CNI-INDEPENDENTS FIREWALL SERVICE

This Service Description and Service Level Agreement is provided for the Customer of a Qualifying Transport Service (“QTS”) of Independents Fiber Network, a wholly own subsidiary of Com Net Incorporated (herein “CNI_INDEPENDENTS”).   This Service is provided in connection with Customer’s separate, signed Master Services Agreement. In the absence of a Customer-specific Master Services Agreement, this Terms of Service is provided in connection with the Independents Fiber Network Customer Terms, available at  www.ifnetwork.biz and incorporated by reference in its entirety herein.

For purposes of this Service offering, QTS shall be private line Ethernet Transport Service (ETS) or Enhanced ETS providing Internet Access with a capacity commitment of 100 Mbps or greater.

A.  Service Description

A Firewall protects your network from unauthorized access and malicious attacks. Firewalls are the critical gateway into a network, and firewalls hosted with or without management by CNI_INDEPENDENTS come with the highest degree of attention and expertise to protect critical customer assets and provide protection at the customer perimeter. 

CNI_INDEPENDENTS Firewall Services provided:

Hosted & Managed Firewalls – are hosted at a CNI_INDEPENDENTS Core IP PoP and are a fully managed firewall solution, including policy and configuration. The service is tailored to meet the customer’s changing business requirements.  

Managed Firewall Service is comprised to support the following components:

• Application Intelligence and Control
• VPN Tunnels*

* Appropriate to services selected

                The following Service Components are included with the Managed Firewall Service:

• Device Availability Monitoring
• Secure Event Monitoring
• Upgrade and Patch Management
• Change Management
• VPN Configuration*

Any other services are out-of-scope.  Examples of such out-of-scope support include, but are not limited to:

• Integration of complementary products that are not managed by CNI_INDEPENDENTS (e.g. encrypted Email, web reporting software)
• Custom analysis and/or custom reports
• Any change request not specified above
• Configuration of any tunnel end point that is not terminated on a CNI_INDEPENDENTS managed service device
• Rule set design, validation and troubleshooting
• Firewall policy auditing, policy/rule utilization, and security best-practice consulting
• Development of Customized Signatures

B.  Availability

CNI_INDEPENDENTS will use best efforts to have the service available 24-hours, 7-days a week.

C.   Charges

One-Time Installation and Set-up Charges for firewall services are set forth below.

Monthly Recurring Service Charges for firewall services are set forth below.

ICB – Individual Case Basis quote.  Quoted at the time of request based on Customer Requirements

D.   Responsibilities

CNI_INDEPENDENTS shall furnish the necessary personnel, equipment, material and/or services and otherwise do all things necessary for or incidental to the performance of work as set forth below.

1. Device Availability Monitoring:  CNI_INDEPENDENTS will configure the firewall and Customer’s Network to allow CNI_INDEPENDENTS to access the firewall using HTTPS and IPSEC.   CNI_INDEPENDENTS will perform availability monitoring of the firewall.   Availability will be monitored using periodic polling of the Firewall.    If periodic polling checks indicate that the Firewall has become unavailable, an automatic alert will notify CNI_INDEPENDENTS 24x7x365 staffed NOC.   If the root problem of device failure is customer related such as a network change or outage that CNI_INDEPENDENTS QTS is not the root cause, CNI_INDEPENDENTS will provide Customer with troubleshooting information upon request, but CNI_INDEPENDENTS is not responsible for troubleshooting such issues.
2. Software Upgrade and Patch Maintenance:  As security related patches and upgrades are released for the Firewall, CNI_INDEPENDENTS assesses the applicability of each release to Customer’s environment.   CNI_INDEPENDENTS will work with Customer to schedule any necessary remote upgrades. In cases where support for a particular Firewall version is being discontinued by the vendor or by CNI_INDEPENDNETS, CNI_INDEPENDENTS will communicate new platform migrations process within sixty (60) days.  Customer will bear any costs related to procuring new software and any new hardware associated with a change in platform.   SLAs do not apply during maintenance work.  SLA s do not apply if Customer does not make the changes required by CNI_INDEPENDENTS, if Customer refuses to implement necessary platform changes and/or if Customer otherwise prevents CNI_INDEPENDENTS from making the changes it notifies Customer are necessary for continued Service.
3. Change Management:  Customer may submit change requests to CNI_INDEPENDENTS by Email to firewall-admin@cniteam.com.  CNI_INDEPENDENTS requires that the change request

is made by an Authorized Customer Contact or Customer Authorized Contact used interchangeably.CNI_INDEPENDENTS will contact the authorized Customer Contact via Email or telephone to clarify unclear requests as needed.CNI_INDEPENDENTS agrees to provide the Customer with up to 75 minutes of CHANGE MANAGEMENT support per month based on 15 minute reporting increments.CHANGE MANAGEMENT support in excess of 75 minutes will be invoiced at $125 per hour provided such requests are from the Customer Authorized Contact.The Change Management request could be on any of the following features of the Firewall.

