I. SERVICE DESCRIPTION: Managed Firewall Corporate/Office/Solo or Managed Firewall is a managed security service for Internet access Customers which provides firewall configuration, administration, monitoring, report generation, and support, as well as the use of a Firewall System owned, maintained and supported by Company. Except where explicitly stated otherwise, all the following provisions apply equally to Managed FirewallCorporate, Managed FirewallOffice, and Managed Firewall--Solo. For Managed FirewallCorporate, Customer must supply a dedicated Internet connection of at least a T1, as well as a separate dedicated analog line for out-of-band management. For Managed FirewallOffice and Managed Firewall--Solo, Customer must supply a dedicated Internet connection (up to a T1).
1. Service Components
1.1 Installation: Customer installs the Firewall System based the Customer Profile it provides to Company and the guidelines provided by Company.
1.2 Firewall Configuration: Company configures Managed Firewall in accordance with Customers configuration submission, based on pre-designed firewall policy templates. Virtual Private Network (VPN) support is available for all Managed FirewallCorporate Firewall Systems, and for some but not all Managed FirewallOffice or Managed Firewall--Solo Firewall Systems.
1.3 Administration: Company provides a Web Portal at which Customer administrators can view current Firewall System configuration information, make basic policy and rules changes, request complex rules and configuration changes, as well as view reports and trouble ticket status. After installation, Customer makes basic policy and rules changes to the Firewall System, such as adjustments to remote user and VPN connection rules, URL filtering settings and trusted IP settings and Company makes complex changes to firewall rules and device configuration. Customer requests complex changes through the Web Portal, except that in case of emergency only, Customer may call Companys operations center directly to request a change at the number provided by Company. For Managed Firewall Corporate Service, Customer can request an unlimited number of policy changes. For Managed FirewallOffice Firewall Systems, Customer may request up to four (4) changes per month. For Managed Firewall--Solo Firewall Systems, Customer may request up to two (2) changes per month.
1.4 Monitoring: Company monitors the CPU utilization and availability of Customers Firewall System on a 7 x 24 x 365 basis.
1.5 Reports: Company makes available daily usage reports for Customers Firewall System at the Web Portal.
1.6 Security Scan (Managed Firewall Corporate only): Company performs a security scan on Customers Firewall System once each year at Customers request.
1.7 URL Blocking and Anti-Virus: Customer category-defined URL blocking and anti-virus capabilities are available on certain Firewall Systems, in some cases for an additional charge.
1.8 Configuration Backups: Company maintains backups of Customers Firewall System configuration and regularly stores such backups at a remote location.
1.9 Maintenance: Company remotely installs Firewall System patches, bug fixes, and software upgrades when approved for general distribution to Company Customers. In the event of Firewall System failure (or if the Firewall System is no longer fully supported by its manufacturers), Company may either dispatch a technician to repair the Firewall System at Customers site or replace the Firewall System with one of comparable or better functionality, as follows: (a) if a U.S.-based Firewall System failure is discovered during Company 's normal business hours, Company will make commercially reasonable efforts to ship a replacement Firewall System or component thereof to Customer by the close of that business day; and (b) if the U.S.-based Firewall System failure is discovered outside Company 's normal business hours, Company will make commercially reasonable efforts to ship a replacement Firewall System or component to Customer by the end of the next business day. When a replacement Firewall System is needed outside of the U.S. Mainland, Company will use commercially reasonable efforts to ship the replacement to the Customer within three (3) business days. Export regulations may cause delays. Company will not be responsible for such delays or for the amount of time it takes for the Firewall System to arrive at the Customers premise.
2. Managed Firewall Options: Customer must choose one of the following Managed Firewall options for each Customer site. An HA appearing after the hardware option indicates that the service is high availability which means the Customer receives two firewalls systems, the base firewall system plus a fail over firewall system that is to be used in the event that the base firewall system becomes unavailable.
2.1 Managed Firewall-Corporate: Managed FirewallCorporate is intended for Customers with at least 500 employees. Customer must choose among the following hardware options: Cisco PIX 506, Cisco PIX 515E-R, Cisco PIX 515E-R HA, Cisco PIX 525R, Cisco PIX 525UR HA, Cisco PIX 535R, Cisco PIX 535UR HA, NetScreen 5 XT, NetScreen 25, NetScreen 50, NetScreen 50 HA, NetScreen 204, NetScreen 204 HA, NetScreen 208, and NetScreen 208 HA.
