The URL can be used to link to this page

Home My WebLink AboutDocumentation_Regular_Tab 08_12/13/2018 ;�: �.`' �`�'�.. �,��, ��x: o To:Jim Weinand From: Brad Gomberg Date: 11/7/2018 Re: Firewall Replacement Mr. Weinand, Our current firewall hardware is over 10 years old and recently went EOL(end-of-life) on September 30tn of this year.The lack of available direct support options, in addition to advances in security through new technology is driving force in replacing the existing hardware.You will find the attached request to approve the purchase of a new, highly available (redundant) Cisco Firepower firewall solution in addition to all applicable security and management products required to secure the Village's network infrastructure.Although it is the highest bid, I recommend awarding the project to CDW-G.The CDW-G portfolio of work in this space cannot be undervalued, and they have included a high level engineer whose experience and knowledge will be critical in providing the most secure configuration. In addition, I believe their scope of work to be the most thorough and accurate representation of the work required to complete the job. $50,000 was budgeted in the current fiscal year for this item. Proposals: CDW- $48,060.41 (Recommended) SHI - $43,679.74 PCS- $39,913.46 Thank you, Brad Gomberg- IT Director � PEOPLE uwHo Cisco Firepower Management Center GET IT Prepared For:VILIAGE OF TEQUESTA Brad Gomberg CDW AM:Rob Sullivan 561.575.6235 Contact:g65,zq5.8105 Quote:390G6539 oqomo�:^�atea�esta.orq emaii: robesulCa�cdwe.com io/i9/Zois � �- 1 SF-FMC-VMW-2-K9 Gsm Firepower Management Center,(VMWare)for 2 devices $ 500.00 $ 254.40 5 254.4� 1 CON-ECMU-SFMMCVWK SWSSUPGRADESCiscoFirepowerManagementCenter,�VMWa $ 100.00 5 81.62 5 $1.62 1 CON-ECMUS-SFMMNWK SOLN SUPP SWSS Cism Firepower Management[enter,(VMWa $ 120.00 5 97.94 5 97.94 50 L-AC-PLS-LIC= Cism AnyConnect Plus Term License,Total Authorized Users $ - $ - 50 L-AC-PLS-lY-Sl Cisco AnyConnea Glus License,lYR,25-99 Users $ 6.00 5 3.05 5 152.64 1 FPR2120-FTD-HA-BUN Cissm FireOeM'er 21207hreat Defense Chss,Subs HA Bundle $ - $ - 2 FPR2120-NGFW-K9 Cism Firepower 2120 NGFW Appliance,lU $ 19,995.00 $ 10,ll3.46 $ 20,346.91 2 CON-SSSNT-FPR2IGFN SOWSUPP8X5%NBDCiScoFirepower2120NGFWAppliance,lU S 2,240.00 S 1,828.29 s 3,656.58 2 SF-F2K-TD6.2.3-K9 Cism firepower 7hreat Defense sokware v6.2.3 for FPR2100 $ - 5 - 2 FPR2K-SSD100 Firepower 2000 Series SSD for FPR-2110/Il20 5 - $ - 2 FPR2K-SSD-BBLKD Firepower 2000 Series SSD Slot Carrier 5 - $ - Z CAB-AC AC Power Cord(North America�,C13,NEMA 5-15P,2.1m $ - $ - 2 FPR2K-SSD100= Firepower 20005eries SSD for FPR-2110/2120 $ 1,050.00 $ 534.24 $ 1,06$.4$ 2 FPR2K-SSD-BBLKD= Firepower 2000 Series SSD Sbt Carrier 5 125.00 5 63.60 $ 127.20 2 L-FPR2120T-TMC= Cism FPR2120 7hreat Defense 7hreat,Malware and URL License $ - S - 2 L-fPR2120T-TMCQY Cism FPR2120Threat Defense Threat,Malware and URL 1VSu6s $ 7,650.00 $ 3,89232 5 7,7$4.64 Grand Total: 533,570.41 Crices are Jor informationol purposes only and are subjec[to change wi[hout notice. Gnces at quoted ore volid Jor Ten Ooys aJter propowl dote. Frices ore contingent on final pncing opprovol Jrom Man�Rurer Quate provided based on specification provided b y customer.No workload volidation Iros been done. The[erms and condiHons provided on this link oppty:http://www.cdw.com/content/terms-conditions/defauM.ospx Applicable Taxes ond Shipping not shown. CDW Confidential Page 1 of 2 � � STATEMENT OF WORK Project Name: Tequesta Firepower Install Seller Representative: Customer Name: VILLAGE OF TEQUESTA Robert Sullivan CDW Affiliate: CDW Government,LLC. 8662458105 robesul@cdwg.com Date Requested: October 22,2018 Solution Architect: Seller Services Mana er: Annette Ditter Michael Lane Version: 1 This statement of work("Statement of Work"or"SOW")is made and entered into on the date this SOW is signed by both parties (the "SOW Effective Date") by and between the undersigned, CDW Government, LLC. ("Provider","Seller"and"we")and ViLLAGE OF TEQUESTA("Customer"and"yod'). PROJECT DESCRIPTION PROJECT SCOPE Customer currently utilizes a pair of ASA 5510 Firewalls and an Untangle Security Appliance to provide Intemet security. Seller will provide professional services to assist with migrating Customer's Cisco ASA 5510 to Cisco Firepower Threat Defense (FTD) 2120 Series Appliances. As part of this project, Seller will perform the following tasks: • Review existing configuration of the ASA 5510 • General configuration of 2 Cisco FTD 2120 appliances • Design and configuration of Firepower Management Console(FMC) o Set the hostname,password,domain name,DNS,date and time o Configure Management iP o Configure the Firepower Management Console for reporting,and policy configuratioa of the FTD o Configure FMC communications with FTD Appliances o Configure Multiple Domain Management o Configure the Firepower Management Console for visibility into other data feeds o Configure High Availability Appliances o Firepower Threat Defense(FTD)Appliance Configurations • Configuration of Routed Mode ■ Configuration of Management Interface ■ Configuration of Physical or Logical Interfaces—up to 6 • Configuration of Security Zones—up to 3 ■ Configure High Availability based on design specifications ■ Configure Routing ■ Configuration of NAT/PAT addressing policies to reflect connectivity requirements Page 1 Proprietary and Confidential CDW, LLC. Version: 1 Contract Number: 38476 Draftcd by: ■ Configuration of Access Control Policies ■ Configuration of any IPSec andlor SSL VPN connecrivity requirements • Configure ISAKMP policies and enable ISAKMP on appropriate interfaces • Configure IPSec transform sets and crypto maps • Configuration of SSL AnyConnect client VPN services o Generate CSR for SSL Certificate o Install 3rd Party Certificate o Install AnyConnect Licenses o Configure(4)RA Group Policies • ADMIN • FIRE ■ TEQUESTA ■ POLICE o Integration Authentication to Active Directory for User VPN o Create RA IP Pools for each group o Create full tunnel or split tunnel policy • Test VPN Connectivity based on Customer Use-Cases o Configure Network Discovery Policy to identify hosts,servers,applications,users,and network devices o Configure IPS Inspection Policy o Configure Application Visibility and Control(AVC) o Configure URL Filtering policy o Configure AMP for Networks anti-malware file policy o Configure a User Access Policy • Analysis and basic tuning of the Firepower Services in effort to mitigate false positive events and to effectively position intrusion prevention within the relevant environment o Basic configuration of the Firepower connection events(i.e.logging,IP logging,dropping,etc.) o Configuration and basic tuning of whitelists,blacklists,and application identification o Configuration and basic tuning of the Signature Definitions;turning on/off signatures categories relative to Customer's network environment based upon Firepower recommendations from the Network Discovery Policy PROJECT PLAN PLANNING The planning phase consists of the following: • Project KickofF—The project teatn will be chartered and staff will be assigned to project roles.The team will review Customer's needs,discuss/revise the project scope and assumptions,and finalize logistical details. • Inventory Hardware—Seller staff will inventory,document,and hardware power-on test. Issues with faulty hardware,as well as inventory discrepancies,will be identified and resolved. • Project Planning—Members of the project team will develop a detailed project plan and test plan for the Firepower Threat Defense Services deployment. DESIGN Page 2 Proprietary and Confidential CDW,LLC. Version: 1 Contract Number:38476 Drafted by: Seller will conduct a detailed design session with the project team. The goal of this design session is to identify and address architectural, security, and device management requirements. The design phase consists of the following sub-phases: • Analysis—Seller and Customer technical staff wili work together to: o Review network architecture,technical specifications,and VPN requirements o Analyze hardware configuration o Review industry best practices in order to develop baseline design information. • Network Design—Seller staff will lead an effort to: o Develop the final design o Identify all security zones on the network o Map security zones to physical and virtual interfaces o Design communication between Firepower Management Console and Firepower Appliances o Design site-to-site and remote access VPN considerarions o Design SSL VPN considerations • Documentation—Seller staff will document and diagram the Firepower Threat Defense Services design, including VPN. STAGING The process for staging,configuring and testing the Firepower Threat Defense Appliances can be further detailed as follows: • Upgrade FTD Software to meet the standards specified in the design phase • Install Firepower Management Console in the VMware o Download latest Security Intelligence and vulnerability database updates o Install User Agent on a Domain Member computer and ensure User and Group information is populated in the Firepower Management Console • Build the FTD Appliance