Managed Firewall
I. DESCRIPTION OF SERVICE: Managed Firewall is a managed security service which provides firewall configuration, administration, monitoring, report generation, support, and (if elected by Customer) on-site installation and the use of a firewall system consisting of firewall equipment and related software (collectively, the Firewall System) owned, maintained and supported by Company for Customers with Internet access. Two types of Managed Firewall are available, Managed Enterprise Firewall, for Customers with Internet Dedicated Services or Customer-provided dedicated Internet access with bandwidth of T1 or greater, and Managed Business Firewall, for Internet Dedicate Access Services or Customer-provided dedicated Internet access with bandwidth up to a maximum of T1. Except where explicitly stated otherwise, the following description of service and conditions of service apply to both Managed Enterprise Firewall and Managed Business Firewall.
1. Managed Firewall provides the following:
1.1 Installation. Before installation, Customer must complete and provide the appropriate, current configuration form at https://intermanage.mci.com; (a) for Enterprise package(s), the Managed Enterprise Firewall Configuration web form; (b) for Business package(s), the Managed Business Firewall Configuration Wizard.
1.2 Configuration. Company will configure Managed Firewall in accordance with Customers configuration submission. Customer is responsible for confirming that its Firewall System is configured in accordance with Customers preferences prior to and after activation of Managed Firewall.
1.3 Firewall Administration. After installation and upon Customer request, Company will administer the Firewall System (e.g., add or delete user accounts, modify firewall rules, update network configuration).
1.3.1 Managed Enterprise Firewall allows unlimited administration of the Firewall System.
1.3.2 Managed Business Firewall allows Customer to make one firewall policy rule change each monthly period without incurring an additional charge. A charge will apply for each subsequent policy rule change during any monthly period, to be billed on the next available invoice after the change has been completed.
1.4 Monitoring. Company monitors the CPU utilization of Customers Firewall System on a 7 x 24 basis.
1.5 Reports. Company provides daily usage reports for Customers Firewall System at https://intermanage.mci.com.
1.6 URL Blocking. Managed Firewall provides Customer category-defined URL blocking utilizing the SurfControl database. The service includes SurfControl reporting available at https://intermanage.mci.com.
1.7 Configuration Backups. Company maintains backups of Customers Firewall System configuration and regularly stores such backups at a remote location.
1.8 Support and Maintenance. Company remotely installs Firewall System patches, bug fixes, and software upgrades when approved for general distribution to Company Customers. In the event of Firewall System failure, Company may either dispatch a technician to repair the Firewall System at Customers site or replace the Firewall System with one of comparable or better functionality, as follows: (a) if a Firewall System failure is discovered during Company's normal business hours, Company will make commercially reasonable efforts to ship a replacement Firewall System or component thereof to Customer by the close of that business day; and (b) if the Firewall System failure is discovered outside Company's normal business hours, Company will make commercially reasonable efforts to ship a replacement Firewall System or component thereof to Customer by the end of the next business day.
1.9 Managed Enterprise Firewall Security Scan. Company performs a security scan on Customers Managed Enterprise Firewall once each year at Customers request. Managed Business Firewall does not include a security scan.
2. Extranet VPN Configuration. At Customers request, Company will configure Customers Firewall System to allow a VPN (Virtual Private Network) to be established between Customer and a third-partys VPN device (Extranet VPN). The third partys VPN device need not be provided or managed by Company but must be ICSA Labs-certified for IPSec compliance. Company will provide Customer with the configuration information relating to Customers Firewall System needed for the third-party to configure its VPN device accordingly. Company makes no representations or warranty of any kind relating to the Extranet VPN and is not responsible for its security or functioning. Company will not manage, monitor, administer, report on, or support the Extranet VPN except as explicitly stated in this section. Customer understands that changes to Companys Managed Firewall service may affect the Extranet VPN and that it is Customers responsibility to make appropriate arrangements regarding the third-partys VPN device to enable the Extranet VPN to function.
3. Option Packages. The following option packages are available. High Availability indicates firewall option packages, which may be ordered in addition to the base firewall, to operate only if the base firewall fails.
3.1 Managed Enterprise Firewall Option Packages.
3.1.1 Managed Enterprise Firewall Option Package #1. The following hardware options are included: Nokia IP 130 workstation, Check PointTM VPN-1 Gateway TM 250 User License, Encryption Module and Enterprise Edition Service. Customer can also obtain an Option Package #1 High Availability for additional charges.
3.1.2 Managed Enterprise Firewall Option Package #2. The following hardware options are included: Nokia IP 350 workstation, Check PointTM VPN-1 Gateway TM 250 User License, Encryption Module and Enterprise Edition Service. Customer can also obtain an Option Package #2 High Availability for additional charges.
