Tender Specifications Document - FNU | Home - Fiji · PDF file · 2017-10-08SUPPLY & INSTALLATION OF NEXT GENERATION FIREWALL, CONTENT GATEWAY FILTERING & WEB APPLICATION FIREWALL

SUPPLY & INSTALLATION OF

NEXT GENERATION FIREWALL,

CONTENT GATEWAY

FILTERING & WEB

APPLICATION FIREWALL

Tender Specifications Document

Fiji National University [email protected]

Vision Fiji National University is seeking to acquire an external facing, highly available,

deep-packet inspection perimeter firewall solution, web security and web

application firewall that moves beyond port/ protocol inspection and blocking to

add application-level inspection, intrusion prevention, Zero Day Protection, and

bring intelligence from outside the firewall as described in Technical

Specifications Section

Last Modified: 9 October 2017

REQUEST FOR PROPOSAL - FNU (052/17)

University Information Management System 2016

1 | P a g e F i j i N a t i o n a l U n i v e r s i t y

Change Tracking All changes to this document after the release of the RFP will be registered in the following

table.

Description Page Numbers Modified Date



Table of Contents Change Tracking ............................................................................................................................. 1

1.1. Purpose of RFP .................................................................................................................... 4

1.2. Disclaimer ............................................................................................................................ 4

1.3. Costs to be borne by Respondents ....................................................................................... 4

1.4. No Legal Relationship ......................................................................................................... 4

1.5. Recipient Obligation to Inform Itself ................................................................................... 4

1.6. Evaluation of Offers ............................................................................................................. 4

1.7. Errors and Omissions ........................................................................................................... 5

1.8. Acceptance of Terms ........................................................................................................... 5

1.9. Requests for Proposal .......................................................................................................... 5

1.9.1. Compliance .......................................................................................................................... 5

1.9.2. Clarification of RFP ............................................................................................................. 5

1.9.3. Amendment to the Bidding document ................................................................................. 6

1.9.4. Language of RFP ................................................................................................................. 6

1.9.5. Erasures or Alterations ......................................................................................................... 6

1.9.6. Bid Currency ........................................................................................................................ 6

1.9.7. Delivery Schedule ................................................................................................................ 7

1.9.8. Period of Validity of Bids .................................................................................................... 7

1.9.9. Deadline for submission of Bids .......................................................................................... 7

1.9.10. Late Bids ....................................................................................................................... 8

1.9.11. Modification And/ Or Withdrawal of Bids: ................................................................. 8

1.9.12. Opening of Bids by the University ............................................................................... 8

1.9.13. Evaluation Methodology .............................................................................................. 9

1.9.14. No Commitment to Accept Lowest or Any Offer ........................................................ 9

1.9.15. Conditional Bids ......................................................................................................... 10

1.9.16. Proposal Ownership .................................................................................................... 10

1.9.17. Contacting the University ........................................................................................... 10

1.9.18. Award of Contract ...................................................................................................... 10

2. Technical Specifications .................................................................................................... 11

3. Appendix 1 ......................................................................................................................... 14



About FNU Fiji National University (FNU) is the largest and newest University in Fiji and the first national

university. More than 1800 University staff are located at campuses spread across towns around

the country and offer a wide range of programs from certificate to postgraduate degrees. FNU

was formed by a merger of seven training institutions in Fiji - the Fiji Institute of Technology,

Fiji School of Medicine, Fiji School of Nursing, Fiji College of Advanced Education, Lautoka

Teachers College, Fiji College of Agriculture and the Training and Productivity Authority of Fiji

(TPAF).

As an evolving dynamic institution, yet one with an illustrious history within its component

parts, FNU is daily developing, innovating and expanding to provide Fiji and the region with the

education and training that they most need.



1. Disclaimer and Information to Bidders 1.1. Purpose of RFP

The purpose of this RFP is to seek quotes to purchase hardware equipment’s needed to support

the need for Next Generation Firewall and Web Application Firewall (WAF) as well as to

obtain the license for three years.

The Request for Proposal document contains statements derived from information that is

believed to be relevant at the date but does not purport to provide all the information that may

be necessary or desirable to enable an intending contracting party to determine whether or not to

enter into a contract or arrangement with the University. Neither FNU nor any of its employees,

agents, contractors, or advisers gives any representation or warranty, express or implied, as to

the accuracy or completeness of any information or statement given or made in this document.