configuration to the specifications documented in the design phase,including: o Firewall security zones o Firepower connectivity to Firepower Management Console o Apply initial Network Discovery Policy and Access Control Policy o VPN configuration • Execute the test plan developed during the planning phase to ensure proper design and configuration FIREPOWER THREAT DEFENSE IMPLEMENTATION The process for implementing the Firepower Threat Defense can be further detailed as follows: • During a scheduled change period,the Firepower Threat Defense Appliances will be placed into production. • Seller will work with Customer to perform application testing to validate the implemented firewall policy developed in the design phase of this project. • Remote User VPN connectivity will be tested • Site to Site VPN connectivity will be tested • Next-Generation Services(IPS/AVC/AMP/URL)will be placed in promiscuous mode to allow for Network and Application discovery Page 3 Proprietary and Confidential CDW,LLC. Version: 1 Contract Number:38476 Drafted by: The Seller will provide day one support on the first production day following the cutover. • During day one support,the network discovery informarion will be reviewed and conected to account for the customer's unique environment • An initial IPS policy in"alert,don't block"configuration will be appiied to begin crearing a tuned ruleset based upon the initial network discovery informarion • An initial URL filtering policy will be applied for web browsing and reporting • An initial File Policy will be created to identify potential malware being transferred across the network or identify any infected hosts via the Security Intelligence information • Applicarion Visibility and Control(AVC)rules will be created using the identified applications in the Firepower Management Console's application maps Seller will perform Two (2), Four (4) hour Firepower tuning sessions following the first day of support for the firewall implementation. The first tuning session will be scheduled between one (1) and two (2) weeks after the initial Firepower promiscuous deployment. Seller will work with the customer to review the events collected and tune the full solution. Any identified malware, IPS events and AVC connecrion events will be investigated and custom workflows for the customer will be created. The second Firepower tuning session will be performed within two (2) weeks of the first tuning session and not exceeding thirty (30) business days from the initial deployment. Inspection policies will be reviewed and tuned, custom reports scheduled,administrative access controls implemented and final configuration of event norifications. If a malware outbreak is identified Seller will assist Customer in identifying and remediating the infected hosts. If the outbreak is determined to be severe and Customer wishes Seller assistance with remediation a Change Order may be required for additional remediation efforts. Seller will provide first day of support after tuning sessions and IPS implementation changes for the Firepower Services. KNOWLEDGE TRANSFER Seller will provide up to 4 hours of knowledge transfer for the Firepower Management Console interface. Topics include operational tasks,managing security policies and updates. PROJECT CLOSURE This phase signifies the end of the project. All services in the Description of Services section of this document are completed and all items to be provided are received by Customer. CUSTOMER RESPONSIBILITIES Customer is responsible for the following: 1. Provide a 4 hour maintenance window to allow for the cutover to the FTD solution. 2. Configuration of theu LDAP environment when integrating with the FTD solution.Seller will provide guidance on the required configurarion for integration. 3. Customer will provide documentation for required connectivity through the firewall that includes source LP, destination IP,port,protocol information,and network address translation requirements.If traffic analysis Page 4 Proprietary and Confidenrial CDW,LLC. Version: 1 Contract Number:38476 Drafted by: is required to determine the appropriate connectivity information;it may result in a revision of the services estimate. 4. Customer is responsible for all change control procedures and notifications that are necessary for the performance of this project. 5. Customer is responsible for racking,cabling,and powering of all equipment 6. Customer is responsible for application testing to be performed during cutover(s). 7. Customer will provide full access to all network devices to Seller. 8. Customer is responsible for any additional hardware,software,certificates,and Smart licenses that are required for installation. 9. Customer is responsible for providing a supported virtualization environment for any Firepower components that aze to be virtualized. 10. Customer is responsible for interpreting firewall configuration or provide a resource who is familiar with the e�tisting solution 11. Customer will provide at least one(1)domain member computer for installation of the User Directory Agent to allow for user policy creation. PROJECT ASSUMPTIONS 1. Customer will provide Seller staff with appropriate physical and network access to implement configurations defined in this statement of work. 2. There is adequate power,UPS,rack space,and network connectivity for the devices included on the bill of materials 3. For the Firepower services,Seller will configure up to: a. 6 Access Control policies b. 4 LPS and Application Visibility policies c. 2 Application rules per security policy d. 2 File policies e. 2 URL policies f. 2 DNS Inspection and Sinkhole policies 4. Training documentation is not part of this project. 5. For Migration Deployments: a. Firewall configurations will be migrated`as-is'. b. Migrations may be manual and/or use Cisco's FTD Firewall Migration Tool. ***Note—Cisco's FTD Migration Tool only supports Cisco ASA code 9.1+and only migrates limited features within the configuration*�`* c. In addition,Seller will configwe no more than 9 Interfaces/Zones. d. In addition,Seller will configwe no more than 75 Security Policy Rules. e. In addition,Seller will configure no more than 50 Network Address Translation(NAT)or Port Address Translation(PAT)entries. f. In addition,Seller will configure no more than 3 SSL VPN Profile Policies. g. In addition,Seller will configure no more than 3 LAN-to-LAN VPN tunnels. 6. Migration of URL policies from Untangle security appliance are best effort only 7. Customer understands that Cisco FMC has limited log retention capability and Setler is not responsible for log retention OUT OF SCOPE Page 5 Proprietary and Confidential CDW,LLC. Version: 1 Contract Number:38476 Drafted by: Tasks outside this SOW include,but are not limited to: 1. Configuration of any other network equipment not directly related task of implementing the Firepower services and configuring required services.Within scope are minor changes to existing network infrastructure that may need to occur to accommodate required services,such as VLAN configurations, routing,and AAA(authentication,authorization,accounting)services. 2. Racking,cabling,and powering hardware equipment 3. Advanced IPS tuning beyond normal Firepower tuned recommendations. 4. Custom IPS signature creation. 5. Custom Open-App ID creation. 6. Firewall Configuration Cleanup and Optimization 7. Certificate distribution of certificates or configuration of existing PKI solution 8. Migration of URL policy from Untangle appliance Services not specified in this SOW are considered out of scope and will be addressed with a separate SOW or Change Order. ITEM(S� PROViDED TO CUSTOMER Table 1 —Item(s)Provided to Customer Item Description Format Design and As-Built A detailed desigr► and as-built document including any PDF Document Firepower Services and/or VPN services Network Diagram Diagram of logical and physical connectivity Visio PROJECT MANAGEMENT Seller will assign a project management resource to perform the following activities during the project: • Kickoff Meedng. Review SOW including project objectives and schedule, logistics, identify and confirm project participants and discuss project prerequisites. • Project Schedule or Plan. A project schedule that details tlie schedule and resources assigned to the project. • Weekly Status Meetings and Reports. Stattis meetings will be conducted on a weekly basis.During these meetings, Seller and you will discuss action items,tasks completed tasks outstanding, issues and conduct a budget review. • Change Management. When a change to a project occurs,Seller's project change control process will be utilized. • Project Closure Meeting.The project team will meet to recap the project activities, provide required documentation,discuss any next steps,and formally close the project. PROJECT SCHEDULING Customer and Seller, who will jointly manage this project, will together develop timelines for an anticipated schedule ("Anticipated Schedule") based on Seller's project management methodology. Any dates, deadlines, Page 6 Proprietary and Confidential CDW, LLC. Version: 1 Contract Number: 38476 Drafted