3.1.3 Managed Enterprise Firewall Option Package #3. The following hardware options are included: Nokia IP 380 workstation, Check PointTM VPN-1 Gateway TM 250 User License, Encryption Module and Enterprise Edition Service. Customer can also obtain an Option Package #3 High Availability for additional charges.
3.1.4 Managed Enterprise Firewall Option Package #4. The following hardware options are included: Nokia IP 740 workstation, Check PointTM VPN-1 Gateway TM 250 User License, Encryption Module and Enterprise Edition Service. Customer can also obtain an Option Package #4 High Availability for additional charges.
3.1.5 Managed Enterprise Firewall Option Package #5. The following hardware options are included: Nokia IP 130 workstation, Check PointTM VPN-1 Gateway TM Unlimited User License, Encryption Module and Enterprise Edition Service. Customer can also obtain an Option Package #5 High Availability for additional charges.
3.1.6 Managed Enterprise Firewall Option Package #6. The following hardware options are included: Nokia IP 350 workstation, Check PointTM VPN-1 Gateway TM Unlimited User License, Encryption Module and Enterprise Edition Service. Customer can also obtain an Option Package #6 High Availability for additional charges.
3.1.7 Managed Enterprise Firewall Option Package #7. The following hardware options are included: Nokia IP 380 workstation, Check PointTM VPN-1 Gateway TM Unlimited User License, Encryption Module and Enterprise Edition Service. Customer can also obtain an Option Package #7 High Availability for additional charges.
3.1.8 Managed Enterprise Firewall Option Package #8. The following hardware options are included: Nokia IP 740 workstation, Check PointTM VPN-1 Gateway TM Unlimited User License, Encryption Module and Enterprise Edition Service. Customer can also obtain an Option Package #8 High Availability for additional charges.
3.2 Managed Business Firewall.
3.2.1 Managed Enterprise Firewall Option Package #1. The following hardware options are included: Nokia IP 130 workstation, Check PointTM VPN-1 Gateway TM 50 User License, Encryption Module and Business Class Service. Customer can also obtain an Option Package #1 High Availability for additional charges.
3.2.2 Managed Enterprise Firewall Option Package #2. The following hardware options are included: Nokia IP 130 workstation, Check PointTM VPN-1 Gateway TM 100 User License, Encryption Module and Business Class Service. Customer can also obtain an Option Package #2 High Availability for additional charges.
II. DEFINITIONS: In addition to the Online Definitions, the following definitions also apply:
III. FEATURES AND OPTIONS
1. On-site Installation Assistance. On-site installation assistance is not included. For an additional charge, Customer may request that an Company engineer spend one day on-site with Customer assisting in the installation and testing of the Firewall System
2. Optional Package Components. The following optional components are available for an additional charge:
2.1 The following optional option package components are available for Managed Enterprise Firewall and Managed Business Firewall: Check Point Secure Client 25-User License. The following optional option package components are available for Managed Business Firewall: Check Point Secure Client 100-User License, Check Point Secure Client 500-User License, and Check Point Secure Client 1,000-User License.
2.2 A Dual Port GigE Ethernet Card is available only with IP740 Option Packages (Card).
IV. RATES AND CHARGES: In addition to the rates and charges for Managed Firewall found in Customers Service Agreement or related attachments, the following apply:
V. TERMS AND CONDITIONS: In addition to the Online Master Terms - Terms and Conditions of Service, the following terms and conditions apply:
1. Service Term Commitment. Each order of Managed Firewall is subject to a one-year minimum term commitment.
2. Geographical Scope. Managed Firewall provisions apply only to Customers incorporated in the U.S. Mainland under a Service Agreement governed by the law of one of the U.S. Mainland states. Firewall Systems may not be located outside of the U.S. Mainland.
3. Customer Obligations. Customer shall comply with all obligations set forth herein and in Customers Service Attachment and related Service Agreement, including all obligations set forth in any end user software licenses for software provided by Company. Customer acknowledges that it is not relying on any representations or warranties made by a manufacturer except for those warranties expressly made in a software end user license agreement (if applicable to Customer). It is Customers obligation to remove the Card upon termination or expiration of this Service.
