K12 Services - Firewall

DIT Managed Firewall & VPN Service

Service Description

The DIT Managed Firewall and VPN Service is utilized by customers interested in an additional layer of security for their network. This service can manage all phases of a firewall and VPN security solution, including architectural validation, implementation, operations, and ongoing configuration management. This service provides access control and standards based encryption technology as the foundation for secure, high performance, data communications. DIT network security analysts will provide consultation and recommend security best practices to aid in establishing the desired security policy to protect data assets.

Service Implementation and Support

DIT Fully Managed

Customer/DIT Joint Management

Consultation regarding service options and security configurations

Y

Y

All required activities to complete service installation

Y

Y

All hardware and software components required to deliver the security service

Y

Y

Ongoing operating system release and patch management

Y

On request by customer

Ongoing configuration management 

Y

N

Configuration backup

Y

Y1

24x7 Device Monitoring

Y

N

24x7 Support

Y

Y

Real-time view of security policy

Optional

Optional

Log retention at customer location

Available

Available

1In the event that the security solution fails to perform after customer changes to the initial configuration, DIT will restore the latest configuration backup.  If further investigation is required of DIT, then the customer will be charged the published security service consulting rates.

Service features include

Firewall & VPN Service

10Mbps

20-100 Mbps

250Mbps

500Mbps-1Gbps

2Gbps

3-4Gbps

10Gbps

Features and Options

Throughput

150 Mb (FW)

300 Mb (FW)

450 GB (FW)

1.5 GB (FW)

2 Gb (FW)

5GB (FW)

10Gb (FW)

Site-to-Site VPN

Included

Included

Included

Included

Included

Included

Included

Interfaces

2 FE

Up to 6 GE

Up to 8 GE

8 GE

8 GE

8 GE; 2 10GE

6 GE; 4 10GE

SSL VPN

25 users

250 users

750 users

2,500 users

5,000 users

10,000 users

10,000 users

Hours of Availability

This service is available to customers 24 x 7, excluding planned outages, maintenance windows and unavoidable events. Maintenance windows are used only when needed for planned changes that have gone through the DIT Change Management Process. In addition to the Standard DIT Maintenance Windows, site-specific and service-specific changes may be coordinated with customers at non-standard times.

Standard maintenance windows are defined as:

  • 12:00 a.m. to 3:00 a.m. each night (standard approved changes)
  • 4:00 a.m. to 7:00 a.m. each Thursday
  • 4:00 a.m. to 12:00 p.m. each Sunday

Customer Responsibilities

  • Perform a security vulnerability assessment and a risk analysis of own environment, prior to the initial consulting meeting
  • Provide a current diagram of customer’s network, as input to the joint development of the initial security policy by DIT and the customer
  • Provide a secure physical facility with access control restrictions for the placement of the Firewall and VPN Service components, preferably co-located with the provided WAN Service router. The secure facility requires customer coordinated 24 x 7 accessibility for authorized DIT staff
  • Provide a 24 x 7 point of contact (POC) for DIT to contact for reporting and coordinating outages or emergency maintenance
  • This POC list will include the only authorized contacts for security related issues and to request backup configuration restoration
  • Work with DIT on a mutually agreed schedule to allow required maintenance services to be performed in a timely manner