by: timelines or schedules contained in the Anticipated Schedule, in this SOW or otherwise,are estimates only, and the Parties will not rely o�them for purposes other than initial planning. TOTAL FEES The total fees due and payable under this SOW ("Total Fees") include both fees for Seller's performance of work ("Service Fees") and any other related costs and fees specified in the Expenses section (`Expenses"). Unless otherwise specified,taxes will be invoiced but are not included in any numbers or calculations provided herein. Seller will invoice for the Total Fees. SERVICES FEES Services Fees will be calculated on a T[ME AND MATERIALS basis. The invoiced amount of Services Fees wi11 equal the rate applicable for a unit of a service or resource("Unit Rate") multiplied by the number of units being provided("Billable Units")for each unit type provided by Seller(see Table 2). The Total Estimated Services Fees of$14,490.00 is merely an estimate and does not represent a frxed,fee. Neither the Total Estimated Billable Units of 71 nor the Total Estimated Services Fees are intended to limit the bounds of what may be requested or required for performance of the Services. Table 2-Services Fees Unit Type Unit Rate Billable Units Subtotal Sr. Security Engineer -Per Hour $200.00 56 $11,200.00 Sr. Security Engineer OT-Per Hour �300.00 4 $1,200.00 Associate Security Engineer �I 50.00 0 $0.00 Project Manager-Per Hour $190.00 11 $2,090.00 Project Manager OT-Per Nour $285.00 0 $0.00 ProjectAdmin $I50.00 0 0.00 Estimated Totals 71 $14,490.00 The rates presented in Table 2 apply to scheduled Services that are performed during Standard Business Hours (meaning 8:00 a.m. to 5:00 p.m. local time, Monday through Friday, excluding holidays). When Seller invoices for scheduled Services that are not performed during Standard Business Hours,Services Fees will be calculated at I50% of the Unit Rates. For any unscheduled (i.e., emergency) Services performed at any time of the day, Services Fees wi(1 be calculated at 200%of the Unit Rates. Any non-Iiourly Units will be measured in one(1) unit increments when Services are performed remotely or at any Customer-Designated Location(s)(as defined below). EXPENSES When Seller's personnel are located more than 60 miles from the Customer-Designated location,travel charges will apply. Seller will invoice Customer for the time Seller's personnel spend traveling to andlor from the Customer- Page 7 Proprietary and Confidential CDW,LLC. Version: 1 Contract Number: 38476 Drafted by: Designated Location(s) (or otherwise, as necessary) at a rate of$85/hour, Seller will make efforts to schedule appropriate personnel from Seller's offices located nearest to the Customer-Designated Location(s) in order to minimize such expenses. Seller's ability to do so may depend on various factors (e.g., specialized project skills needed,personnel availability,and changes to,or challenges inherent in,the Anticipated Schedule). Seller will invoice Customer for Seller's reasonable, direct costs incurred in performance of the Services. Direct expenses include, but may not be limited to: airfare, lodging, mileage, meals, shipping, (ift rentals, photo copies, tolls and parking. Seller will charge actual costs for these expenses. Any projected expenses set forth in this SOW are estimates only. Two(2)weeks' advance notice from Customer is required for any necessary travel by Seller personnel. CUSTOMER-DESIGNATED LOCATIONS Seller will provide Services benefiting the locations specified on the attached Exhibit ("Customer-Designated Locations"). NOT FOR SIGNATURE THIS DOCUMENT IS A DRAFT INTENDED ONLY FOR USE [N THE REVIEW OF TEXT APPLICABLE TO A POSSIBLE SERVICES ENGAGEMENT. IT DOES NOT CONSTITUTE A CONTRACT OR A PROPOSAL FOR A CONTRACT. THE CONTENT OF THIS DOCUMENT, AS IT MAY BE NEGOT]ATED BY THE PARTIES, IS iNTENDED TO BE INCORPORATED INTO A STATEMENT OF WORK, WHICH WILL INCLUDE OTHER PR�VISIONS AND WHICH WILL BE GOVERNED BY ADDITiONAL TERMS AND CONDITIONS. A PARTY'S SIGNATURE OR OTHER INDICATION OF APPROVAL ON OR RELATED TO THIS DOCUMENT SHALL HAVE NO BINDING OR CONTRACTUAL EFFECT. Page 8 Proprietary and Confidential CDW, LLC. V ersion: 1 Contract Number: 38476 Drafted by: EXHIBIT A. CUSTOMER-DESIGNATED LOCATIONS Seller will provide Services benefiting the following locations("Customer-Designated Locations"). Table I —Customer-Designated Locations Location(s) Service(s) Village of Tequesta ❑ Assessment ❑✓ Implementation ❑ Support 345 TequeSta Dr, Tequesta, FL Q✓ Configuration Q Project Management ❑Training 33469 ❑✓ Design ❑ StaffAugmentation ❑Custom Work Page 9 Proprietary and Confidential CDW,LLC. Version: l Contract Number: 38476 Drafted by: -- - Sales Quote Q55017. 10/24/18 '', - _ __ _ Sales Rep __ CRIENHARDT ' simplify with technology , . _., Quote Prepared For - , .;��. _ 4937 SW 75 Ave,Miami, FL 33155 Brad Gomberg Ph:305-667-0633 Fax:305-667-0618 Customer Ship To Village of Tequesta Vllage of Tequesta Line# Part Number Description Qty Unit Price Extended Price 1 —------ -- ----- ----- -- —-- 2 VILLAGE OF TEQUESTA-FIREWALL REFRESH-CISCO FIREPOWER 3 4 SF-FMGVMW-2-K9 CISCO FIREPOWER MANAGEMENT CENTER,(VMWARE)FOR 2 1 $260.10 $260.10 DEVICES 5 CON-ECMUSSFMMCVW SOLN SUPP SWSS CISCO FIREPOWER MANAGEMENT CENTER, 1 $96.70 $96.70 K (VMWA -- - _- --- - ... 6 L-AGPLSLIG- CISCO ANYCONNECT PLUS TERM LICENSE,TOTAL 50 $0.00 $0.00 AUTHORIZED USERS 7 L-AGPLSIY-S1 CISCO ANYCONNECT PLUS LICENSE, 1YR,25-99 USERS 50 $3.06 $153.00 8 FPR212aFTD-HA-BUN CISSCO FIREPOWER 2120 THREAT DEFENSE CHSS,SUBS HA 1 $0.00 $0.00 BUNDLE 9 FPR212aNGFV�K9 CISCO FIREPOWER 2120 NGFW APPLIANCE, 1U 2 $10401.40 $20802.80 10 COf�SSSNT-FPR2IGFN SOLN SUPP 8X5XNBD CISCO FIREPOWER 2120 NGFW 2 $1804.99 $3609.98 APPLIANCE, 1 U 11 CA&AC AC POWER CORD(NORTH AMERICA),C13, NEMA 5-15P,2.1 M 2 $0.00 $0.00 12 SF-F2K-TD62.�K9 CISCO FIREPOWER THREAT DEFENSE SOFTWARE V6.2.3 FOR 2 $0.00 $0.00 FPR2100 13 FPR2K-SSD100 FIREPOWER 2000 SERIES SSD FOR FPR-2110/2120 2 $0.00 $0.00 14 FPR2K-SSaBBLKD FIREPOWER 2000 SERIES SSD SLOT CARRIER 2 $0.00 $0.00 15 L-FPR2120T-TMC= CISCO FPR2120 THREAT DEFENSE THREAT,MALWARE AND 2 $0.00 $0.00 URL LICENSE 16 L-FPR2120T-TM1AGIY CISCO FPR2120 THREAT DEFENSE THREAT,MALWARE AND 2 $3745.44 $7490.88 URL 1Y SUBS 17 18 PCSINST�O INSTALLATION SERVICE 16 HOURS ON-SITE AND 24 HOURS OF 1 $7500 00 $7500.00 REMOTE CONFIGURATION AND DESIGN SUPPORT/DAY 0 SUPPORT. 19 20 QUOTE PREPARED BY: CHRIS RIENHARDT CRIENHARDT@PCSUSA.NET 786-408-2635 21 22 CISCO STATE OF FLORIDA CONTRACT NASPO;NVP#AR233 o.000� So.00 (14-19)PARTICIPATING ADDENDUM FOR FL #43220000-WSCA-14ACS CONTRACT START DATE:9H7/2014 CONTRACT END DATE:5/31/2019 23 - 24 GROUND SHIPPING IS NO CHARGE Page 1 Sales Quote Q55017 10/24/18 Sales Re i CRIENHARDT simplify with technology _ _ , r y �, Quote Prepared For 4937 SW 75 Ave,Miami, FL 33155 Brad Gomberg Ph:305-667-0633 Fax:305-667-0618 Customer Ship To Vllage of Tequesta Vllage of Tequesta Line# Part Number Description Qty Unit Price Extended Price SubTotal Tax Ground Shipping Total - - - - — _ ' $39,913.46 $0.00 ' $0.00 I $39,913.46 -- -- _- -- __ Terms 8 Conditions It is untlerstood that PC Solutions&Integration,Inc.will retain title to all items stated above until the total purchase pnce of this order is paid.Failure by customer to pay for this order in full untler the tertns shown on this document shall give PC Solutions&Integration,Inc.the nght to repossess the items stated above,with or without notice,and without liability to customer.If payment is not recieved when due.customer agrees to pay interest at the ra[e of 1.5%per month.If collection becomes necessary on this purchase,then customer agrees to pay all costs of collections.inGuding but not limitetl to.reasonable attomey's fees and court costs. Cusromer further agrees that any and all legal matters related to this ortler are govemed by the laws of the State of Flontla.County of Miami-Datle.No warranty is made by PC Solutions&Integretion,Inc.for any of the items stated above.and there is no warianty of inerchantability or fitness for any particular pu�pose.PC Solutions 8 Integration.Inc.is no[liable/nor responsible under any circumstances for data. �uote pnce may change without notice. ANY PRICING INFORMATION INCLUDED HEREIN IS FOR QUOTATION PURPOSES ONLY AND ALL PRODUCTS ARE SUBJECT TO AVAILABILITY FROM THE MANUFACTURER. "'REBATES AND SPECIAL PRICING ARE NOT VALID ON BACK ORDERS IF PROMOTION EXPIRES BEFORE PRODUCT IS AVAILABLE.'