1. Firewall:  CNI_INDEPENDENTS will manage the policy on the Firewall.   A single policy change will be defined as adding, deleting or modifying up to three individual Network Address Translations (NAT) (incoming, outgoing and loop-back) including object creation.   Adding, deleting or modifying up to two access control list changes (such as permit or deny changes) including the creation of up to 6 policy objects creation (Hosts, Groups, Networks, Ranges and Service objects.  Adding, deleting or modifying up to two individual network routes within the firewall.  A standard policy change may comprise one or more of the above bullets.   Any change request that is not specifically listed above may be completed by CNI_INDEPENDENTS on a time and materials basis outside the monthly CHANGE MANAGEMENT time allocation.  CNI_INDEPENDENTS reserves the right to determine, within its reasonable discretion, whether a change falls within the scope of Customer’s service.  CNI_INDEPENDENTS does not design or validate rule sets or provide troubleshooting related to rule sets as part of the Service.
2. Intrusion Prevention System:  CNI_INDEPENDENTS manages the policy on the device.  Policies are updated regularly as updates are released by Vendors and reviewed by CNI_INDEPENDENTS.  The following defines what is considered to be one policy change:   adding, deleting or modifying IDS/IPS signatures, not including routine signature updates.  Any change request that is not specifically listed above may be completed by CNI_INDEPENDENTS on a time and materials basis.  CNI_INDEPENDENTS reserves the right to determine within its reasonable discretion whether a change management request falls within the scope of the Customer’s service.
3. Application Intelligence and Control:  CNI_INDEPENDENTS can enable application control as per Customer’s request.   There are hundreds to thousands of applications supported within the Firewall, therefore it is Customer’s responsibility to specify all application control and application rule settings required.   CNI_INDEPENDENTS will configure the Firewall in accordance with the Customer’s specifications.  CNI_INDEPENDENTS does not offer application debugging in the event of unexpected consequences from application control settings.  CNI_INDEPENDENTS responsibilities surrounding application control are limited to enabling or disabling the application control settings.  At the time of initial deployment, by default, application intelligence and control is turned off.
4. VPN Configuration:   CNI_INDEPENDENTS configures VPN connections for firewalls it contractually manages and troubleshoots in the event of an outage.   At least one (1) firewall must be managed by CNI_INDEPENDENTS to provide this Service.   Details on number of VPN tunnel configurations based on deployed Firewall Service varies.  Site-to-site VPN configuration is based on CNI_INDEPENDENTS standard VPN templates.   No warranty is provided on the ability of the managed Firewall to successfully interwork with 3^rd party firewalls managed by other parties.   CNI_INDEPENDENTS is unable to provide assistance on remote device configuration.

1. Customer Responsibilities:
   1. Customer agrees that Customer shall utilize the Service to engage only authorized servers and networks. Any attempt to utilize the Service to access unauthorized servers or networks is strictly prohibited and may result in the termination of Services.
   2. Customer will designate at least one primary and one back-up technical resource (the “Customer Firewall Technical Contact”) authorized to execute the following responsibilities:
      • The Customer Authorized Contact(s) or Authorized Customer Contact(s), used interchangeably will submit Firewall requests to set-up, change or remove access control lists and firewall rules for their customer by submitting a request by Email to firewall-admin@cniteam.com.
      • The Customer Authorized Contact(s) will be the “central point of contact” for administration of the customer’s perimeter firewall by customer staff in a delegated administration model.
      • The Customer Authorized Contact(s) will report all Firewall Service problems to CNI_INDEPENDENTS by Email to firewall-admin@cniteam.com
      • CNI_INDEPENDENTS will provide telephone support for the initial set-up, installation, configuration and maintenance in collaboration with the Customer Authorized Contact.
   3. Customer will provide access to Customer-premises and relevant appliance(s) as necessary for CNI_INDEPENDENTS to manage and monitor the contracted Firewall Service.   Additionally, Customer should notify CNI_INDEPENDENTS of any network or system changes that could impact service delivery by Email to firewall-admin@cniteam.com.   Service activation, which may require Firewall Service downtime, will depend on Customer deliverables.   SLAs will not apply to Firewall Services experiencing Customer-caused connectivity issues.
   4. Customer acknowledges that the Products, Software and/or Services provided under this agreement, which may include technology and encryption, are subject to the customs and export control laws and regulations of the United States, and may be rendered or performed either in the U.S., in countries outside the U.S., or outside of the borders of the country in which you or your system is located, and may also be subject to the customs and export laws and regulations of the country in which the Products, Software or Services are rendered or received. Customer agrees to abide by those laws and regulations.