1.2. Disclaimer Subject to any law to the contrary, and to the maximum extent permitted by law, FNU and its

officers, employees, contractors, agents, and advisers disclaim all liability from any loss or

damage (whether foreseeable or not) suffered by any person acting on or refraining from acting

because of any information including forecasts, statements, estimates, or projections contained in

this document or conduct ancillary to it whether or not the loss or damage arises in connection

with any negligence, omission, default, lack of care or misrepresentation on the part of FNU or

any of its officers, employees, contractors, agents, or advisers.

1.3. Costs to be borne by Respondents All costs and expenses incurred by respondents in any way associated with the development,

preparation, and submission of responses, including but not limited to; the attendance at

meetings, discussions, demonstrations etc. and providing any additional information required by

FNU, will be borne entirely and exclusively by the Respondent.

1.4. No Legal Relationship No binding legal relationship will exist between any of the Respondents and FNU until execution

of a contractual agreement.

1.5. Recipient Obligation to Inform Itself The Recipient must conduct its own investigation and analysis regarding any information

contained in the RFP document and the meaning and impact of that information.

1.6. Evaluation of Offers Each Recipient acknowledges and accepts that FNU may in its absolute discretion apply

selection criteria specified in the document for evaluation of proposals for short listing / selecting

the eligible Bidder(s).



1.7. Errors and Omissions Each Recipient should notify FNU of any error, omission, or discrepancy found in this RFP

document.

1.8. Acceptance of Terms All Recipient will, by responding to FNU for RFP, be deemed to have accepted the terms of this

Introduction and Disclaimer.

1.9. Requests for Proposal Recipients are required to direct all communications related to this RFP, through the Nominated

Point of Contact person:

Contact : Sanjay Singh

Position : Acting Manager ICT Infrastructure

Email : [email protected]

Telephone : +679 338 1044

FNU may, in its absolute discretion, seek additional information or material from any of the

Respondents after the RFP closes and all such information and material provided must be taken

to form part of that Respondent’s response.

Respondents should provide details of their contact person, telephone, fax, email and full

address(s) to ensure that replies to RFP could be conveyed promptly.

If FNU, in its absolute discretion, deems that the originator of the question will gain an

advantage by a response to a question, then FNU reserves the right to communicate such

response to all Respondents.

FNU may, in its absolute discretion, engage in discussion or negotiation with any Respondent (or

simultaneously with more than one Respondent) after tender closes to improve or clarify any

response.

1.9.1. Compliance The Bidders are expected to examine all instructions, forms, terms and specifications in the

Bidding documents. Failure to furnish all information required by the Bidding documents may

result in the rejection of its RFP and will be at the Bidder's own risk.

1.9.2. Clarification of RFP 1.9.2.1. The Bidder or its official representative is invited to gather pre-RFP

information from the ICT HQ in Samabula or throught University’s official

Tender publishing website (http://www.fnu.ac.fj/new/tenders). It would be the

responsibility of the Bidders or its representatives to take the relevant

documents.

http://www.fnu.ac.fj/new/tenders



1.9.2.2. Clarification sought by Bidder should be made in writing (E-mail) and

submitted latest by three days before closing of tender. The text of the

clarifications asked (without identifying the source of enquiry) and the

response given by the university, together with amendment to the Bidding

document, if any, will be posted on the University tender website

(http://www.fnu.ac.fj/new/tenders). No individual clarifications will be sent to

the Bidders. It would be responsibility of the Bidder to check the website

before final submission of RFP.

1.9.3. Amendment to the Bidding document 1.9.3.1. At any time prior to the date of submission of RFP, the University, for any

reason, may modify the Bidding Document, by amendment.

1.9.3.2. In order to allow prospective Bidders reasonable time in which to take the

amendment into account in preparing their RFP, the University, at its

discretion, may extend the deadline for the submission of RFP.

1.9.3.3. The amendment will be posted on the university tender website

(http://www.fnu.ac.fj/new/tenders)

1.9.3.4. All Bidders must ensure that such clarifications/amendments have been

considered by them before submitting the RFP. The university will not have

any responsibility in case some omission is done by any Bidder.

1.9.4. Language of RFP The RFP prepared by the vendor as well as all correspondence and documents

relating to the RFP exchanged by the vendor and the university and supporting

documents and printed literature shall be written in English.

1.9.5. Erasures or Alterations The offers containing erasures or alterations will not be considered until it is duly

signed and stamped by the authorized signatory. There should be no hand-written

material, corrections or alterations in the offer. Technical details must be completely

filled in. Correct technical information of the product being offered must be filled

in. Filling up of the information using terms such as “OK”, “accepted”, “noted”,

“complied”, “as given in brochure / manual is not acceptable. The University may

treat such offers as not adhering to the tender guidelines and as unacceptable.

