Managed Firewall Service Specific Terms and Conditions
The Cable & Wireless Guernsey Managed Firewall Service
provides a managed Firewall to secure Your Hosting Solutions housed
within Our Hosting Centre or on Your site. Monitoring and
support of Your Managed Firewall solution is provided, 24 hours a
day, 7 days a week.
The following Managed Firewall Service options are
available:
- Customer Firewall Management - the
installation, configuration and management of a Firewall solution,
using Your own hardware and software located in Our ISC or on Your
Premises.The Supported Platform Document specifies the hardware and
software that can be used and supported as part of Our Firewall
Management solution.
- Leased Firewall Management - the installation,
configuration and management of a Firewall solution, using software
and hardware provided by Us, rented to You and located in Our ISC
or on Your Premises.
DATA CENTRE SPECIFIC TERMS AND CONDITIONS
These Data Centre Specific Terms and Conditions should be read
in conjunction with the Data Centre General Terms and Conditions.
Where there is conflict, these Data Centre Specific Terms and
Conditions (as applicable) supersede those Data Centre General
Terms and Conditions.
1. Definitions and Interpretation
The Data Centre General Terms and Conditions include
definitions.These definitions are in addition.
"Business Day" means any day Monday through
Friday excluding Bank Holidays in the Bailiwick of Guernsey.
"Firewall" means a network device that filters
incoming and outgoing traffic to and from equipment
"Firewall Information" means the security rules
and authorised user database set by You for Your Firewall.
"Hosting Centre" means Our site with
connectivity to Our network used to provide Hosting Services to
You.
"Hosting Services" means the Services provided
by Us under the Agreement.
"Hosting Solution" means a collection of
Services taken as a singe solution provided by Us to You.
"Internet Control Message Protocol (ICMP)" is a
message control and Fault reporting protocol between a host
server and the Internet
"Simple Network Management Protocol (SNMP)" is
the protocol governing network management and the monitoring of
network devices and their functions.
"Supported Platform Document" means the
document detailing the standard makes, models and configurations of
equipment and software versions We are able to support as part of
Your Hosting Solution.
2. Provision Of Service
2.1 The Supported Platforms Document specifies the hardware and
software used to implement Our Managed Firewall solution.
2.2 The Order Form will specify Your chosen Service option(s).
Unless specifically stated otherwise, all elements of this product
description shall apply to both Managed Firewall Service
options.
2.3 Configuration - For both of Our Managed
Firewall Service options:
2.3.1 We will work with You to perform a security review of Your
network configuration and Firewall Information, and make
recommendations for security improvements;
2.3.2 We will design, install and configure Your Managed
Firewall solution;
2.3.3 Our security engineers will perform up to three ongoing
Firewall configuration and Firewall Information changes per
quarter, as requested by You, at no additional cost to You; and
2.3.4 Your Firewall Information data will be backed up, once a
week or whenever there is a configuration change. The current
configuration will be stored off-site - at a site other than the
one where Your equipment is located.
2.4 Spares
2.4.1 In the event of a hardware failure, We will repair or
replace the equipment
2.4.2 If You are using hardware We supplied We will provide
spares for all hardware used to provide the Managed Firewall
Service. Spares will be used only as a temporary replacement for
failed Firewall equipment and will be stored within Our ISC where
Your equipment is usually housed. If You are using Your own
hardware it is Your responsibility to provide spares.
2.4.3 Once notified by You of a problem with the Firewall
equipment We will determine if a spare replacement is required
after troubleshooting the problem. We reserve the right to use
hardware and software substantially similar - but not necesarily
identical- to that specified in the Supported Platforms
Document
2.4.4 You must allow Us to retrieve any of Our spares from Your
hosting space, and replace it with a permanent Firewall, within
three Business Days of receiving a request to do so by Us. We may
or may not be accompanied by You when doing so.
2.5 Repairs
We will work with the Firewall vendor, at Your request, to
facilitate repair of any Firewall hardware. This covers managing
the repair process (e.g sending equipment to the vendor and
re-installing the required Firewall hardware). However it does not
include paying for any addidoml repairs or costs not covered by the
vendor's warranty or the applicable maintenance contract - You are
responsible for paying these additional costs.
2.6 Upgrades
2.6.1 We may periodically require an upgrade of the Firewall
software to ensure the latest versions are in operation. If We
determine, at Our sole discretion, that an upgrade is necessary, We
will work with You to schedule a time to make necessary Service
changes. You must allow Us to make these changes within five
Business Days of receipt of the request from Us.
2.6.2 If We determine that an emergency security change is
required, or if You do not respond to Our request to upgrade the
Firewall software, We will make the change during a normally
scheduled maintenance window. We will make commercially reasonable
attempts to contact Your technical contact prior to making any
security change or Firewall software upgrade under these
circumstances.
2.7 Services Not Included -
The Managed Firework Service does not offer or provide:
2.7.1 Load balancing of Firewalls;
2.7.2 Direct access to Our network security or engineering. All
initial contact between You and Us must be made with Our Customer
Support Centre;
2.7.3 Permanent archival and storage of log files;
2.7.4 Our Intrusion Detection and Response (IDR) Services
support for any Firewall(s) implemented as part of Our Managed
Firewall Service. You must order Our IDR Services separately.
3. Service Provision Requirements
3.1 In order for Us to provide the Managed Firewall service:
3.1.1 We must have exclusive root or administrator access
to the Firewall;
3.1.2 We require one Ethernet interface exclusively for
management of the Firewall;
3.1.3 if redundant (failover) Managed Firewall configurations
are used, an additional Ethernet interface must be available for
redundancy:
3.1.4 You must provide Us with a topology of Your existing
network;
3.1.5 You must have no root or administrator access to
the Firewall;
3.1.6 You must accept a maintenance window as specified by the
maintenance schedule of Our ISC that hosts Your Managed Firewall
solution.