2.2 Managed Firewall-Office: Managed FirewallOffice is intended for Customers with 100 to 499 employees. Customer must choose among the following hardware options: Cisco PIX 506, Cisco PIX HA, Cisco PIX 515E-R, Cisco PIX 515U-R HA, Cisco PIX 525R, Cisco PIX 525UR HA, NetScreen 5 XT, NetScreen 5 XT HA, NetScreen 25, NetScreen 25 HA, NetScreen 50, and NetScreen 50 HA.
2.3 Managed Firewall-Solo: Managed FirewallSolo is intended for Customers with up to 99 employees, and only one site. Customer must choose among the following hardware options: Cisco PIX 501, Cisco PIX 501 HA, Cisco PIX 506, NetScreen 5 GT 10 User, and NetScreen 5 GT Extended.
2.4 Security Defense Appliance (SDA): For an additional charge, Customer may choose Security Defense Appliance (SDA) service that is an optional device that captures security information from the firewall unit that enables enhanced reporting, and provides an encrypted communications channel for device management. Customer may also choose high availability (HA) SDA service (SDA HA) which is SDA service that includes a base SDA plus a fail-over SDA unit.
II. DEFINITIONS: In addition to the definitions found in the General Terms and Conditions for Internet, Enhanced and Other Non-Telecommunications Products and Services, the following apply to Managed Firewall:
Managed Firewall: Managed Firewall-Corporate, Managed Firewall-Office, and/or Managed Firewall-Solo.
Firewall System: The firewall equipment and related software provided by Company for use on Customers premises as part of Managed Firewall.
III. FEATURES AND OPTIONS: The following features are available: None.
IV. Terms and Conditions: The following Terms and Conditions apply in addition to those set forth in the General Terms and Conditions for Internet, Enhanced and Other Non-Telecommunications Products and Services of this Guide.
1. Service Term Commitment: Each order of Managed Firewall is subject to a one-year minimum term commitment.
2. Suppliers: Company may provide Managed Firewall directly and/or through its suppliers. References to Company that limit liability and disclaim warranties or damages include such suppliers and their affiliates, directors, officers, employees or agents. These limitations are independent of each remedy and are intended to survive and be enforceable under any circumstances without exception. Company reserves the right to replace, modify, suspend or terminate Managed Firewall within 90 days of informing Customer by invoice message, e-mail or other reasonable means, if in Companys sole discretion, such action is appropriate under the circumstances (e.g., because of the loss of a supplier).
3. Geographical Scope: Managed Firewall provisions apply only to Customers incorporated in the U.S. Mainland under Service Agreement governed by the law of one of the U.S. Mainland states. Managed Firewall is billed in the U.S. Mainland, in U.S. dollars. Firewall Systems may be located outside of the U.S. Mainland in certain circumstances, as described below.
4. Service Components:
4.1. Installation: Before installation, Customer must complete and provide the appropriate, current Customer profile (the configuration workbook). Customer installs the Firewall System based on guidelines provided by Company.
4.2. Configuration Submission: Company will configure Managed Firewall in accordance with Customers configuration submission, based on pre-designed firewall policy templates.
4.3. Firewall Configuration: Customer is responsible for confirming that its Firewall System is configured in accordance with Customers preferences prior to and after activation of Managed Firewall. VPN support is available for all Managed FirewallCorporate Firewall Systems, and for some but not all Managed FirewallOffice or Managed Firewall--Solo Firewall Systems. The Firewall System will be deemed accepted by Customer 5 business days after Company verifies the Web Portal is receiving data from Customer unless Customer notifies Company that it is rejecting the firewall. If Company receives such a notice, it will correct the failure identified by Customer in the notice, and the Firewall System will be deemed accepted within five business days of the correction unless Customer again provides notice of rejection. In such a case, Company will correct the failure identified and the Firewall System will be deemed accepted within five business days of the correction unless rejected again by Customer. This notice and correction process will be repeated until the Firewall System is accepted, or until Company, at its discretion, elects to terminate service.
4.4 Support: Company will provide contact information for Customer support.
5. Customer Obligations: Customer must comply with all obligations set forth in this Guide, the Service Attachment and the related Service Agreement, including all obligations set forth in any end user software licenses for software provided by Company. Customer acknowledges that it is not relying on any representations or warranties made by a manufacturer except for those warranties expressly made in a software end user license agreement (if applicable to Customer).
