The URL can be used to link to this page

Home My WebLink AboutFirewallAttachment2_ProfServices STATEMENT OF WORK Project Number: Company: Truckee Donner PUD Fortinet Project Manager/Scoping Engineer: This Statement of Work (“SOW”) is entered into by and between Fortinet, Inc. and Truckee Donner PUD (“Company”), having its principal office at 11570 Donner Pass Road, Truckee CA 96161, pursuant to the terms referenced below as of the date last signed by the parties (“Effective Date”). 1. SCOPE of SERVICES 1.1 The background and scope of this project is as follows: Company has initiated a project with Fortinet Professional Services to replace their existing Cisco ASA 5520 and Nexus 9k with a new FortiGate VM04V. Company will have 2 FortiGate 3700d in HA at two datacenters using Active-Passive. 1.2 During this engagement, Fortinet will perform the following services (the “Services”): Engagement kickoff Meeting Review statement of work Understand network topology and requirements Question and answer FortiGate VM04 VMWare – NAT (2 Datacenters) Update FortiGate VM04 using 6.0.1 build and update to the latest recommended version Review and convert relevant ASA and Nexus 9k configuration consisting of: o 8 physical interfaces o 70 VLAN interfaces o 256 address objects and groups o 100 service objects and groups o 10 NAT rules/objects o 1400 firewall/security policies o 3 Site-to-Site IPSEC VPNs o static routes Configure for high availability operations: o Using high availability mode Active-Passive o Heartbeat and session synch ports port1 and port2 o Group-ID 1 o TCP session pickup o UDP session-less pickup o Test and verify basic HA cluster operations o 1 FortiGate VM at each datacenter Review FortiGate system settings: o Allocated CPU, virtual disks, and memory o Basic IP connectivit y (management interface IP addresses, default route, etc) o DNS integration o NTP integration o Time zone, time, and date Page 1 of 5 Fortinet Statement of Work for Truckee Donner PUD o FortiGuard settings o Product registration, FortiGuard subscriptions, and supplemental entitlement licenses o Admin settings o Admin profiles o Remote authentication service for administration using TACACS+ o Administrator accounts o Management access o VDOM operations Configure relevant converted configuration information update scripts fr om legacy device o Tune and verify physical interfaces o Tune and verify VLAN interfaces o Tune and verify routing o Tune and verify converted address objects and groups o Tune and verify converted services and groups o Tune and verify converted NAT objects and groups o Tune and verify converted firewall policies o Tune and verify converted IPSec tunnels Import configuration information update scripts into FortiGate solution Validate imported FortiGate configuration with client Configure up to 5 AV profiles and settings using default file size and scan levels o Configure FortiSandbox integration o Configure heuristic mode operations o Configure AV database extended o Configure gray-ware scanning options o Configure botnet scanning operations Configure up to 5 Application profiles using FortiGuard categories to: o Monitor o Block Configure up to 5 IPS profiles using FortiGuard signatures based on FortiGuard risk levels and actions o Configure IPS database to user extended SCADA electric and water signatures o Adaptive scanning operations o Rate based scanning operations Configure 1 SSL inspection profiles using imported local ca certificate Configure and import certificates for global deep packet inspection Configure 1 proxy option profile for traffic inspection Apply relevant security profiles to firewall policies Configure and optimize logging for a FortiAnalyzer VM Configure centralized device management with FortiManager VM Configure and customize replacement messages for: o Virus block page o Captive portal page Review and validate implemented configuration with customer Assist in after-hours migration to FortiGate solution Test and tune FortiGate solution as needed Knowledge transfer of all work performed Forti Analyzer VM VMWare Review FortiAnalyzer VM using 6.0 and update to the latest recommended version Review FortiAnalyzer system settings: o Allocated CPU, virtual disks, and memory o Basic IP connectivit y (management interface IP addresses, default route, etc) o DNS integration o NTP integration o Time zone, time, and date o FortiGuard settings Page 2 of 5 Fortinet Statement of Work for Truckee Donner PUD o Product registration, FortiGuard subscriptions, and supplemental entitlement licenses o Admin settings o Admin profiles o Administrator