*' Page 2 - --� simplify with technology SCOPE OF WORK Client Name/Location Prepared by Date prepared Village of Tequesta Jim Strain 10/30/18 Project Descnption This project is for a single site installation of Two Cisco Firepower Next Generation Firewalls (NGFW) in a HA, Active/Passive Configuration. These units are new, with NGFW features that will be done by PCS using the existing Cisco firewall policies by converting them when possible to Application based Layer-7 policies This Scope of Work(SOW) describes the services to be performed by PC Solutions � Integrations, Inc, (PCS). The Services are intended to assist the customer with the implementation, configuration, and knowledge transfer for certain hardware and or software products as follows. Overview This project is for a single site installation of Two Cisco Firepower Next Generation Firewalls (NGFW) in a HA, Active/Passive Configuration. These units are new, with next generation features far more advanced than the present Cisco ASA stateful fi rewa I I. All pertinent configuration will be replicated from the existing Cisco firewall solution to the Cisco NGFW platform. This includes but is not limited to; Security policies, NAT Rules, VPN both site-to-site and remote access, Routing both static and dynamic, Authentication via RADIUS for firewall management and remote VPN access, QoS policies if present, ie voice maps, dhcp pools for remote users and Network objects. After firewall cutover PCS will monitor all traffic flowing thru the firewall during testing by Village of Tequest to validate the following: • Traffic is being permitted and blocked by the correct Security Policies • Traffic is being NAT'ed by the correct NAT Policy `�There is nothina more important than our customers" 4937 SW 75 Avenue, Miami, FL 33155 Phone: 305-667-0633 Fax: 305-667-0618 www.pcsusa.net simpl f�j w��th techrology • QoS is applied to the correct interfaces and allocated to the correct CoS, Class of Service • Site-to-Site VPN's are established and passing traffic as expected • Remote access VPN is functioning as expected PCS will always follow Cisco and SANS Institute, SysAdmin, Audit, Network and Security "best practice" recommendations. If any configuration or practice currently employed by Rollins College violates "best practice" recommendations PCS will note this exception with Rollins College for a decision. Exceptions, if any to "best practice will be noted in the project close out documentation. Install Site • Customer Name - Village of Tequesta • Address - 345 Tequsta Drive • Address -Tequesta, FL 33469-0273 Contact • Name - Brad Gomberg • Address - Same as above • Number- 561-768-0554 • email - bgomberg(a�tequesta.orq PCS will perform the following services and activities described in the Implementation Phase. These services,activities, and responsibilities characterize the full set of installation deliverables for this project, thus constitutes a working agreement between PCS and the Customer. • This scope-of-work lists major components. All non-disruptive installation labor will be done during business hours. • Cutover is normally Monday- Friday starting after business hours, assumed to be 5:00 - 7:00 pm. a. The final Cut over date and time will be determine by the PCS Project Team and the customer. `There is nothina more important than our customers" 4937 SW 75 Avenue, Miami, FL 33155 Phone: 305-667-0633 Fax: 305-667-0618 www.pcsusa.net � s�mpPf��w��th techrology • Exact scheduling will be determined with the customer but the install will be done during a continuous period until completed. Changes to or delay of this schedule (once determined) may result in additional labor costs and Project Management time added via Change Order. • A PCS project team member will review the complete SOW with the customer to assure that all items are understood and provide additional discovery prior to contract presentation. This is done to assure that all customer expectations are met and there are no threatening conditions. • The Implementation Engineer or project manager will provide equipment installation specifications (space, power and grounding) and the customer will be responsible for assuring the space is ready. a. Grounding is a critical item and should be verified by the customer's electrical staff. b. Improper grounding can stop a cutover and make troubleshooting impossible until rectified. c. Any site not ready issues that cause additional cost due to resource rescheduling and management may be chargeable via Change Order. • End User Knowledge Transfer will be performed onsite or remotely for one Customer System Administrator. • The PCS Project Team will develop precise installation, testing and cutover plan when on site with the customer. The customer is advised that there will be an out of service period and should develop an emergency communications plan. The PCS Project Team will schedule all resources during the initial project planning phase. Any subsequent change of critical milestone dates or in-service date may result in unavailability of resources. Project Management PCS will designate a Project Manager or Implementation Engineer to be responsible for overseeing the project. The PCS Project team will be the single point of contact (SPOC) for all issues related to system implementation. The SPOC will direct implementation to support installation and the scheduled in-service date. The PCS Project Team will • Conduct formal project meetings to set mutual expectations regarding the implementation of the new communications system and its adjuncts. • Create and maintain project plan and milestone schedule. • Provide environmental specifications to Customer. • Coordinate equipment delivery and inventory management • Manage change request process. • Schedule resources. • Conduct routine project status meetings. • Jointly develop test plans with customer for post cutover testing `�There is nothina more imaortant than our customers" 4937 SW 75 Avenue, Miami, FL 33155 Phone: 305-667-0633 Fax: 305-667-0618 www.pcsusa.net simplify with technology • Conduct project closure meeting Project Control To effectively determine the degree to which the project plan is being met, the PCS Project Team will follow a plan to control and manage the Customer's project through a communication plan, change control, and variance management. • As part of the communication plan the PCS Project Team and the Customer will jointly establish the time and frequency for status meetings (or conference calls),document meeting results,and distribute meeting notes, including action items. For effective scheduling and cost control, progress measurements will start as the project begins and continually utilized throughout to measure the performance of the project. • The project roadmap provides a baseline from which to judge progress, comparing planned activities, in-progress activities, and the actual completion of those activities. • The PM will identify variances to plan and act to correct or limit it impact on the project. • The PCS Project Team will utilize a change control strategy to identify and document changes to the original scope. • The Project Team will screen and assess the impact of the change on the project timelines, obtain client approval, implement the change if required, and maintain a log of all change requests and their treatment. Customer Responsibilities • Designate a single point of contact for the PCS Project Manager to work with on the project • Provide access to site and equipment as appropriate • Provide environmentals that meet or exceed manufacturer specified conditions • Customer to actively participate in execution of test plan • Meet all project deliverables on time to keep project on-track • Provide required information for PCS engineers to perForm the installation • Provide LAN information necessary, Ethernet ports, IP Addresses and other nefinrork information for successful integration of the solution into existing network if applicable `�There is nothina more imaortant than our customers" 4937 SW 75 Avenue, Miami, FL 33155 Phone: 305-667-0633 Fax: 305-667-0618 www.pcsusa.net _.�,Y s;r-�pLfy w th techroloyy • Customer is responsible for disposition of any disconnected equipment, unless removal or trade-in is specifically negotiated as part of the contract • Customer will be responsible for any network provisioning • Customer will provide data rack space for installation of the servers • If new network facilities will be installed, any delay of network services or site readiness that effects required labor hours may result in a change order for additional technician hours, if required Implementation Phase — Deploy successful Layer 7 based Cisco Firewall A successful implementation is composed of the following areas or items with each party being responsible for various facets of the process. PCS has broken down the implementation into several unique steps to ensure the least disruptive outcome; • Audit/Translate configuration - This is perhaps the most important step in the firewall project and it will determine the overall success of the project, if all the requirements are identified and achieved. PCS will not rebuild the configuration from scratch, however we will remove all unused address objects, services, and networks. At which time PCS will analyze the current rule base and determine which security policies are in use and which ones can be removed. • Compose Acceptance Tests - Acceptance Test Plans to just ensure the basic setup is working fine "post" migration. A laundry/checklist list of sorts. These are not comprehensive testing, this is addressed later and should be developed by the Customer's IT team, and are only designed to validate that traffic is flowing thru the firewall in all directions as expected. (North-South, East-West) • Scheduled "lock