3.2 In additon to the above, for Firewall equipment owned by
You:
3.2.1 You must enter into and maintain a hardware support
contract covering all hardware used to implement Your Firewall Care
solution.The contract term must be for at least two years. The
support level of the contract must offer 8 hours per day, 5 days
per week, next Business Day response time;
3.2.2 You must ensure that all system administration and
Firewall passwords will be managed by Us. You will not have access
to Firewall passwords or be able to make direct changes to Firewall
Information. You must request changes by contacting Us;
3.2.3 You must provide all required Firewall hardware and
software as specified by Us in the Supported Platforms Document and
in the Order Form;
3.2.4 You must provide IP addresses for all network connections
to the Firewall, the number of which will be determined by Us;
3.2.5 You must maintain a vendor support contract for all
hardware and software used to implement Your Firewall solution.
Failure to maintain a vendor support contract will result in
cancellation of Our Managed Firewall Service.
3.3 Failure by You to comply with any of the specified above
requirements, singly or in combination, may result in the
cancellation of Your Managed Firewall Service.
4. Fault Management, Monitoring, Reporting and Resolution
4.1 The Managed Firewall Service provides:
4.1.1 Internet Control Message Protocol (ICMP) monitoring, for
example ping monitoring, of Your Firewall to determine platform
availability, 24 hours a day, 7 days a week. In the event that the
Firewall fails to respond, We will notify You via phone or email,
in order to gain approval for, and initiate, corrective
action;
4.1.2 SNMP statistics on Firewall performance are provided to
You. Firewall log files of the previous thirty days, the Firewall's
configuration and graphical statistics on the health of the
Firewall are also provided - all this information is made available
to You via a secure web-based interface; and
4.1.3 Support for Firewall problem resolution and Your
inquiries, 24 hours a day, 7 days a week
4.2 When We detect a problem related to Your Managed Firewall
solution or You report a problem to Us, We will assign a priority
level to the event and respond according to the guidelines
below.
| Priority | Description | Response time and procedure |
|---|
| 1 | Your site down due to Firewall failure | We will open a Fault report and begin work on the issue within
one hour of Your call or problem detection. We will update You
every two hours via Your preferred method (e.g. phone, email) until
the issue is resolved or You decline updates. If We determine
that the Firewall must be swapped with a spare We own, We will
complete the swap within 90 minutes of when We determine the need
to swap the equipment. We will work with You to schedule a time to
permanently replace the failed Firewall. |
|---|
| 2 | Severe impact to performance or compelling change that will
affect Your service | We will open a Fault report and begin work on the issue within
one hour of Your call or problem detection. We will update
You twice per day via Your preferred method (e.g. phone, email)
until the issue is resolved or You decline updates. If We
determine that the Firewall must be swapped with a spare We own, We
will complete the swap within 90 minutes of when We determine the
need to swap the equipment. |
|---|
| 3 | Configuration changes to Firewall information | We will begin work on the change within 16 working hours of
Your request. Our personnel will update You once per day via
Your preferred method (e.g. phone, email) until the issue is
resolved or You decline updates. |
|---|
4.3 If You notify Us of, or We detect, an attack on Your
Firewall, We will use all reasonable endeavours to modify Your
Firewall policy to prevent attacks, provided that We can
readily determine the source IP address of the attack. In many
cases, an attack may require additional investigation to determine
the source and impact, and to implement preventative measures. This
type of service is offered by Our Incident Response (IR) Service,
but is not provided with Our Managed Firewall Service as standard.
Our IR Services must be ordered separately, for an additional
charge.
5. Charges
The following Categories of charges apply to the Managed
Firewall Service.
| service component | Description | charge type |
|---|
| Installation | Installation and basic configuration | NRC |
|---|
| Management | Monitoring and maintenance,configuration changes
(requested by You or initiated by Us and then approved by
You) | MRC |
|---|
The actual charges are shown on the relevant Managed Services
Price List, which is available on request
6. Liability
6.1 Our Managed Firewall is designed to prevent outsiders
from gaining access to private corporate information and will
provide an effective method of monitoring and limiting access.
However, it may not prevent dedicated fraudsters from breaking
their way in, or an employee from gaining unauthorised access to
the Internet or to confidential information stored on the corporate
network
6.2 You should ensure that any highly confidential or valuable
corporate data is not accessible via the Internat. We
will not accept liability for any losses or damage to Your business
or Your data that arise as a result of the Firewall not preventing
unauthorised access. Our Managed Firewall does provide a high
standard of protection and service but no system can claim to be
completely secure.
7. General Terms and Conditions
You should refer to the C&W Data Centre General Terms and
Conditions for additional clauses under each of the above headings
and in particular for the following:
| Special Provision of Service | Use of Service |
| Connection of Equipment to the Service | Accommodadon, Power and Lightning Protection |
| Domain Name | Charged Domain Name |
| The Network | Common Gateway |
| Intellectual Property Rights | Interface |
| Confidentiality | Acceptable Use Policy |
| Export Control | Fault Repair |
| Term of Service | Temporary Service |
| Interconnection | Payment |
| Default | Deposits and Payments in Advance |
| Cancellation | Suspension |
| Call Monitoring and Recording | Termination |
| Security | Information and Permissions |
| Access to Pemises | Complaints and Arbitration |
| Assignment | Copyright |
| Duration and Entire Agreement | Notice |
| Use of Information | Matters Beyond Reasonable Control |
| Severability | Variation |
| Waiver | Law |
Issue 1
August 2003