HomeMy WebLinkAboutDocumentation_Regular_Tab 27_11/13/2025 Agenda Item #27.
Regular Council
A-1
STAFF MEMO
Meeting: Regular Council - Nov 13 2025
Staff Contact: Brad Gomberg,Director of IT Department: IT
Consider Approval to Authorize the Purchase and Installation of Two Palo Alto Networks PA-3410
Firewalls with Associated Security Subscription Bundles and Premium Support.
SUMMARY: A
Our current Palo Alto firewalls are scheduled for end-of-life and are on their last supported version of
software. The project will replace the Village's existing perimeter firewalls with next-generation Palo
Alto models to maintain cybersecurity, reliability, and network performance. The upgrade allows us to
continue to provide comprehensive protection for all Village facilities and departments.
This investment will continue to strengthen the Village's defense against cyber threats, improve
network visibility and control, and ensure continued compliance with industry security standards. The
purchase also includes our annual license renewal from Palo Alto. The implementation will be
managed by Village IT staff with support from Palo Alto-certified technicians from Cloudnomics.
Palo Alto Hardware & Licensing - $73,592.78
Cloudnomics Migration Services - $7,999-00
This document and any attachments may be reproduced upon request in an alternative format by
completing our Accessibility Feedback Form, sending an e-mail to the Village Clerk or calling 561-
768-0443.
BUDGET INFORMATION:
BUDGET AMOUNT 90000 AMOUNT AVAILABLE 90000 EXPENDITURE AMOUNT:
81591.78
FUNDING SOURCES: 001-161-546.320, 101- IS THIS A PIGGYBACK:
180-546.320, 401-241-546.320 0Yes 0 N/A
DID YOU OBTAIN 3 QUOTES?
❑ Yes ❑ N/A
COMMENTS/EXPLANATION ON SELECTION Purchased off Omnia contract
POTENTIAL MOTION / DIRECTION REQUEFTED:
Page 438 of 603
Agenda Item #27.
Staff recommends approval to authorize the purchase and installation of the new Palo Alto firewall
systems as quoted by SHI International Corp., and Cloudnomics.
XTTACHMENTS:
SHI Quote-26810828
Ingram ASC+ 2025
Cloudnomics 3xxx Series Refresh package-2
Sales Quotation 712731 The Village of Tequesta (3K Refresh Package)
Page 439 of 603
Agenda Item #27.
Pricing Proposal
Quotation #: 26810828
Created On: 10/30/2025
Valid Until: 11/29/2025
FL-Village of Tequesta Inside Account
Executive
Brad Gomberg Alex Friedman
345 Tequesta Drive 290 Davidson Ave.
ATTN: Brad Gomberg Somerset, NJ 08873
Jupiter, FL 33469 Phone:732-652-7660
United States Fax: 732-XXX-XXXX
Phone:5615756200 Email: Alex_Friedman@shi.com
Fax:
Email: bgomberg@tequesta.org
All Prices are in US Dollar(USD)
Product Qty Your Price Total
1 PA-3410, Core Security Subscription Bundle(Advanced Threat Prevention, 2 $15,315.15 $30,630.30
Advanced URL Filtering,Advanced Wildfire,Advanced DNS Security and SD-WAN
), 1 years(12 months)term
Palo Alto Networks-Part#: PAN-PA-3410-BND-CORESEC
Contract Name:OMNIA Partners IT Solutions, Products&Services
Contract#: 2024056-02
Note: 12 month term
2 For US Government accounts only. Partner enabled premium support year 1, PA- 2 $51331.74 $10)663.48
3410
Palo Alto Networks-Part#: PAN-SVC-BKLNUSG-3410
Contract Name:OMNIA Partners IT Solutions, Products&Services
Contract#: 2024056-02
Note: 12 month term
3 Palo Alto Networks PA-3410 with redundant AC power supplies 2 $161149.50 $32,299.00
Palo Alto Networks-Part#: PAN-PA-3410
Contract Name:OMNIA Partners IT Solutions, Products&Services
Contract#: 2024056-02
Total $73,592.78
Additional Comments
Palo Alto has a no returns policy.
Due to the potential impact of any current or future tariffs, the price and availability of hardware items on this quote may be subject
to change.