out" period for changes - a "freeze" period for any/all firewall changes 14 days prior to the actual migration will be implemented. This will ensure that any new changes will be done on the new firewall. The Customer should not be making any changes to the existing Cisco ASA configuration. • Defined roll back procedure — If during the Implementation, the maintenance window runs out, or other issues arise that will not allow the Cisco NGFW implementation to proceed. A roll back to the previous firewall may/will be needed, as such the existing Cisco ASA will not be decommissioned until approximately one week after the migration. It would be desirable to leave the Cisco ASA firewalls in the rack and powered up, but if this is not possible they should remain in the Data Center if in the unlikely event they may be needed. • Migration & Testing - This is when the Customer would perform all testing using the acceptance test checklist they developed. PCS will work closely with their ��There is nothina rr�o�� ;�o,•Zai;r �nan our customers 4937 SW 75 Avenue, Miami, FL 33155 Phone: 305-667-0633 Fax: 305-667-0618 www.pcsusa.net ..:._� simpl:fy w�th technology system and network admins to facilitate the testing. The Customer's members are responsible for ALL the services and they must validate that all applications work as expected. PCS cannot be expected to understand the day-to-day operations and how the services interact with each other. The Customer should test applications, that are part of the post migration test plan, before and after the migration so you have a good baseline • Monitoring - There will likely be problems "minor" after the migration, PCS and the Customer should expect this as it is normal after a complex migration. PCS will support the operations team after a migration. PCS will be onsite day 1 of the migration to work any issues that come up and beginning on day 2 be available visa remote phone support. This time period is for monitoring for problems is expected to be between 1-3 days. After this period, the Customer will be responsible for sustainment of the Cisco NGFW and acceptance of the firewall change from ASA to Cisco NGFW, this will ensure there is a clear demarcation point for responsibility. Below is a checklist of the feature and limitations that will be included in the migration. Anything not "explicitly" identified in the below items will be considered "out of scope" and will require a change order; • PCS will configure a Pair of Cisco NGFW o OS version, as recommended by TAC as the current best practice release o policy for logs • Configure Centralized Reporting o Configure up to 4 custom reports • Configure up to 3 admin roles • Centralized Deployment design (Best practice supported design) .� Hardware appliances in a HA as Active/Passive configuration � , Enable NAT • Inbound one-to-one, up to 100 policies • Outbound PAT up to 10 policies • NatO for non-internet traffic up to 10 policies — Configure QoS, up to three profiles • Provide a basic profile so QoS statistics can be gathered • Categorize up to 3 priorities of queueing _: Active Directory Integration • Integration into Idap is required • Reporting dependencies for user reports .—; Configure dynamic/static routing on the appropriate Interfaces r NTP synchronization between devices `There is nothina more important than our customers" 4937 SW 75 Avenue, Miami, FL 33155 Phone: 305-667-0633 Fax: 305-667-0618 www.pcsusa.net :� simGCfy with technology � Configure RADIUS if needed • Firewall Administrator Access • VPN User Access ..�: 1 AnyConnect VPN tunnel and portal, .� Up to 50 IPSEC VPN point to point tunnels .— Configure up to 3 web filter profiles �, Configure up to 10 Security Zones • Maximum of two zone protection Profiles _ Any missing settings/profiles that will enhance the security of the firewall or protection of Customer resources will be configured using Cisco's best practices/recommendations Knowledge Transfer • The Cisco appliances will be configured along with city staff via remote sessions and onsite • City staff will be instructed on the basic configuration and management of the Cisco NGFW. • PCS will be available to answer questions that might arise during and after the implementation phase. Client Responsibilities Due to the complexity of all client environments the Customer should develop a test plan/checklist to test appropriate services and applications after implementation of the Cisco NGFW. PCS will validate traffic flow through the firewalls using built-in tools such as Monitor logs, packet capture, policy test, etc. to validate the traffic is flowing through the firewall as expected and the correct policies are being applied to the appropriate zones. Since PCS does not have intimate knowledge of the day-to-day operations of applications, services or resources of the Customer it will be imperative that they develop a detailed post implementation plan to validate that all services and applications are functioning and that resources are reachable. The customer will in addition to the above be responsible for the following; • Rack and stack equipment o Adequate space required for each unit 0 870 Watts max power consumption per unit 0 2970 BTU/hr heat output maximum per unit 0 46approximate Ibs weight per unit o Power requirements 100-240 VAC @6.5A maximum inrush 50A "There is nothina more important than our customers' 4937 SW 75 Avenue, Miami, FL 33155 Phone: 305-667-0633 Fax: 305-667-0618 www.pcsusa.net --� simpliry with technology • Provide direct connection to The Cisco appliances via serial port, Ethernet on a pc with internet access or VPN remote access • Provide WAN, DNS, LAN information o IP addresses o Host names o Routing specific information, Internal and External • Provide remote device information for point to point IPSEC VPN • Provide testing plan for applications, services and resources after Cisco implementation for testing Project Acceptance 8� Closure • Provide Q/A session before handing management over to city staff • Provide city personnel with any documentation generated as part of this implementation that is non-proprietary • Monitor the cut-over of nefinrork to Cisco NGFW's • Provide 1 day of post cut-over technical support regarding related issues encountered by city staff • Conduct final Q/A session with city staff regarding use and management of The Cisco NGFW's and Panorama • Customer to Sign the PCS Acceptance & Project Close out within three days of the project being completed by PCS Services Outside the Scope of this SOW • SSL Decryption • Custom Response Pages • Detailed service/application testing • Troubleshoot nefinrork and/or wireless network issues not related to the firewall • Anything or task not explicitly listed in the Implementation Phase or defined as a PCS responsibility Project Schedule • Implementation Begins TBD • Implementation Complete TBD • Project Cut-Over TBD • Project Closure TBD "There is nothina more important than our customers' 4937 SW 75 Avenue, Miami, FL 33155 Phone: 305-667-0633 Fax: 305-667-0618 www.pcsusa.net simplify with technology "There is nothina more importanf than our customers" 4937 SW 75 Avenue, Miami, FL 33155 Phone: 305-667-0633 Fax: 305-667-0618 www.pcsusa.net a y� simpCfy vr.h techrolog� Scope of Work Acceptance Sheet PCS Integration & Solution's, Inc., (PCS) will accept this SOW upon receipt of Customer's signature on this SOW along with a purchase order for the Services and the estimated travel and living expenses set forth on the PCS Quote if applicable. By signing this SOW customer accepts this SOW as a binding agreement with PCS and agrees to abide by and accept the terms and conditions set forth herein. Date: Customer Signature Date: Customer Name &Tittle Printed Date: PCS Signature Date: PCS Name&Tittle Printed ��There is nothina more important than our customers" 4937 SW 75 Avenue, Miami, FL 33155 Phone: 305-667-0633 Fax: 305-667-0618 www.pcsusa.net �impl:fy vlth t�chrology Final Project Acceptance & Close Out Customer to Sign the PCS "Final Project Acceptance � Close Out" within three days of the project being completed by PCS. The individual signing below acknowledges that they reviewed the Implementation Phase portion of the SOW and has verified that all project deliverables meet the project specifications and requirements. The Client acknowledges that there are no unfulfilled obligations remaining. Further, the individual signing below confirms that, he or she, or an authorized agent, has reviewed each of the project deliverables and found each one to either meet or exceed all quality requirements The project outcome has been measured against its acceptance criteria and is being formally accepted by the customer and unless otherwise noted, the project may now be closed. By signing below, the Client provides the PCS Project Team with authorization to perForm all project closing activities including releasing the project team. Date: Customer Signature Date: Customer Name&Tittle Printed Date: PCS Signature Date: PCS Name&Tittle Printed `�There is nothina more imaortant than our customers" 4937 SW 75 Avenue, Miami, FL 33155 Phone: 305-667-0633 