E.  Special Terms

1. FIREWALL DISCLAIMER: This Firewall Service is designed to prevent outsiders from gaining access and will provide an effective method of monitoring and limiting access. However, it may not prevent some instances of dedicated hackers, or an employee from gaining unauthorized access to the Internet or to confidential information stored on the network. CNI_INDEPENDENTS does not and will not accept liability for any losses or damage to Customer’s business or data that arise as a result of the Firewall not preventing unauthorized access.  The Firewall service does provide a high standard of protection and service, but no system can claim to be completely secure.
2. SERVICE LEVELS:
   1. Standard Change Requests
      1. Commitment:  Acknowledgement of receiving the change within two business days from the time stamp on the ticked created by CNI_INDEPENDENTS.   1 per day per device involving a standard time of 15 minutes per request, up to a maximum of 5 per month or 115 Minutes per month.
      2. Credit:   1/30^th of the monthly fee for Service for the affected Service when acknowledgement exceeds 2 business days.
   2. Security Event Monitoring
      1. Commitment:  Customer shall receive an alert either by Email, telephone or potentially through a Customer portal within thirty (30) minutes of the determination by CNI_INDEPENDENTS that given malicious activity constitutes a possible security incident.
      2. Credit:  1/30^th of the monthly fees for Service for the affected Service when the timing of alert exceeds 30 minutes from the time of determination by CNI_INDEPENDENTS that an event constitutes a possible security incident.
   3. Active Health Monitoring
      1. Commitment:   Device Unreachable – Customer shall receive a notification either by Email, telephone or through a potential future Customer Portal within 1 hour from identification of the device being unreachable.
      2. Credit:  1/30^th of the monthly fee for Service for the affected Service when the timing of the notification exceeds 1 hour from identification of the device being unreachable.
3. ADDITIONAL SEVICE RULES, REGULATIONS AND CONDITIONS:
   1. The Service provides robust management, security event analysis and performance monitoring to the Customer.   Deployment of the Service does not achieve the impossible goal of risk elimination, and therefore, CNI_INDEPENDENTS does not guarantee that intrusions, compromises, or other unauthorized activity will not occur on Customer’s network.
   2. CNI_INDEPENDENTS may schedule maintenance outages for CNI_INDEPENDENTS owned equipment/services, which are being utilized to perform the service with 24 hours’ notice to designated Customer contacts.
   3. The Service Levels set forth herein are subject to the following terms, conditions and limitations:
      1. The Service Levels shall not apply during scheduled maintenance outages, and therefore, are not eligible for any Service Level credit. CNI_INDEPENDENTS shall not be held liable for any Service impact or Service Levels Agreements related to product configurations that are not supported by CNI_INDEPENDENTS within the Customer’s policy.
      2. The Service Levels shall not apply in the event of any Customer-caused service outage that prohibits or otherwise limits CNI_INDEPENDENTS from providing the Service, delivering the Service Levels or managed service descriptions, including but not limited to: Customer misconduct, Customer negligence, inaccurate or incomplete information provided by the Customer, Customer modifications made to the Services, or any unauthorized modifications made to any managed hardware or software devices by the Customer, its employees, agents, or third parties acting on behalf of Customer.
      3. The Service Levels shall not apply to the extent Customer does not fulfill and comply with the Customer obligations set forth in this SLA. The obligation of CNI_INDEPENDENTS to meet the Service Levels with respect to any incident response or ticket request are conditioned upon CNI_INDEPENDNETS’ ability to connect directly to the Customer devices on the Customer network through an authenticated server in the CNI_INDEPENDNETS’ Secure Operations Center.
   4. Customer will receive credit for any failure to meet the Service Levels outlined above within thirty (30) days of notification by Customer to CNI_INDEPENDENTS of such failure. In order for Customer to receive a Service Level credit, the notification of the Service Level failure must be submitted to CNI_INDEPENDENTS within thirty (30) days of such failure. CNI_INDEPENDENTS will research the request and respond to Customer within thirty (30) days from the date of the request. The total amount credited to a Customer in connection with any of the above Service Levels in any calendar month will not exceed the monthly Service fees paid by Customer for such Service. Except as otherwise expressly provided hereunder, the foregoing Service credit(s) shall be Customer’s exclusive remedy for failure to meet or exceed the foregoing Service Levels.