming security.
Zscaler provides the best way to secure SD-WAN
1
Cost Savings
50% of MPLS cost and
drastically better
user experience
Cost Avoidance
Not rolling out 250+ firewalls
no patching, version and
HW changes… do the math!
2
Secure local internet breakouts are essential for supporting
cloud apps and mobile users
3
Keep your acquisition and growth strategy in mind when
planning your transformation

23. In an open forum with Zscaler
employees, partners, & customersENGAGE
SHARE Your knowledge and learn
from experts in cloud security
The conversation at
community.zscaler.comJOIN

24. ©2019 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION23
Securing the cloud enabled
branch – SD-WAN eBook
zscaler.com/sd-wan
Learn more about Zscaler, SD-Wan and Branch Transformation
Thank You!
Questions and Next Steps
Other Webinars
zscaler.com > resources > webinars and live demos
Solving the secure
SD-WAN paradox
The Definitive Guide to Branch
Transformation - Whitepaper
zscaler.com/transform
The secure, direct-
to-internet branch
Thomas Vavra
Manager Communication Networks
thomas.vavra@mondigroup.com
Naresh Kumar
Principal Product Manager
nkumar@zscaler.com