Thank you for choosing SHI International Corp!The pricing offered on this quote proposal is valid through the expiration date listed
above.To ensure the best level of service, please provide End User Name, Phone Number, Email Address and applicable Contract
Number when submitting a Purchase Order. For any additional information including Hardware, Software and Services Contracts,
please contact an SHI Inside Sales Representative at(888)744-4084. SHI International Coro. is 100% Minoritv Owned.Woman
Agqfldqoj*M0#,Z�,SHl International Corp!The pricing offered on this quote proposal is valid through the expiration date set
above.To ensure the best level of service, please provide End User Name, Phone Number, Email Address and applicable Contract
Number when submitting a Purchase Order.
SHI International Corp. is 100% Minority Owned,Woman Owned Business.
TAX I D#22-3009648; DUNS#61-1429481;CCR#61-243957G;CAGE 1 HTFO
The products offered under this proposal are resold in accordance with the terms and conditions of the Contract referenced under
that applicable line item.
0
r
I
1
Ingram Micro's ASC+ Authorized Support
Center for Palo Alto Networks.
1
1
dO
Ingram Micro's ASC+ is the top ranked Palo Alto Networks Authorized Support Center.
Staffed by highly certified Solution Architects and Engineers.
Providing fast, reliable service,consistently hitting and exceeding our SLA allowing for rapid response to resolution and providing a
best-in-class experience. Ingram Micro and Palo Alto Networks leadership are committed to the transition of SMB, Mid Market,Select and
Commercial support to Ingram Micro's ASC+. 80%+of the business scenarios qualify for ASC+support. In addition to SMB, Mid Market,
Select and Commercial accounts Ingram Micro ASC+also supports Enterprise and Govt.accounts.
Fry
Q
V_
Time Quality Reliability Value Partnership Communication
95%
of all support cases are resolved by Fastest response for any incident by certified PANW engineers.
Ingram Micro ASC+Support.
Multiple entry points of contact via phone,email and ticket portal. Lowest escalation rate to Palo Alto Networks.
24x7 ASC technical support for active assets. I E Palo Alto support is still accessible. Ingram Micro team
will initiate priority support if required.
Online incident tracking and email updates for all cases. 3 F , Access to Palo Alto Networks tools and resources.
Palo Alto Networks ASC Partners must meet stringent certification requirements to ensure the highest possible standards and quality of
service.We are committed to the success of our customers with the assurance that our ASC Partners have the best preparation,training,
tools,techniques and information at hand. If any assistance is required, Palo Alto Networks engineers are ready to help our ASC Partners
troubleshoot any issues and streamline the escalation process to make it easier for you. For more information about Palo Alto Networks
Support for services programs and offerings,visit paloaltonetworks.com/services/solution-assurance.
20 Authorized Support Center 20 Authorized Support Center
22 DISTRIBUTOR OF THE YEAR 23 DISTRIBUTOR OF THE YEAR
Page 442 of 603
Agenda Item #27.
paloatto
MILT WO R 1.05
Standard Premium
ASC+ support support
Online support 24x7 24x7 24x7
Telephone support 24x7 No 24x7
Email support 24x7 No No
L
Response Times
Severity 1 -Critical <1 hour <2 hour <1 hour
Severity 2-High <2 Business Hours <4 Bus. Hours <2 Bus.Hours
Severity 3-Medium <4 Business Hours <12 Bus.Hours <4 Bus.Hours
Severity 4-Low Never a low priority <48 Bus.Hours <8 Bus.Hours
Additional Services
Access to Palo Alto tools and '
customer support site YES YES YES
Access to PAN message boards YES YES YES
Free 1-day class YES NO NO
With Ingram Micro's ASC+there is never a low priority.At Ingram Micro,all events are treated with high attention,and policies have been
updated to reflect this.The longest SLA that you should ever have to wait for a response from your ticket is 4 hours.
Palo Alto Networks regularly monitors the ongoing success and customer satisfaction of Ingram Micro as an ASC Partner,conducting
customer surveys,case quality reviews and quarterly business reviews.
Palo Alto Networks highly endorses Ingram Micro as an ASC Partner,this unique specialization is reserved for select distributors. Palo Alto
Networks' goal is to enable their ASC Partners by providing the same levels of training and support as they give their internal Technical
Assistance Center(TAC).
Page 443 of 603
Agenda Item #27.