1.9.6. Bid Currency Bids should be quoted in Fijian Dollars (FJD) only. Where other currencies are

used, the bidder must specify the equivalent Fijian dollars and the exchange rate

used. All applicable taxes must be clearly indicated.





1.9.7. Delivery Schedule

1.9.7.1. FNU requires an estimated date of delivery from the time of confirmation

of the Purchase Order to delivery of goods and services to FNU.

1.9.7.2. Delivery of the Goods shall be made by the Supplier in accordance with

the terms of the Purchase Contract. The bidder should take responsibility of the

Goods till it reaches the delivery destination as informed by the University,

transport to such place of destination in Fiji, including insurance and storage,

as shall be specified in the Contract, shall be arranged by the Supplier. Bidder

shall arrange for any other document wherever required. Any letter required

for this will be given by the university.

1.9.7.3. Installation will be treated as incomplete in one/all of the following

situations:

1.9.7.3.1. Non-delivery of any equipment or other components viz.

Accessories, software/ drivers media, user manual, commissioning report

mentioned in the order.

1.9.7.3.2. Non-delivery of supporting documentation.

1.9.7.4. The University will consider the inability of the Bidder to deliver the

equipment within the specified time limit, as a breach of contract and would

entail the payment of Liquidation Damages on the part of the Bidder.

1.9.7.5. The liquidation damages represent an estimate of the loss or damage that

the university may have suffered due to delay in performance of the

obligations (relating to delivery, warranty, maintenance etc. of the

deliverables) by the Bidder.

1.9.7.6. The University shall, without prejudice to its other remedies under the

Contract, deduct from the Contract Price, as liquidated damages.

1.9.7.7. Products shall be supplied in a ready to use condition along with all

Cables, Connectors, Software Drivers, Manuals and Media etc.

1.9.8. Period of Validity of Bids 1.9.8.1. Prices and other terms offered by Bidders must be firm for an acceptance

period of 180 days from date of closure of this RFP.

1.9.8.2. In exceptional circumstances the university may solicit the Bidders

consent to an extension of the period of validity. The request and response

thereto shall be made in writing.

1.9.8.3. The University, however, reserves the right to call for fresh quotes at any

time during the period, if considered necessary.

1.9.9. Deadline for submission of Bids 1.9.9.1. The bids must be received by the University at the specified address not

later than the due date specified in the tender advertisement.



1.9.9.2. The University may, at its discretion, extend the deadline for submission

of Bids by amending the Bid Documents, in which case, all rights and

obligations of the University and Bidders previously subject to the deadline

will thereafter be subject to the deadline as extended.

1.9.10. Late Bids Any bid received by the university after the deadline for submission of bids

prescribed by the university will be rejected and returned unopened to the bidder.

1.9.11. Modification And/ Or Withdrawal of Bids: 1.9.11.1. The Bidder may modify or withdraw its bid after the bid’s submission,

provided that written notice of the modification including substitution or

withdrawal of the bids is received by the university, prior to the deadline

prescribed for submission of bids.

1.9.11.2. The Bidder modification or withdrawal notice shall be prepared, sealed,

marked and dispatched.

1.9.11.3. No bid may be modified or withdrawn after the deadline for submission of

bids.

1.9.11.4. FNU has the right to reject any or all bids received without assigning any

reason whatsoever. University shall not be responsible for non-receipt / non-

delivery of the bid documents due to any reason whatsoever.

1.9.12. Opening of Bids by the University 1.9.12.1. On the scheduled date and time, bids will be opened by the Committee in

presence of Bidder representatives. It is the responsibility of the bidder’s

representative to be present at the time, on the date and at the place specified in

the tender document. The bidders’ representatives who are present shall sign a

document evidencing their attendance.

1.9.12.2. If any of the bidders or all bidders who have submitted the tender and are

not present during the specified date and time of opening it will be deemed that

such bidder is not interested to participate in the opening of the Bid/s and the

university at its discretion will proceed further with opening of the technical

bids in their absence.

1.9.12.3. The Bidder name and presence or absence of requisite RFP cost (if any)

and such other details as the University, at its discretion may consider

appropriate will be announced at the time of technical bid opening. No bid

shall be rejected at the time of bid opening, except for late bids which shall be

returned unopened to the Bidder.

