Managed Firewall

DeepSeas Firewall & Next-Gen Firewall Management Service (FMS) provides 24x7 proactive management and monitoring of Client's firewalls, ensuring consistent configuration and tuning and that the appropriate updated versions of the firewall software and operating systems are running. DeepSeas will be responsible for normal configuration changes, as directed by Client's designated point of contact, ticketing system maintenance and change process management. DeepSeas will collect in-scope firewall logs through the log output facility and may, if deemed necessary by our technical experts, deploy log collection appliance(s) to Client's premises to support data ingestion and analysis.

DeepSeas FMS program includes support for the following service components (provided the vendor/model includes these features):

• Intrusion Prevention Service
• Firewall
• Anti-virus Protection
• Application Intelligence and Control
• Ant-Spyware
• Content & URL Filtering
• Wireless LAN support
• VPN Tunnels
• Multi-WAN Support

Terms associated with service implementation are described below:

• New devices shall be shipped from the vendor directly to the Client. Shipping costs shall be borne by the Client.
• New devices shall be deployed and configured remotely by DeepSeas with a standard deployment configuration and on-site support from the Client.
• Existing equipment in use is provisioned remotely, with on-site support from Client.

Device remote start-up and configuration includes the following configuration deliverables. Based on appliance model, firmware version or Client requirements, not all deliverables may be applicable. Any configuration requests not included as a part of standard configuration deliverable must be directed to DeepSeas as a standard change request.

• Loading the latest firewall firmware
• Activating the service license keys and enabling security services
• Configuring administrator accounts
• Specifying mode of operation, zones, IP address, subnet mask, hostname, static routes, DNS, SYSLOG
• Setting up the firewall policy consisting of the following elements. Firewall access rules, Network address translation rules, VLAN creation and Object creation (Hosts, Groups, Networks, Ranges and Service objects) as described in table below
• Enabling wireless security features (wireless appliances only) intrusion detection and wireless guest services. Service does not include wireless configuration on end Client devices (e.g. Laptops or Mobile devices)
• Setting up SSL VPN for remote access (on-firewall local user authentication database is not supported). Setting up user level authentication using external authentication servers where the Client has provided all the required authentication server parameters.
• Setting up single WAN interface only
• DeepSeas provides telephone support to Client contact at the implementation site during installation of all Client premises equipment.
• Once Client premise equipment is in place, DeepSeas accesses the device(s) remotely and performs the remaining configuration and service activation tasks which may require device downtime.

Clients must provide DeepSeas with exclusive administrative privileges on the specific devices to be managed. Firewall policy migration services are not included as a part of the managed Service.

DeepSeas will provide Client with a notice of service commencement, which identifies the service commencement date, when the following conditions have been met: DeepSeas has: (a) established communication with the relevant Client device(s) (b) verified availability of Client data on the portal.

ADDITIONAL SERVICE RULES, REGULATIONS AND CONDITIONS

• The Service provides robust device management, security event analysis and performance monitoring to the Client. Deployment of the Service does not achieve the impossible goal of risk elimination, and therefore DeepSeas does not guarantee that intrusions, compromises, or other unauthorized activity will not occur on Client's network.
• DeepSeas may schedule maintenance outages for DeepSeas-owned equipment/servers which are being utilized to perform the services with 24 hours' notice to designated Client contacts.

SUPPORTED FIREWALL TECHNOLOGIES

DeepSeas supports the following advanced firewall technologies, one of which Client is expected to procure, license, deploy and maintain:

Client agrees to perform the following obligations and acknowledges and agrees that DeepSeas ability to perform its obligations are dependent upon Client's compliance with the following:

• Provisioning and overall maintenance of firewall infrastructure and software aligned to the Supported Firewall Technologies listed above.
• MFW system(s) are configured and tuned, running the current software and OS version applicable to the MFW system. If upgrades are required at the time of provisioning, additional professional service charges may apply.
• Client assumes all risk and liability associated with changes and modifications made by Client's personnel to the managed device(s) and relieves DeepSeas of its performance obligations and service level agreements based on any read/write modifications that Client makes to devices managed by DeepSeas.
• If Client introduces a change to a devices configuration, rules, or policies that creates instability, security vulnerabilities, loss of functionality, or similar problems, DeepSeas may at its option and full discretion charge Client for recovery from such changes to the device's reconfiguration.

Hardware/Software Procurement

The Client is responsible for purchasing the firewall hardware and software necessary for DeepSeas to deliver the Service. Additionally, the Client is responsible for ensuring that their hardware/software stays within the vendor's supported versions.

Support Contracts

Client is responsible for maintaining appropriate levels of hardware support and maintenance for the Client-owned firewall and connectivity to prevent network performance degradation and maintain communications between the Client's contracted firewall devices and DeepSeas security operations centers (SOC).

RMA Responsibilities

The Client is responsible for initiating and fulfilling the return materials authorization ('RMA') process directly with the vendor in the event that the hardware/software being managed by DeepSeas is determined to be in a failed or faulty state and requires replacement.

Connectivity

Client will provide access to Client-premises and relevant appliance(s) necessary for DeepSeas to manage and monitor the contracted firewall devices. Additionally, Client should communicate any network or system changes that could impact service delivery to the SOC via a ticket in the DeepSeas Client portal. Service activation which may require device downtime will depend on Client deliverables such as on-site assistance with initial configuration of the appliance to get connectivity between the firewall appliance and DeepSeas data centers.

Export

Client acknowledges that the Products, Software and Services provided under this agreement, which may include technology and encryption, are subject to the customs and export control laws and regulations of the United States, and may be rendered or performed either in the U.S., in countries outside the U.S., or outside of the borders of the country in which you or your system is located, and may also be subject to the customs and export laws and regulations of the country in which the Products, Software or Services are rendered or received. Client agrees to abide by those laws and regulations.