6toudnomics
MsKimtr*d-*valor of your Cloud Business
3xxx Series Refresh Package
August, 2024
Page 444 of 603
Agenda Item #27.
6oVud no mics
PROFESSIONAL SERVICES REFRESH PACKAGE FOR 3xxx SERIES
Engagement Overview:
This document provides a Statement of Work for offsite (remote) Professional
Services and is based on Cloudnomics' understanding of the current and future tasks
related to the agreed scope of services defined below.
Description and Scope:
Cloudnomics will provide remote assistance in configuring, upgrading of the one new
3xxx series Firewall or a high availability pair of Palo Alto Networks Next-Generation
firewalls
_ �-engagement Zoom Intervievi•
Prior to delivering this service, Cloudnomics will conduct a Zoom Session interview to
review the refresh requirements. The purpose of this interview is to ensure all
preparation activities are complete as well as to ensure the proposed solution and
configuration meets the customer requirements. The tasks included in this package
will be performed during the upgrade. Any additional tasks or work will require
additional time and a change request will be needed to complete that additional task.
1
Page 445 of 603
Agenda Item #27.
6oVud no mics
14
Tasks & Deliverables:
During the Three and a half day (3.5 day) engagement, Cloudnomics will perform
the following activities:
• Architecture Review:
Cloudnomics will review the current architecture to verify understanding of network and
authentication setup.
• Review the details of this SOW to ensure a clear understanding from both parties
of the project goals and expectations.
• Review the roles and responsibilities for Cloudnomics
• Review the schedule for the project tasks and coordinate ahigh-level project
review, identifying the project managers and other key contacts involved with
the project.
• Firewall Initial Setup:
Cloudnomics will perform the initial configuration the Palo Alto Next-Generation firewalls
to include:
• Configuration of the management interface to include support services (DNS,
NTP, etc.)
• Registering and licensing the firewall device with Customer support account.
• Updating dynamic content to the latest version or to the version requested by
the customer.
• Scheduling/automating dynamic updates according to the customer
requirements.
• Upgrading/ Downgrading of the new hardware to a suitable PANOS for the
migration.
• Firewall Configuration:
Cloudnomics will migrate the existing Palo Alto Networks Firewall configuration for the
new hardware. This task includes:
• Adjusting to new interface layout if additional interfaces are added or VLAN
trunking is introduced into the design
• Adding or modifying security and NAT rules to accommodate for interface
changes
• Configuring ISP redundancy utilizing secondary ISP as a passive failover path
• High Availability Setup
• Active/Passive Mode setup only
• Panorama Configuration
2
Page 446 of 603
Agenda Item #27.
6o�ud no mics
• Add both devices and configuration to Panorama
• Push any templates and device groups as required
• Cutover Support:
Separate from all preparatory work Cloudnomics will support the cutover of the Firewall
into production. This might include:
• Monitoring of Firewall for proper traffic handling.
• Verification of the HA Set up for failover
• Corrections of settings/configuration to better achieve design goals.
• Verification of specified primary functionality through monitoring and reports.
• The Cutover will be done after hours at a time agreed to with the customer.
• Support:
Cloudnomics will provide technical support regarding the firewall migration for a period
of (1) one day after implementation into production on an "as available" basis. This
support covers only the proper functioning of the configurations specified in this
engagement. On-call support is available as an additional paid option.
• Exclusions: The following items are not in scope:
• Security policy or NAT policy changes.
• No changes to the Panorama Configuration besides adding the HA Pair
• No BGP or any other Networks changes directly at the Firewall
• No changes to any of the aggregated interfaces (equivalent number of
ports used to connect to Fiber or Copper)
• One level of upgrade to version 11.x (any Firewalls that are not already at
version 10.x may require additional days of work as part of the refresh)
3
Page 447 of 603
Agenda Item #27.
6oVud no mics
14
Customer Responsibilities:
The following prerequisites are required to be completed prior to Cloudnomics
commencing this Statement of Work.
• Coordinate all access to the equipment. The Cloudnomics expert must have
the ability to remotely access the Security appliance that is the target of this
Professional Services Statement of Work.
• Provide a test user account with access / authentication allowing all
configuration work specified in this Statement of Work.
• Appropriate product licenses and support agreements for test and production
systems.
• Upgrade the older firewall to the latest preferred release for that hardware.
This will be needed so as to avoid a second maintenance window which is not
covered in this SOW.