1.9.12.4. Bids that are not opened at Bid opening shall not be considered for further

evaluation, irrespective of the circumstances. Withdrawn bids will be returned

unopened to the Bidders.



1.9.13. Evaluation Methodology 1.9.13.1. Clarification of bids

During evaluation of Bids, the university, at its discretion, may ask the Bidders for

clarifications of their Bids. The request for clarification and the response shall be in

writing (e- Mail), and it should be submitted within the time stipulated by the

university. No change in the price of substance of the Bid shall be sought, offered or

permitted

1.9.13.2. Preliminary Examinations

1.9.13.2.1. The university will examine the Bids to determine whether they are

complete, the documents have been properly signed, supporting papers/

documents attached and the bids are generally in order.

1.9.13.2.2. The University may, at its sole discretion, waive any minor

infirmity, nonconformity or irregularity in a Bid which does not constitute

a material deviation, provided such a waiver does not prejudice or affect

the relative ranking of any Bidder.

1.9.13.2.3. Prior to the detailed evaluation, the University will determine the

substantial responsiveness of each Bid to the Bidding document. For

purposes of these Clauses, a substantially responsive Bid is one, which

conforms to all the terms and conditions of the Bidding Document

without material deviations. Deviations from or objections or reservations

to critical provisions, such as those concerning Bid security, performance

security, qualification criteria, insurance, Force Majeure etc. will be

deemed to be a material deviation. The University's determination of a

Bid's responsiveness is to be based on the contents of the Bid itself,

without recourse to extrinsic evidence. The University would also

evaluate the Bids on technical and functional parameters including

possible visit to inspect live site(s) of the bidder, witness demos, bidders’

presentation, verify functionalities / response times etc.

1.9.13.2.4. If a Bid is not substantially responsive, it will be rejected by the

University and may not subsequently be made responsive by the Bidder

by correction of the nonconformity.

1.9.13.2.5. The Bidder is expected to examine all instructions, forms, terms

and specification in the Bidding Document. Failure to furnish all

information required by the Bidding Document or to submit a Bid not

substantially responsive to the Bidding Document in every respect will be

at the Bidder's risk and may result in the rejection of its Bid.

1.9.14. No Commitment to Accept Lowest or Any Offer 1.9.14.1. The University reserves its right to reject any or all the offers without

assigning any reason thereof whatsoever.

1.9.14.2. The University will not be obliged to meet and have discussions with any

bidder and/ or to entertain any representations in this regard.



1.9.14.3. The bids received and accepted will be evaluated by the University to

ascertain the best and lowest bid in the interest of the University. However, the

University does not bind itself to accept the lowest or any Bid and reserves the

right to reject any or all bids at any point of time prior to the order without

assigning any reasons whatsoever. The University reserves the right to re-

tender.

1.9.14.4. The bidder including those, whose tender is not accepted shall not be

entitled to claim any costs, charges, damages and expenses of and incidental to

or incurred by him through or in connection with his submission of tenders,

even though the University may elect to modify / withdraw of the tender.

1.9.15. Conditional Bids Conditional bids shall not be accepted on any ground and shall be rejected

straightway. If any clarification is required, the same should be obtained before

submission of bids.

1.9.16. Proposal Ownership The proposal and all supporting documents submitted by the bidder shall become the

property of the University.

1.9.17. Contacting the University 1.9.17.1. Bidder shall NOT contact the University on any matter relating to its Bid,

from the time of opening of Bid to the time a communication in writing about

its qualification or otherwise received from the University.

1.9.17.2. Any effort by the Bidder to influence the University in its decisions on Bid

evaluation, Bid comparison may result in the rejection of the Bidder’s Bid.

1.9.18. Award of Contract The University reserves the right at the time of award of contract to increase or

decrease of the quantity of goods or services or change in location where equipment

are to be supplied from what was originally specified while floating the tender

without any change in unit price or any other terms and conditions.



2. Technical Specifications FNU intends to purchase next generation firewall solution with protection from zero-day attacks

for its perimeter network. A Firewall solution may have built in Web Security module or is

supported by separate web security solution. The University requires separate Web Application

Firewall (WAF) to support publishing of services. This investment would be contracted for three

years with yearly subscription payments for software licenses. The Illustration below shows the

desired location of the solution, however bidders can recommend other alternative architecture.

The firewall must be able to handle 1 Gbps peak traffic without compromising its functionalities

and performance.