Fax: 305-667-0618 www.pcsusa.net a- - Pricing Proposal Quotation#: 16140235 Created On: 10/22/2018 Valid Until: 11/21/2018 Village of Tequesta Inside Account Executive Brad Gomberg Jim Grogan P.O.BOX 3273 290 Davidson Ave ATTN:ACCOUNTS PAYABLE Somerset, NJ 08873 TEQUESTA,FL 33469 Phone:732-652-0833 United States Fax: 732-564-8224 Phone:(561)768-0554 Email: Jim_Grogan@shi.com Fax: Email: bgomberg@tequesta.org All Prices are in US Dollar(USD) Product Qty Your Price Total 1 Cisco Firepower Management Center, (VMWare)for 2 devices 1 $298.97 $298.97 Cisco Systems-Part#: SF-FMC-VMW-2-K9 2 SOLN SUPP SWSS Cisco Firepower Management Center,(VMWa 1 $105.15 $105.15 Cisco Systems-Part#:CON-ECMUS-SFMMCVWK 3 Cisco AnyConnect Plus Term License, Total Authorized Users 50 $0.00 $0.00 Cisco Systems-Part#: L-AC-PLS-LIC= 4 Cisco AnyConnect Plus License, 1 YR,25-99 Users 50 $3.03 $151.50 Cisco Systems-Part#: L-AC-PLS-IY-S1 5 Cissco Firepower 2120 Threat Defense Chss,Subs HA Bundle 1 $0.00 $0.00 Cisco Systems-Part#: FPR2120-FTD-HA-BUN 6 Cisco Firepower 2120 NGFW Appliance, 1 U 2 $10,718.97 $21,437.94 Cisco Systems-Part#: FPR2120-NGFW-K9 7 SOLN SUPP 8X5XNBD Cisco Firepower 2120 NGFW Appliance, 1 U 2 $1,962.89 $3,925.78 Cisco Systems-Part#:CON-SSSNT-FPR21GFN 8 AC Power Cord(North America),C13, NEMA 5-15P,2.1m 2 $0.00 $0.00 Cisco Systems-Part#: CAB-AC 9 Cisco Firepower Threat Defense software v6.2.3 for FPR2100 2 $0.00 $0.00 Cisco Systems-Part#: SF-F2K-TD6.2.3-K9 10 Firepower 2000 Series SSD for FPR-2110/2120 2 $0.00 $0.00 Cisco Systems-Part#:FPR2K-SSD100 11 Firepower 2000 Series SSD Slot Carrier 2 $0.00 $0.00 Cisco Systems-Part#: FPR2K-SSD-BBLKD 12 Cisco FPR2120 Threat Defense Threat, Malware and URL License 2 $0.00 $0.00 Cisco Systems-Part#:L-FPR2120T-TMC= 13 Cisco FPR2120 Threat Defense Threat,Malware and URL 1Y Subs 2 $3,706.70 $7,413.40 Cisco Systems-Part#:L-FPR2120T-TMC-1 Y Total $33,332.74 Additionai Comments Thank you for choosing SHI Intemational Corp!The pricing offered on this quote proposal is valid through the expiration date set above.To ensure the best level of service,please provide End User Name, Phone Number, Email Address and applicable Contract Number when submitting a Purchase Order. SHI International Corp.is 100%Minority Owned,Woman Owned Business. TAX ID�22-3009648;DUNS#61-1429481;CCR#61-243957G;CAGE 1 HTFO The Products offered under this proposal are resold in accordance with the SHI Online Customer Resale Terms and Conditions unless a separate resale agreement exists between SHI and the Customer. � __.. Cisco Firepower ��"' De loyment with p ,� � i� / Threat Package � �` �'� � �. . ,�.. � �'� 4��,,,� STATEMENT OF WORK � �. __... 10/25/2018 Prepared for Village of Tequesta ; Presented By Jim Grogan Inside Account Executive,SHI 732-652-0833 jim GroganC�shi.com • h Prepared for Village of Tequesta IZPVlilUil I-L J lan. 23 201fi Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential ii Prepared for Village of Tequesta Table of Contents 1. Executive Summary............................................................................................................................................1 2. Project Management...........................................................................................................................................1 3. Summary of Customer Environment...............................................................................................................1 4. Scope of Services Overview...............................................................................................................................2 5. Document Deliverables......................................................................................................................................3 ]. Build Documents:..........................................................................................................................................4 6. Project Duration..................................................................................................................................................4 7. Resources and Skills...........................................................................................................................................4 8. Assumptions........................................................................................................................................................5 9. Locations..............................................................................................................................................................7 10. Customer Responsibilities............................................................................................................................7 11. Change Control Process................................................................................................................................8 12. SOW Review Process...........................................•••......................................................................................9 13. Price and Payment Schedule........................................................................................................................9 1. Payment Schedule.........................................................................................................................................9 2. Travel Expenses.............................................................................................................................................9 3. Billing Terms................................................................................................................................................10 14. Terms&Conditions....................................................................................................................................10 15. Special Data Security Considerations.......................................................................................................10 16. SOW Acceptance..........................................................................................................................................11 17. CONFIDENTIAL.........................................................................................................................................11 1 S. APPENDIX A—Change Request Form....................................................................................................12 Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential iii Prepared for Village of Tequesta Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential iv Prepared for Vittage of Tequesta Village of Tequesta("Customer")has engaged SHI International Corp("SHI")to deploy Cisco Firepower with Threat Defense("Services").The specific goals and objectives for this project are as follows: Collaborate with Village of Tequesta to: • Deploy a pair oE Cisco FirePower 2120 • Deploy Threat Defense • Deploy Fire�ower Management Center on VMware • A resource will be provided by SHI to work with Village of Tequesta to see the entire project through to completion. This resource will be the first call tior support of any kind at any time during the project.SHI project management covers items such as,but not limited to: • Conducts a kick off ineeting to ensure all project deliverables are outlined and sets proper project expectations. • Ensures project timelines,dependencies,budgets and closure are met within the project lifecycle. • Holds regular status meetings with SHI's delivery team to identify proactively any issues that may arise in order to mitigate risk. • Holds regular status meetings with the Customer to review project stahis,open action items, and upcoming tasks. • Issues regular stahis reports to the management of all companies involved in the project. • Facilitates any necessary change orders and administrative tasks as necessary. � ' • • ' ' • Current State: • ASA 5510 • Untangle Firewall Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential 1 Prepared for Village of Tequesta , � . � � � . SHI shall provide to Village of Tequesta the services described as follows: In-Scope Discoverv: • Kick-off Meeting: o Introduce parties. o Define Roles&Responsibilities. o Verify Requirements and Expectations. o Discuss Milestones&Schedules. • Gather existing company information. • Establish remote access to customer's environment. • Internal Planning Meetings. • Review Customer provided documentation. • Conduct usability testing and analysis of the current site. Determine what is working and what is not working with the site(navigaHon,content,functionality). • Gather technical/functionality specifications. Have a general understanding of how the current environment functions and the specific technologies involved. • Conduct Network Discovery to obtain information on devices that will be monitored and managed. • Customer agreement of new Configuration&Deployment approach along with a tentative Schedule. Desi�n&Build: • Download related software and veriEy licensing. • Export existing system's configuration and perform a backup. • Review any ACLs, NATs,Static Routes, VPN tunnel policies,etc. • Review Untangle Firewall Config�iration • Review&Remove Unnecessary Firewall Rules • Update Operating System and any other components to the latest safe harbor release. • Build new unit with defined configuration parameters. • Configure SSL Inspection and create one rule tv validate confi�iration • Integrate with AD • Deploy URL, AMP, IPS filtering. Configure based on industry best practices,and tune to any specific Customer requirements. Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential 2 Prepared for Village of Tequesta Im�lementation: • Schedule with Village of Tequesta an implementation date, and ensure all change management processes have been taken care of by Village of Tequesta. Ensure dlere are individuals are lined up by the Customer to do the testing. • Perform System Integration Testing(SIT),Validation,and Troubleshooting. • Perform Cutover to Production. Post-Im�lementation: • Check health indicators of the system post cutover. • Complete configuration documentation as applicable. • Provide Knowledge Transfer to Customer's IT Administrators(up to 4 hours). • Project Wrap-Up and Close-Out Meeting. Out of Scope 1. Technical support and hardware replacement due to equipment failures,software function failures, degraded performance,etc. 2. Communication to Customer's employees for changes made to the environment. 3. Racking and cabling devices,or providing an initial [P for remote network connectivity. 4. Integrations or configurations with products other than the ones specified in scope,and other that what is being purchased for this project. 5. Developing rules and clearing false positives beyond of what's in scope. 6. 1Vegotiations with the ISP for changes to the demarcation points and ordering of services. 7. Any other services that are not explicitly derined in the"In Scope" section. Such services may be addressed with a separate SOW or Change Order. � � � ' � : The following documentation will be delivered in this project. Management of this documentation will be as follows: 1. The SHI team will create the document 2. The SHI project manager will institute revision control on the document 3. Document will be sent to Village of Tequesta for review. Unless agreed upon previously, feedback from Village of Tec�uesta will be required within five business days.If feedblck is not received within that timeErame, the document will be considered "accepted"by the Customer Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential 3 Prepared for Village of Tequesta 4. Village of Tequesta reviews and either approves it,or returns to the SHI project manager with changes indicated 5. SHI team makes any necessary changes 6. SHI project manager delivers final version of document to Village of Tequesta.This version, if required, will be used in subsequent steps in the project 1. BUILD DOCUMENTS: Documentation is delivered in either Microsoft Visio, Microsoft Word,or Microsoft Excel formats. a. System Configuration , " • � ' • • T'he esrimated project duraHon is 1 WEEK(depending on scheduling)*. SHI will work with Village of Tequesta to provide the required resources to meet a schedule that would be agreeable to all parties. ln addition, the schedule assumes reasonable�ccess to Village of Tequesta resources and does not allow for holidays,vacations, and unforeseen delays in deliveries. *Please be advised that the above timeframe rs to provide a general tirneline for delivery and is not a true rejlectron of the total man hours/effort involved for thrs engagement. ' • � SHI will provide individual resources outlined below to be participants for this project effort.These resources will parHcipate in all required steps and will be fully or partially responsible Eor tasks and deliverables where appropriate: � . � � � � � - �� • � IT Resource(s) ' Remote Cisco Engineer Full Time Project Manager Responsible for overseeing the project success, Part Time scope,and risk management Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential 4 Prepared for Vittage of Tequesta • The program and associated price quoted within this Statement of Work are based on the following assumptions.Should any element(s)of these assumptions be lacking ciuring execution of services, additional Hme and associated fees and expenses may be required to complete this Statement of Work. 1. SHI is not responsible for lost data.SHI recommends that Village of Tequesta perform a full working backup of their network prior to the commencement of services. 2. Please note that the time designated for knowledge transfer is throughout the engagement. Village of Tequesta is responsible for providing a resource dedicated to this engagement and the extent of the knowledge transfer is dependent upon the availability of this resource. 3. Minimum lead time for scheduling is fourteen(14)business days Erom our receipt of the signed SOW or fourteen(14)business days from the confirmed start date between SHI and Village of Tequesta; whichever date is later. Should you require more aggressive scheduling, please contact SHI to determine availability. 4. SHI will not develop applications as a part of this SOW. 5. Village of Tequesta will provide the necessary hardware to complete the engagement. 6. SHI is not responsible for delays caused by failures;including but not exclusive to systems, personnel or environmental causes or in receiving data from Village of Tequesta 7. Any restrictions or requirements regarding the engineer's use of personal equipment must be stated in advance of the commencement of the engagement. 8. Village of Tequesta will provide, to the extent necessary,administraHve usemames and passwords to meet necessary obligations. 9. Village of Tequesta will provide necessary and accurate information regarding their current network environment.Such information may include,but not limited to network diagrams, configuration baselines and settings, procedures, host parameters(such as: hostnames/[P addresses/masks/ default gateways/DNS/SNMP/SMTP), and any other technical intormation that may be needed to support the environment, and/or complete the assigned project. 10. Village of Tequesta wil( provicle adequate level of access to any peripheral equipment(routers/ switches) that intertiace to the managed equipment. Provide any necessary access to other systems(IT Help Desk,etc.)the Provider may be expected to interface with. If access to that equipment is not feasible, then Village of Tequesta will provide an IT Engineer who could supply SHI with configurations about peripheral equipment on a need basis. 11. Village of Tequesta shall be responsible to inform SHI of any other information that may be needed, before making any system changes. 12. Village of Tequesta will be responsible for racking and cabling of devices, as well as providing an IP address that SHI will use to access those devices. 13. Village of Tequesta will provide the necessary works�ace and network access to provide the above services. Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential 5 Prepared for Village of Tequesta 14. Village of Tequesta will provide VPN access into their company's network,so SHI may perform any necessary wark. An IPsec connection is desired. 15. Village of Tequesta will provide access to building(s)and room(s)as necessary to complete the services described above. 16. All hardware and/or software and licensing required to perform the above services will be provided by and is the responsibility of Village of Tequesta.All wiring,hardware, and software required to perform the above services are in working order. 17. Village of Tequesta will ensure that a valid manufacturer maintenance contract exists at all times for the equipment included in the scope of this�roject. 18. Village of Tequesta will be directly responsible for escalation oE all issues requiring manufacturer support. 79. Village of Tequesta will ensure that all affected equipment under this SOW have a valid manufachirer's license. 20. Village of Tequesta is to define Change"windows" for production changes. 21. Village of Tequesta will authorize SHI to be added in the Manufacturer's Support Contract for the purposes of placing Tech Support calls on behalf of Village of Teyuesta. 22. It is understood that all wiring,hardware,and software required to perform the above services are in working order. 23. Customer will provide a designated onsite engineer who will be the"hands and feet" of the Provider for any physical access,and for any console access to the managed equipment, as needed. 24. Customer will be responsible in obtaining any internal Change Management approvals before Provider proceeds with any production changes 25. Village of Tequesta will provide a technical point of contact during the Hme of this engagement. 26. No cutovers will be scheduled on or near the Nationally recognized holidays of New Year's Eve or New Year's Day,Martin Luther King,Jr. Day, Memorial Day, Independence Day, Labor Day, Thanksgiving weekend(all four days),Christmas Eve or Christmas Day,unless mutually agreed by both parties. 