• Signed Statement of Work and corresponding Purchase Order.
If assistance is required, please contact Cloudnomics prior to the scheduled date of
commencement.
4
Page 448 of 603
Agenda Item #27.
6oVud no mics
SKU:
The following SKU apply:
Qty. SKU Description
1.0 CN-CONSULT-QUICKSTART Cloudnomics- Professional Services-Remote
3KSERIES- REFRESH Refresh Package—3xxx Series
(i) If applicable for on-site services, ME costs are not included in the total price on this
Quote, but instead will be billed separately and in addition to the Fees for Services set forth
above, just for the onsite part of the deployment (ii) You shall be responsible for
reimbursing Cloudnomics for all travel and expense costs related to any services performed
under this Order, and (iii) Cloudnomics will bill actual ME on a monthly basis.
• Any quotes you may receive, whether verbal or otherwise, for the number of days
required to perform a task are given as a guide for budgeting purposes and are not
meant to be a guarantee for the amount of time required to perform your project or
guarantee deployment success.
• The full amount is due at the completion of the project even in cases of completion
ahead of schedule.There can be no credit in either dollars or hours of service at project
completion. Customer or Partner will be billed after the cutover and the support days
for the all the preceding days as the Next Gen consulting service day may be a couple
of weeks post the cutover.
• We expect the cutover to be done immediately or at most a week after the completion
of the work by Cloudnomics so as to allow the architect to move to other projects. If
there are delays due to Customer issues, billing for the project may be done in multiple
tranches.
• If the project crosses more than one month, billing for the days spent during that month
will be done at the end of that month and so on until the project is completed
• If additional time is required to complete this service, Cloudnomics, Inc. may invoice
Customer or Partner on a per day basis at the Cloudnomics, Inc. Professional Services
Daily Rate.
• A day of work is defined as any regular weekday work performed between the local
hours of 9 am — 5 pm. Weekends, holidays and work performed outside the defined
workday can be accommodated through appropriate mutual schedule flexibility.
Unless otherwise specified, weekend work is billed at "time and a half" and holiday
work is billed at "double time" rates.
• This proposal is valid for 15 (fifteen)calendar days from the above noted Proposal Date.
5
Page 449 of 603
Agenda Item #27.
6o�ud no mics
This Statement of Work has been agreed to by the parties hereto. To confirm the scope and
selected dates, please email a signed copy of this quotation along with an authorized purchase
order to: Cloudnomics, Inc.at sales@cloudnomics.net. The final invoice will be sent to Partner.
Changes or Additions:
Either Partner, Customer, or Cloudnomics, Inc. may request changes or additions to this
Statement of Work by submitting to the other party a written document that requests a change
in the scope of services or an adjustment of the price or schedule.The parties shall agree upon
changes or additions to this Statement of Work by executing a Change Request that describes
the requested changes or adjustments in detail. If a Change Request will increase the time
required to complete this Statement of Work, the Change Request shall set forth the
appropriate adjustments to completion deadlines and/or compensation. Changes requested by
either party shall not be implemented until both parties approve the Change Request in writing.
6
Page 450 of 603
Agenda Item #27.
6oVud no mics
Terms and Conditions:
1. Cloudnomics,Inc.represents it will perform all services in a professional manner and in accordance
with industry standards.
2. (IF THIS APPLIES) The above special pricing is predicated on the flexible approach that
Cloudnomics, Inc. will rotate resources assigned from time to time but will provide several days
overlap/transition when that takes place. During the times Cloudnomics, Inc. rotates the on-site
resource,we will be sure to have the departing resource and the incoming resource both on-site
for several days to ensure a smooth transition.
3. No Cloudnomics, Inc. representative is expected to work more than 10 consecutive hours.
4. Any quotations you may have received, whether verbal or otherwise, for the number of days
required to perform a task were given as a tool for budgeting purposes and are not meant to be a
guarantee for the amount of time required to perform your project.
5. We ask that you not task our resources with work outside the scope of this project.
6. Should any situation or development occur that will drastically change the project scope and
resulting estimated cost for Cloudnomics, Inc.during the course of your project,the Cloudnomics,
Inc.project manager will advise the Customer. The Customer and Cloudnomics,Inc.shall agree on
a course of action to deal with the situation.