DISASTER RECOVERPRODUCTION DATACENTER AT FOUR DIFFERENT LOCATIONS

INTERNET

LAN USERS EXTERNAL USERS

1 Gbps

FNU LAN/ WAN

PROPOSED

LOCATION

FNU currently has equivalent full-time student number of 10,874 and 1875 staff.

The University also require’s appropriate active/ standby or clustered hardware appliances

that is scalable to cater for increase future needs.

The hardware must support Internet feed from multiple ISP’s.

Details of Specific Funtional Requirements are listed as part of Appendix 1.



2.1 Submission Compliance

Bidders are required to submit the following

1. Vendor Proposal

2. Complete and Return Appendix 1 Including

• Part A – Compliance Checklist for Mandatory Features

• Part B – Compliance with various Reporting Requirements

• Part C – Details of Technical Specifications and Performance Measurements

• Part D – Pricing & Timeline

• Part E – Reference Customers

3. Bidder to provide list of predefined applications that are supported by firewall

4. Bidder to provide list of all categories and sub categories supported for URL filtering

5. Bidder to provide samples of predefined usage reports (including but not limited to

reports specified in Part B of Appendix 1)

6. Bidder to provide lists of notification modes and notification triggers.

7. Provide Contact Details of atleast five reference customers for each bided product (as per

Part E of Appendix 1).

8. Bidder to provide recent Gartner/ NSS Labs reports relating to the bided hardware/

software/ solutions.

Failure to submit any of the above will deem the bid non-compliant.

2.2 The Bidder to note that:

2.1.1. The technical specifications specified are minimum specifications and the items

quoted by Bidders should have all the minimal functionality enabled from day one.

2.1.2. The University reserves the right to alter the quantities specified in the offer in

the event of changes in plans of the university. The same shall be advised at the time

of placing the order with the Bidder(s).

2.1.3. University reserves the right to place the order with respective Bidder for all the

items in single or multiple lots within the RFP validity period.

2.1.4. The purpose behind issuing this RFP is to invite pre-qualification, technical and

commercial RFP from the eligible Bidders and selection of Bidder(s) for the above

purpose.

2.1.5. The selection process consists of two phases: -

2.1.5.1. Technical Evaluation

2.1.5.2. Commercial Evaluation.



2.3 Scope of Work

The Scope of Work involves:

• Supply and Installation of Hardware & Virtual (VMWare) appliances where

required.

• To conduct information gathering and scoping engagement to be used to

create an implementation plan. Engagement will cover the relationship and

configuration of existing hardware to be replaced by the bidder’s solution.

Migration of settings and policies from existing policy server to new

solution

• To provide onsite implementation (single location in Suva) and knowledge

transfer based on the implementation plan generated in the information

gathering engagement.

• To provide formal, certified, onsite training for the bidder’s solution,

including instructor, courseware and travel related expenses for up to ten

staff.

• To execute four post implementation Health Checks on a quarterly basis to

ensure that the solution is configured and performing optimally.

• Ensure compliance to requirements of the University.

• No proxy bypass software or techniques should be usable to bypass the

firewall.



3. Appendix 1 Vendors are required to completely fill and Submit this page onwards

Select the products bided for

☐ Firewall with UTM ☐ Firewall without UTM ☐ Separate Web Security ☐ Web Application Firewall

PART A [I] – MANDATORY FEATURES – Firewall and Web Security

Specifications Compliance

YES NO

CORE FUNCTIONAL REQUIREMENTS

1 Identify applications within the HTTP/HTTPS protocol (browser-

based applications): The solution must provide an application control

feature that must be able to identify the application in use within the

HTTP/HTTPS protocol, as well as Mobile Applications, for any TCP Port

used. Once identified, applications can be allowed, blocked and limit

available bandwidth.

☐ ☐

2 Identify applications outside of HTTP/HTTPS traffic (desktop

applications): The solution must provide an application control feature

that must be able to identify the application in use when the traffic is not

sent via HTTP or HTTP Secure (HTTPS). Once identified, applications can

be allowed, blocked and limit available bandwidth.

☐ ☐

3 Windows Active Directory Integration: The solution must provide an

interface to Active Directory (AD) or Lightweight Directory Access

Protocol (LDAP) to pull user IDs and groups that can then be used in

firewall rules. Must support multiple independent AD/LDAP domains.

☐ ☐

4 Integrated Windows Authentication: For all domain based devices, the

solution must be able to seamlessly authenticate using Integrated Windows

Authentication

☐ ☐

5 Enforce policy on individual users and user groups: The solution must

provide a policy to allow, deny and limit available bandwidth. Traffic must

be enforceable on individual users or user groups.