6. Disclaimer: Managed Firewall is provided As Is without warranties of any kind. Companys entire liability and Customers sole and exclusive remedies regarding Managed Firewall and the Firewall System (including without limitation relating to shipment, installation, and performance) are: (A) set forth in the paragraph labeled Service Level Agreement or (B) repair or replacement (at Companys discretion) of any Company-provided Firewall System that is defective (as described further in the paragraph below titled Maintenance of Firewall System). If repair or replacement of any defective Firewall System is not reasonably practicable, either party will have the right to terminate the defective service upon ten (10) days written notice to the other party. Customer acknowledges and agrees that (A) Managed Firewall constitutes only one component of Customers overall security program and is not a comprehensive security solution; (B) there is no guarantee that Managed Firewall will be uninterrupted or error-free, that networks or systems connected to or supported by Managed Firewall will be secure, or that Managed Firewall will meet Customers requirements; (C) there is no guarantee that any communications sent by means of Managed Firewall will be private; (D) there is no guarantee that Managed Firewall will block all e-mail and sites not desired by Customer or will not block any sites or E-mail that are desired by Customer; and (E) any available content or URL blocking software is used at Customers sole risk and discretion.
7. Service Level Agreement: The Service Level Agreement (SLA) for Managed Firewall, which is made a part of the Service Agreement, is set forth at http://global.mci.com/terms/. Company reserves the right to amend the SLA from time to time effective upon posting of the revised SLA to the URL cited above or other notice to Customer; provided, that in the event of any amendment resulting in a material reduction of the SLAs service levels or credits, Customer may terminate this service attachment without penalty by providing Company written notice of termination during the thirty (30) days following notice of such amendment (unless during the 30-day notice period, Company cures the material reduction). The SLA sets forth Customers sole remedies for any failure to meet any standard set forth in the SLA. Companys records and data shall be the basis for all SLA calculations and determinations.
8. Maintenance of Firewall System: With respect to the Firewall System only, Company will provide the following maintenance services (Maintenance Services): (i) Use commercially reasonable efforts to isolate any problems with the Firewall System and send a technician to the Customer site if necessary; (ii) If Company, in its sole discretion, determines that any component of a Firewall System that resides on Customers premise needs to be replaced, such component will be replaced with a component in good working order and of like kind and functionality from a manufacturer of Companys choice at the time of replacement (Exchange Component). Maintenance Services only apply to problems arising out of the normal use of the Firewall System and do not apply if the Firewall System is damaged as a result of the negligence or willful misconduct of Customer. If repair and/or replacement is required because of damage caused by Customers negligence or willful misconduct, Customer will be charged time at Companys standard rates to repair the Firewall System or Customer will be charged the replacement cost of the Firewall System.
9. Equipment: Customer shall (a) maintain the Firewall System and any associated software, systems, cabling and facilities in accordance with the reasonable instructions of Company as may be given from time to time; (b) not modify, relocate, or in any way interfere with the Firewall System unless expressly authorized by a representative of Company to do so; and (c) not cause the Firewall System to be repaired, serviced, or otherwise accessed except by an authorized representative of Company. In addition, Customer shall furnish such electrical power in the form of a 120V outlet (or other appropriate power source indicated by Company if the Firewall System is located outside of the U.S. Mainland), including backup power, and such other amenities as are required in order to accommodate Managed Firewall and in order for the Firewall System to function as intended. Customer, upon reasonable request or notice, shall also allow Company representatives to enter onto Customer premises or locations at which service is being provided in order to repair or maintain Managed Firewall, including the Firewall System, or in order to remove the Firewall System. Failure of Customer to permit such entry will discharge Company from its service obligation. If required by a change in equipment providers, Customer will complete any migration process within the reasonable timeframes required by Company and its suppliers. To the extent Company uses Customer-owned or provided hardware and/or software to provide Managed Firewall (the Customer Equipment), Customer will provide any license, approvals or consents reasonably required for Company to access or use the Customer Equipment.
10. Security: Customer shall, at its own expense, take all reasonable physical and information systems security measures necessary to protect all equipment, software, data and systems located on Customers premises or otherwise in Customers control and used in connection with Managed Firewall, whether owned by Customer, Company, or Companys subcontractors. Customer acknowledges and agrees that Company is not liable, either in contract or in tort, for any loss resulting from any unauthorized access to or alteration of, theft, destruction, corruption, or use of, facilities used in connection with Managed Firewall. Customer is responsible for all security policies, including without limitation firewall security policies, even if Customer uses a third party (or Company) to configure and implement such policies.
11. International Service: Company may accept orders for Managed Firewall where the Firewall System will be located outside of the United States Mainland, at MCIs sole discretion. When a replacement Firewall System is needed outside of the United States Mainland, Company will use commercially reasonable efforts to ship the replacement to the Customer within three (3) business days. Export regulations may cause delays. Company will not be responsible for such delays or for the amount of time it takes for the Firewall System to arrive at the Customers premise. Customer may need to provide a contact for 24x7 on-site support should the system power need to be recycled. If Customer does not provide this contact or the contact is unavailable, Customer understands and agrees that the Firewall System may be down until normal business hours resume and Customers contact is available.