27. No overtime services will be provided without a change order authoriz_ing such charges. "Overtime" is defined as any work performed outside the hours of 8:00 AM to 5:00 PM local time. 28. All work is to be performed remotely. 29. All parties agree that personnel shall not be asked to perform, nor volunteer to perform,engineering and/ar consulting tasks that lie outside the skill sets and experience of personnel. Personnel have the right to dedine on a service request if the request falls outside the scope of their experience and experHse. Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential 6 Prepared for Village of Tequesta ' • • The location/s of contacts and services is: CUSTOMER CONTACT INFORMATION Company Name: Villa e of Tequesta Street Address: 345 Tequesta Drive City,State,Zip Code: Tequesta,FL 33469 Contact Name and Title: Brad Gomber ;Director of IT Contact Phone Number and E-mail address: (561)768-0554; b omber C�te uesta.or ;WORK LOCATIOIV Street Address: All work to be performed remotely City,State,Zip Code: All work to be performed remotely 1 • • • • • � Both Village of Tequesta and SHI are responsible for the successful execution of tlus engagement.Village of Tequesta agrees to the following assigned responsibilities: • Prior to the start of this project,Village of Tequesta will indicate to SHI in writing a person to be the point of contact. All engagement communications will be addressed to such point of contact(the "Customer Contact"). • The Customer Contact will have the authority to act for Village of Tequesta in all aspects of the engagement;however any changes that affect the scope of this SOW, schedule or price will require that an amendment to the SOW be executed between the parties. • The Customer Contact shall have the authority to resolve contlicting requirements. • The Ctistomer Contact will ensure that any communication between Village of Tequesta and SHI is made through the SHI project manager. • The Customer Contact will obtain and provide engagement requirements,information, data, decisions and approvals within one working day of the request, unless both parties agree to a different response Hme. Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential 7 Prepared for Villa�e of Tequesta • The Customer Contact will ensure that SHI engagement personnel have reasonable and safe access to the Engagement site and adequate office space, if required. • The Customer Contact will help resolve engagement issues and ensure that issues are brought to the attention of the appropriate persons within the Village of Tequesta organization, if required. • Customer Contact will provide technical points-of-contact,who have a working knowledge of the enterprise components to be considered during this engagement("Technical Contacts"). SHI may request that meetings be scheduled with Technical Contacts. • Village of Tequesta will inform SHI of any necessary access issues and security measures, and provic�e access to all necessary hardware and facilities as required. • Village of Tequesta will provide,at no expense to SHI:computer hardware,software, and necessary access to the Village of Tequesta network as required to complete the work described in this SOW. • Village of Tequesta is responsible for providing necessary telecommunications equipment,and related infrastruch�re as required for the successful completion of this Engagement. • Village of Tequesta agrees that all related information regarding this engagement will be communicated to SHI as expeditiously as possible. • • ' i The"Change Control Process" is that process which shall govern changes to the scope of Services during the life of the SOW.The Change Control Process will commence at the start of the Project and will continue throughout the Project's duration. Under the Change Control Process, a written "Change Request Form" (attached as Appendix A)will be the instrument for communicating any desired changes to the SOW. The Change Request Form will describe the proposed change; the reason for the change and the effect the change may have on the project. The project manager of the requesting party will submit a written Change Request Form to the project manager for the other parties. SHI and Village of Tequesta will review the change request. All parties must sign the approval section of the Change Request Form to authorize the implementation of any change that affects the SOW's scope of services,schedule or price.Furthermore,any such changes that affect the scope of this SOW, schedule or price will require that an amendment to the SOW be executed between the parties. Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential 8 Prepared for Vi(tage of Tequesta � ' ' • Upon receipt of a signed SOW and purchase order,planning for the project will commence. A key step in the planning process is the kickoff ineeting with SHl and Village of Tequesta's team. In the kickoff ineering,the contents of the SOW will be reviewed.This is an opporhtnity Eor Village of Tequesta's team who will be involved with the project to understand the SOW's goals, tasks,deliverables, and timelines. Upon completion of the project kick-off ineeting,minutes of the kickoff ineeting will be created based on the meeting discussion and distributed to Village of Tequesta.Any changes to the project scope will be documented in these minutes.If Change Orders are necessary due to scope changes, that process would be initiated after the kickoff ineeting. ' � ' • � SHI proposes to deliver the services described here for a fixed price for the fees set forth below: Program Component Fee Cisco Firepower Deployment with Threat Package $10,347 This price quote is valid for 60 days from 10/25/2018. Any additional work that is required outside the scope of this SOW shall follow the Change Control Process or initiate a new SOW. 1. PAYMENT SCHEDULE The following table describes the project milestones. When these are completed and approved by Village of Tequesta, SHI will invoice the specified amount. Project Milestones % Fee Project Close 100 $10,347 Total: 100 $10,347 2. TRAVEL EXPENSES No travel is required for this project. Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential 9 Prepared for Village of Tequesta 3. BILLING TERMS SHI will request the approval of Village of Tec�uesta when a milestone(see Payment Schedule above)has been completed. Upon receipt of Village of Tequesta's approval,SHI will invoice Village of Tequesta for the milestone. All invoices are due and pa}'able within 30 calendar days of the invoice date. The total fee does not include applicable taxes.Invoice(s)will indude any applicable taxes due. � : � � • This statement of work(SOW) is subject to and governed by the terms of the Professional Services Agreement("Agreement")shown in SHI PSA-Terms and Conditions. In the event any terms and conditions of this SOW conflict with the Agreement,this SOW will control for the purposes of this SOW only. All terms defined in the Agreement and used herein will have the same meaning as set for in the Agreement. . � , � � . , � As data security concerns and regulations continue to rise in import such as Health Insurance Portability and Accountability Act("HIPAA") and Payment Card Industry Data Security Standard ("PCI DSS"),SHI wants to ensure the project delivery team maintains that compliance. if the Custamer organization utilizes special tools or has procedural requirements that must be observed during this project such as the use of cloud storage or file/email encryption, please advise your SHI sales representative and project manager as soon as possible. If required tools are not currently employed by the SHI team, the costs of those tools will be a project expense pass-through. Please allow project initialization time for acquisition of these tools. Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential 10 Prepared for Village of Tequesta . � ' The parties, intending to be legally bound,have caused this SOW to be executed by their authorized representatives on the dates set forth below. Village of Tequesta SHI International Corp. Name Name Title Title Signature Signature Date Date • � The information in this document shall not be duplicated, used,or disciosed in whole or in part outside Village of Tequesta's organization. If a contract is awarded to SHI as a result of or in connection with the submission of this document,Village of Tequesta shall have the right to duplicate, use,or disclose the information within its organization to the extent provided by the contract between Village of Tequesta and SHI. This restriction does not limit Village of Tequesta right to use information contained in this document if it is obtained from another source without restriction. Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential 11 Prepared for Vitlage of Tequesta . . � , � , , CHANGE REQUEST FORM Project Name: Cisco Firepower Deployment with Threat Package Customer Name: Village of Tequesta Change Request Number: Date: Submitted by: Change Evaluator: CHANGE REQOEST DESCRtPTiON IMPACT OF CHANGE PRICE SIGNATURES Status:Accepted/Rejected Reason: Village of Tequesta Approval: Date: SHI Project Manager Approval: Date: Version 1-0 SHI Intl.Corp.and Village of Tequesta Confidential 12