7. Invoices are due and payable within thirty(30)days after receipt thereof.
8. The scope of this quote is service delivery only. Nothing in this quotation extends any warranties
with regard to the products or services of Cloudnomics, Inc., the customer infrastructure or
infrastructure security.
9. Customer and/or Partner (where applicable) shall not during the Term and for a period of three
years thereafter, directly or indirectly solicit or induce any employee or contractor of Secure
Dynamics, Inc or any subsidiary or related company to terminate his or her employment with the
Cloudnomics, Inc.
10. Warranties, Disclaimers and Limitation of Liability. Warranties. Cloudnomics, Inc. represents
and warrants that all services and deliverables rendered pursuant to this agreement shall be
provided by Cloudnomics,Inc.in a professional,effective and efficient manner that equals the then
current industry standard for such services and deliverables. EXCEPT AS OTHERWISE PROVIDED IN
THIS AGREEMENT, CLOUDNOMICS, INC. MAKES NO WARRANTIES OF ANY KIND OR NATURE,
WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Limitation of Liability
NOTWITHSTANDING ANYTHING ELSE IN THIS AGREEMENT OR OTHERWISE,CLOUDNOMICS,INC.WILL IN NO EVENT BE
LIABLE WITH RESPECT TO ANY SUBJECT MATTER OF THIS AGREEMENT UNDER ANY CONTRACT, NEGLIGENCE,STRICT
LIABILITY OR OTHER LEGAL, CONTRACTUAL OR EQUITABLE THEORY FOR: (1)ANY INDIRECT, SPECIAL, INCIDENTAL OR
CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND WHETHER OR NOT ADVISED IN ADVANCE OF THE POSSIBILITY OF
SUCH DAMAGES;OR(ii) DAMAGES FOR LOST PROFITS OR LOST DATA;OR(III)COST OF PROCUREMENT OF SUBSTITUTE
GOODS,TECHNOLOGY OR SERVICES. NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY OR THE
FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITATION OF LIABILITY OR LIMITED REMEDY,CLOUDNOMICS,INC.'S ENTIRE
AGGREGATE LIABILITY ARISING FROM OR RELATING TO THIS AGREEMENT OR THE SUBJECT MATTER HEREOF, UNDER
ANY LEGAL THEORY(WHETHER IN CONTRACT,TORT,INDEMNITY OR OTHERWISE SHALL BE LIMITED TO THE AMOUNTS
RECEIVED BY CLOUDNOMICS, INC. UNDER THIS AGREEMENT FOR A CLAIM PURSUANT TO A PARTICULAR PROJECT
UNDER THIS AGREEMENT THAT CAUSED THE LIABILITY.
7
Page 451 of 603
Agenda Item #27.
6oVud mics
Confidential Information
This document may contain confidential and/or proprietary information and is intended only for the
person/entity to which it was originally addressed. The content of this document may contain private views
and opinions,which do not constitute a formal disclosure or commitment unless specifically stated.
Authorization:
Prepared by: Accepted by:
Cloudnomics
(Printed Name)
1/10/2024
(Date) (Title)
(Purchase Order Number)
(Date)
(Signature)
8
Page 452 of 603
Agenda Item #27. SALES QUITE
Loud nomics Quotation No.: 712731
Quotation Date: 14106I25
5201 Great America Parkway, Ste 324 Valid Until: 11106I25
Santa Clara, CA 95054 Customer No.: C5000455
Customer Ref.No.:
Vendor Quote No.:
Page No.: Page 1 of
BILL TO SHIP TO TOTAL
The Village of tequesta The Village of Tequesta $ 7999.00
345 7equesta Drive 345 7equesla drive ,
7equesta FL 33469-0273 Tequesfa FL 33459-0273 Shipping charges and tax will be adds
USA USA to all orders if applicable
Palo Alta Networks Product(s)are
not-returnable and non-cancelable
COSELL PARTNER END USER ORDER DETAILS
Sales Employee: Michael Saliba
Terms: -Cash Basic-
Type of Sale: New
Qty item Name Description List Price Disc% Unit Price T
1 CN-CONSULT-QUICKS QuickStart PANW Refresh for 3xxx Series $9,920.00 19.365 $7,998.99 $7,99
TART-3KSEFZlES-REFR y
ESH
Subtotal $779C
Shipping
Tax
Total Order Value $7,99