12. Export Compliance: The Company and Customer hereby acknowledge that the products, technology, and/or services (Products and Technology) provided under these Guide provisions may be subject to export, import and use controls under the laws and regulations of the U.S. Mainland (U.S.), other foreign governments and international agreements. Each party shall comply with such laws and regulations and agrees that it and the end users of the Products and Technology will not export, re-export or transfer Products and Technology without first obtaining all required U.S. or foreign government authorizations or licenses. The parties each agree to provide the other such information and assistance as may reasonably be required by the other in connection with securing such authorizations or licenses, and to take timely action to obtain all required support documents. Customer represents and warrants that it is a U.S. citizen or permanent resident, or a corporation organized under the laws of one or more of the United States of America, and that Customer is not subject to a U.S. government order suspending, revoking or denying export privileges. Each party agrees to maintain a record of exports, re-exports, and transfers of the Products and Technology for five years and to forward within that time period any required records, at the other partys request, to the applicable U.S. or foreign government agency. Company and Customer agree to permit audits by the other party or the U.S. or foreign government as may be required under the applicable laws and regulations.
13. Confidentiality: The Service Agreements general Confidential Information provision applies to Managed Firewall without any time limitation, supplemented by the following terms. Each recipient of Confidential Information (Recipient) agrees (a) to protect it from disclosure, using the same degree of care used to protect its own Confidential Information, but in any case no less than a reasonable degree of care. A Recipient may disclose Confidential Information to its employees and independent contractors who have a need to know and who are bound in writing prior to disclosure to protect the received Confidential Information from unauthorized use and disclosure; (b) to make only such copies as is reasonably required, including such proprietary legends or notices as are contained in or on the original or as the disclosing party (Discloser) may reasonably request. If required by law, regulation or court order to disclose any of Disclosers Confidential Information, Recipient will promptly notify Discloser in writing prior to making any such disclosure in order to facilitate Discloser seeking a protective order or other appropriate remedy from the proper authority. Recipient agrees to cooperate with Discloser in seeking such order or other remedy. Recipient will furnish only that portion of the Confidential Information which is legally required and will use all reasonable efforts to obtain reliable assurances that confidential treatment will be accorded the Confidential Information. Confidential Information is unique and valuable, and breach by either party of this provision will result in irreparable injury to the affected Party for which monetary damages would inadequate. In the event of a breach or threatened breach of this provision, the affected party is entitled to injunctive or other equitable relief without posting a bond (in addition to and not in lieu of monetary or other relief). All Confidential Information remains the property of Discloser. Except as otherwise expressly provided in this Agreement, all copies of Confidential Information, regardless of form, shall either be destroyed or returned to the Discloser (as the Recipient chooses) promptly upon the earlier of: (i) Disclosers written request, or (ii) termination or expiration of service under this service attachment.
14. Service Activation Date: Billing of monthly recurring charges will commence as of the date Managed Firewall has been made available for operation by Compay, to be indicated to Customer by the Company Installation Engineer (Service Activation Date). In no event will the Service Activation Date be deemed to have occurred before: (a) Company has shipped all necessary hardware and software for Managed Firewall to Customer; and (b) if Company activation is required for Managed Firewall, the date that Company has offered to provide such activation for Customer.
15. Return of Equipment: Upon termination or expiration of the Managed Firewall, each party shall return to the other party immediately all property of the other party then in such partys possession, custody, or control. Within ten (10) days after such termination or expiration Customer shall return all components of the Firewall System to Company (as Company directs) at Customers expense. If a Customer fails to return all components of the Firewall System to Company within ten (10) days after termination or expiration, Company may continue billing Customer and Customer is liable for and obligated to pay the monthly recurring charges for the Managed Firewall. If Customer fails to return all components of the Firewall System to Company within 60 days after termination or expiration, Company may bill Customer and Customer is liable for and obligated to pay the full then-current net book value of the unreturned components.
16. Software Ownership and Licenses: Managed Firewall may include certain publicly available software components (the Open Source Components). Each Open Source Component is a separate and independent work, and therefore, is subject to its own end user license agreement (EULA), principally what is known as the General Public License. As between Company (including its suppliers) and Customer, Company (or its ultimate suppliers or licensors, as applicable) retain all right, title and interest in and to all programs and hardware (other than Open Source Components) provided by Company.