NEXT GENERATION FIREWALL

Managed firewall customers will be provided with a single or high availability pair of hardware or virtual appliances. Appliance(s) will be sized appropriately for the customers environment using sizing toolsets.

FIREWALL APPLIANCES UPGRADES

As the contract nears the end of its term service delivery managers will reach out to discuss renewal and upgrade options. Upon renewal an engineer will be dispatched to migrate the existing configuration to the new appliance. Existing appliances will be returned to us.

CENTRAL POLICY MANAGEMENT

Managed service customers will have access to a customer portal to generate tickets for changes to their firewall policies. Customers can access the firewalls directly to review policies and logs using a read-only account provided to the customer.

Managed Firewall service contracts include the following additional exemptions to the change cap (see core service definitions). 

• Modification of existing content filtering policies, i.e. adding a URL, URI or keyword to an existing policy.
  

SITE TO SITE IPSEC TUNNEL MONITORING

Site to Site virtual private network connections will be explicitly monitored by the service. Tickets will be automatically generated for up/down events within Simplify IT’s ITSM toolset. Customers can review tickets within their customer portal. 

Simplify IT will attempt to rectify IPSEC stability issues on the managed firewall only. Issues that related to the remote IPSEC peer or related connectivity are not supported.

HIGH AVAILABILITY FIREWALL

Managed Firewall customers will be provided with an additional hardware unit or virtual appliance for extra resilience. Licensing and capabilities will mirror the primary unit, the second unit will remain passive unless used for maintenance or failover reasons.

IPS & ANTI-MALWARE

Service down or configuration issues which are causing disruption to the service under contract are deemed “incident”. Issues that relate to interdependent services, i.e., LDAP config issues being caused by invalid certificates issued within Active Directory, or changes to the base configuration, i.e., enablement of additional feature sets following the completed installation of the service, are not covered under contract and will require consumption of an umbrella, pre-paid consultancy services contract. 

Ask your Simplify Technology Group Account Manager about this if it’s something you feel you may need.

CLOUD SANDBOX LOGGING

Cloud sandbox service submits unknown suspicious files for analysis in a cloud based sandbox cluster. The service is configured to log (not block) if a submission is determined as suspicious. Events be viewed using a read-only account provided to the customer. Tickets will be auto generated within Simplify IT’s ITSM toolset for suspicious sandbox events.

CLIENT VPN WITH MFA

Client to site VPN capability allows external clients to connect to the corporate network using a client software package. 

Installation of the client software across endpoints is not covered as part of the service, Simplify IT will provide customer IT staff with a deployment manual and will assist in the initial deployment of a single test endpoint. Simplify IT will assist in deployment issues on a case-by-case basis. 

Simplify IT do not support end users local operating systems beyond diagnosing failed installations or issues that directly relate to the operation of the VPN client. VPN stability issues caused by for example unreliable internet break out at the client end are deemed out of support.

SOFTWARE-DEFINED WAN SERVICE

Provides comprehensive application steering and prioritisation across multiple aggregated internet lines, optimizing performance and connectivity. Failures of internet connectivity are automatically detected and recovered by the service. 

Simplify IT supports the configuration of the SD-WAN service only, support of internet connectivity, related routers or interrelated connectivity are exempt. 

WEB FILTERING SERVICE

Provides web filtering based on words, patterns, URI and URL categorization. Matching can be allowed, blocked with logging. Events can be viewed using a read-only account provided to the customer. Tickets will not be generated within Simplify IT’s ITSM toolset for any content filtering events. 

A base set of policies will be crafted on installation to meet your requirements. Only changes to existing content filtering policies are exempt from the policy management cap, requests for additional policies are not covered under contract and will require consumption of an umbrella or pre-paid consultancy contract.

Web Filtering is achieved within the corporate network behind the managed firewall and when roaming using a client software package. Installation of the client software across endpoints is not covered as part of the service, Simplify IT will provide customer IT staff with a deployment manual and will assist in the initial deployment of a single test endpoint. Simplify IT will assist in deployment issues on a case-by-case basis. 

Simplify IT does not support end users local operating systems beyond diagnosing failed installations or issues that directly relate to the operation of the content filter client.

ANTI-SPAM SERVICE

Provides an additional layer of protection for email protocols SMTP/S, POP3/S, IMAP/S. The service decrypts and scans packets for known bad actors based on IP address, email address, embedded URL’s and checksums. Messages can either be discarded or the subject lines modified to be marked as spam. This service is considered complimentary to any existing customer cloud-based message filtering services. 

Events can be viewed using a read-only account provided to the customer. Tickets will not be raised within Simplify IT’s ITSM toolset for Anti-spam events

MAJOR SOFTWARE RELEASE PATCHING

Major software release patching of systems under contract is covered once a year under the premium service offering. Service delivery managers will schedule consultants to perform major release upgrades, remediation plans will be formed and the work will be carried out in line with customer change management processes. 

As with all major releases, feature sets are often improved, Simplify IT will highlight any feature sets that are relevant to its customers. Implementation of additional features available post upgrade are deemed as “change” and not “incident” and will therefore be covered under pre-purchased umbrella or consultancy services contracts. The customers assigned service delivery manager can be contacted to plan any “change” to the services configuration.