accounts o Management access o Analyzer mode operations Configure log file size rolling Configure mail server integration Configure and register up to 2 devices Configure storage quotas for FortiGates Configure up to 5 report auto-generation schedules Configure and tune up to 5 built-in reports using built-in SQL queries, tables, and m acros: o Threat Report o Bandwidth Consuming o User Reports o Application usage o IPS Report Configure auto-report generation schedule and email distribution Configure up to 5 event handlers for: o IPS Medium, High, and Critical o Antivirus Event o System Resources o Admin login successful/failed o Interface Status Event alerting using email Test and verify functionality Knowledge transfer of all work performed FortiManager VM VMWare Review and update FortiManager VM using 6.0 and update to the latest recommended version Review FortiManager system settings including: o Allocated CPU, virtual disks, and memory o Basic IP connectivit y (management interface IP addresses, default route, etc) o DNS integration o NTP integration o Time zone, time, and date o FortiGuard settings o Product registration, FortiGuard subscriptions, and supplemental entitlement licenses o Admin settings o Admin profiles o Administrator accounts o Management access Import device, object, and polic y configuration from up to 2 devices Discuss and review global polic y operations for header and footer policy and object application Assist in simple policy package and device settings changes to verif y functionality Test and verify functionality Knowledge transfer of all work performed Work Complete and Sign Off Knowledge transfer of all work performed Answer any post implementation questions Obtain work complete and sign off 1.3 The following are expressly not within the scope of Services and this SOW : Page 3 of 5 Fortinet Statement of Work for Truckee Donner PUD Configuration of non-Fortinet equipment 2. PROJECT LOGISTICS Fortinet’s anticipated length of the engagement is 10 days remote support Fortinet’s anticipated staffing of this engagement is one Professional Service Engineer All work will be performed remotely 3. COMPANY RESPONSIBILITIES, DEPENDENCIES & KEY ASSUMPTIONS 3.1 Through experience, Fortinet has learned that the quality of its Services is greatly impacted by Company participation. Accordingly, Company provides all information, support, approvals and resources needed by the Fortinet team in a timely fashion to successfully complete the engagement. More specifically, but without limiting the foregoing, Company will be responsible for: Providing an onsite technical resource to provide systems access and remote hands as needed. Existing network diagram containing networks/devices in scope with IP addresses and interfaces defined and labeled Providing acceptance test plan Arranging and complying with Company maintenance windows and processes 3.2 In addition, Fortinet’s ke y assumptions in staffing, scheduling, scoping, and pricing this engagement are as follows: Quoted days will be delivered consecutively Per Day is defined as (up to and not to exceed) 8 consecutive hours per day Services are delivered in 1 day increments only, scheduling of any work on any day constitutes a day of Professional Services delivery even when scheduled work is less than 8 hours Unless specifically stated on the SOW and accompanied by the order of “afterhours add-on SKU’, all services shall be delivered during local standard business hours 4. DELIVERABLES The final work product(s) (“Deliverables”) for this engagement are as follo ws: As per section 1.2 of this agreement 5. ESTIM ATED LEVEL OF EFFORT Time and materials: For clarity, to perform the Services as set forth herein, Compan y must properly purchase the Services through a Fortinet authorized partner. Terms of purchase, including pricing, payment, and other procurement terms shall be negotiated independently between Company and the Fortinet authorized partner. Page 4 of 5 Part Number Description: Amount 877 corporate way fremont, ca 94539 510-490-9522 fax: 510-490-1679 inføbond, inc. Quote No:13835 Rev: TO: Trey Griffin Date:7/6/18 Valid:30 Days Truckee Donner Public Utility District By: 11570 Donner Pass Road William Yragui Truckee CA 96161 Terms:Net 30 Days PH:530.582.3919 FX:F.O.B.:Origin www.infobond.com UNIT EXTENDEDQTYPART NUMBER DESCRIPTION PRICE PRICE 1 SVC-T&M Remote Configuration Support $16600.00 $16600.00 $16600.00Total Amount inføbond confidential & proprietary document for addressee only. Shipping, Handling Charges and Tax associated with sale will be added when invoiced.