4. Disclaimer. MANAGED FIREWALL AND THE FIREWALL SYSTEM ARE PROVIDED AS IS. COMPANYS ENTIRE LIABILITY AND CUSTOMERS SOLE AND EXCLUSIVE REMEDIES REGARDING MANAGED FIREWALL AND THE FIREWALL SYSTEM ARE EITHER: (A) SET FORTH IN SECTION IV LABELED SERVICE LEVEL AGREEMENT OR (B) TO HAVE COMPANY REPAIR OR REPLACE ANY COMPANY-PROVIDED FIREWALL SYSTEM IF IT IS DEFECTIVE. IF REPAIR OR REPLACEMENT OF THE COMPANY-PROVIDED FIREWALL SYSTEM IS NOT REASONABLY PRACTICABLE, EITHER PARTY WILL HAVE THE RIGHT TO TERMINATE THE DEFECTIVE SERVICE UPON 10 DAYS WRITTEN NOTICE TO THE OTHER PARTY. CUSTOMER ACKNOWLEDGES AND AGREES THAT (A) THE MANAGED FIREWALL AND THE FIREWALL SYSTEM CONSTITUTE ONLY ONE COMPONENT OF CUSTOMERS OVERALL SECURITY PROGRAM AND ARE NOT A COMPREHENSIVE SECURITY SOLUTION; (B) THERE IS NO GUARANTEE THAT THE MANAGED FIREWALL OR THE FIREWALL SYSTEM WILL BE UNINTERRUPTED OR ERROR-FREE, THAT NETWORKS OR SYSTEMS CONNECTED TO THE FIREWALL SYSTEM OR SUPPORTED BY THE MANAGED FIREWALL WILL BE SECURE, OR THAT THE MANAGED FIREWALL WILL MEET CUSTOMERS REQUIREMENTS; (C) THERE IS NO GUARANTEE THAT ANY COMMUNICATIONS SENT BY MEANS OF THE MANAGED FIREWALL OR THE FIREWALL SYSTEM WILL BE PRIVATE; (D) THERE IS NO GUARANTEE THAT ANY AVAILABLE CONTENT OR URL BLOCKING SOFTWARE WILL BLOCK ALL SITES NOT DESIRED BY CUSTOMER OR THAT SUCH SOFTWARE WILL NOT BLOCK ANY SITES THAT ARE DESIRED BY CUSTOMER; AND (E) ANY AVAILABLE CONTENT OR URL BLOCKING SOFTWARE IS USED AT CUSTOMERS SOLE RISK AND DISCRETION.
6. Export Compliance. Customer acknowledges that the export, import, and use of certain hardware, software, and technical data provided hereunder is regulated by the United States and other governments and agrees to comply with all applicable laws and regulations, including the U.S. Export Administration Act, the regulations implemented thereunder by the Department of Commerce, and any other applicable laws or regulations. Customer represents and warrants that it is a U.S. citizen or permanent resident, or a corporation organized under the laws of one or more of the United States of America, that Customer is not procuring the Firewall System or Managed Firewall on behalf of a foreign national, and that Customer is not subject to a U.S. government order suspending, revoking or denying export privileges.
7. Service Activation Date. Billing of monthly recurring charges will commence as of the date Managed Firewall has been made available for operation by Company, to be indicated to Customer by the Company Installation Engineer (Service Activation Date). In no event will the Service Activation Date be deemed to have occurred before: (a) Company has shipped all necessary hardware and software for Managed Firewall to Customer; and (b) if Company activation is required for Managed Firewall, the date that Company has offered to provide such activation for Customer.
8. If Customer exceeds the number of users allowed under the software license included with its chosen Option Package, Customer is liable and obligated to pay for the corresponding Option Package containing either: (a) for Managed Enterprise Firewall, an unlimited user license or (b) for Managed Business Firewall, the license for the highest number of users available (if adequate to cover the number of actual users), or if necessary for the Managed Enterprise Firewall license tier necessary to cover the number of actual users.
9. If Customer terminates any part of Managed Firewall during its Term of Service, except for termination for Cause, such termination shall not be effective until 60 days after Company receives written notice of termination (Termination Effective Date); and Customer is liable for and obligated to pay, within 30 days after such Termination Effective Date: (a) all accrued but unpaid charges for Managed Firewall service incurred through the Termination Effective Date; plus (b) an amount equal to the total of the monthly recurring charge for the terminated Managed Firewall service remaining in the first year of the Term of Service, if any; plus (c) an amount equal to 75 percent of the monthly recurring charge for the balance of the committed Term of Service after the first year of the Term of Service, if applicable; plus (d) all fees or early termination penalties (if any) imposed by the local line provider; plus (e) a pro rata portion of any and all credits received by Customer, provided that, in no event will Customers total termination liability exceed the full contract value of the terminated Managed Firewall service.
10. Upon termination or expiration of the Managed Firewall service, each party shall return to the other party immediately all Confidential Information and property of the other party then in such partys possession, custody, or control. Within 10 days after such termination or expiration Customer shall return all components of the Firewall System to Company at Customers expense. If a Customer fails to return all components of the Firewall System to Company within 10 days after termination or expiration, Customer will continue to be liable for and obligated to pay monthly recurring charges for Managed Firewall.
VI. SERVICE LEVEL AGREEMENT: Any service level agreement for Managed Firewall is in Customers Service Agreement.