☐ ☐

6 Support for application information feed: The solution must provide an

application control function and must allow for the importation and use of

information about applications. The feed should include information about

how applications are used and provide recommendations to the University

regarding actions to take if the application is discovered in use.

☐ ☐

7 User-developed application signatures: The solution must provide the

necessary interface for the University to create, edit and deploy custom

application signatures.

☐ ☐

8 Application whitelist/blacklist: The solution must provide an application

control function, must allow the University to create or import whitelists

and blacklists for applications and have the lists used to enforce policy on

network traffic

☐ ☐




YES NO

9 Categorize and Filter URLs: The solution must be able to block, allow

and limit available bandwidth specific URL categories and/or reputation of

the URL.

☐ ☐

10 Identify applications within SSL protocol: The application control

feature should be able to identify the application in use within SSL traffic.

Once identified, applications can be allowed, blocked and limit available

bandwidth. The solution must participate in the initial SSL key exchange

and then decrypt session traffic to examine the contents for attacks,

including both inbound and outbound inspection based on policy, without

availing of off-load to alternate system.

☐ ☐

11 Block specific browsers: The application control function must be able to

block the use of specific browsers and applications (i.e. Java version). ☐ ☐

12 Block upload of data even when allowing access to the site: The

application function must be able to block the upload of data to a site even

if access to the site is allowed by policy. This includes input into forms as

well as the upload of files.

☐ ☐

13 Block unauthorized browser plugins: The application control function

must be able to block the use of specific browser plugins that are visible in

network traffic.

☐ ☐

14 The solution should provide Advanced Persistent Threat (APT)

protection functionality: The solution must provide Advanced Persistent

Threat (APT) protection functionality. This will include features such as

network traffic and user behavioral analysis and anomaly detection.

☐ ☐

15 Redundancy in physical appliances: The solution must support redundant

hot-swappable power supplies and disk drives. ☐ ☐

16 Out-of-band management: The solution must support out-of-band

management interfaces (either Ethernet or serial) ☐ ☐

17 System availability (active/standby): The solution must provide two

Firewalls and allow failover to support 99.999% availability in

active/passive or active/standby mode.

☐ ☐

18 Site-to-site IPsec VPN: The solution must act as VPN gateways for site-

to-site VPNs must support remote site recognition that

is based on certificates or pre-shared key.

☐ ☐

19 SSLVPN: The solution must act as VPN gateways for SSLVPN. VPNs

must support 2 factor authentication and certificates. ☐ ☐

20 Signature-based IPS: The solution must have a signature-based IPS

function where the signatures are created by the manufacturer and

automatically applied once they are published.

• Detection and prevention of vulnerabilities.

• Detection and prevention of protocol misuse.

• Detection and prevention of malware communications.

• Detection and prevention of tunneling attempts.

• Detection and prevention of covert channel communications.

☐ ☐




YES NO

21 DoS protection: The solution must include the mechanism to protect

itself from basic Denial of Service (DoS) attacks, such as flooding and

resource consumption attacks, and application layer DoS for Web

applications

☐ ☐

22 User developed signatures for IPS: The solution must provide the

necessary interface for the customer to create, edit and deploy custom IPS

signatures

☐ ☐

23 Integrated content filtering functionality: The solution must include

integrated content filtering functionality for:

• Threat Emulation

• Threat Extraction

• Antivirus

• Anti-bot

• Application Control

• URL Filtering

☐ ☐

24 Integrated malware protection: The solution must provide integrated

malware protection ☐ ☐

25 Administrator audit: The solution must ensure that all administrative

actions be logged to include the action taken, a time stamp, and the source

IP address of the endpoint used to make the change and the administrator

user ID

☐ ☐

26 Centralized advanced Reporting console: The solution must provide

reporting engine that allows the customer to create custom and reports

linked to specific queries must be provided. Reports must include and

correlate logs from all functions (firewall, IPS, application control, etc.)

without requiring for customization or scripting.

☐ ☐

27 Email Alerts, based on policy or thresholds for:

• Hardware

• High Availability

• Networking

• Resources

• Log Server Connectivity

• Firewall rule triggered

• User defined

☐ ☐

28 SIEM integration: The solution must be capable of sending logs to a

SIEM system via syslog. ☐ ☐

29 Export of log information: The solution must be capable of exporting log

information in multiple formats (minimum comma-separated values (CSV)

and text formats).

☐ ☐

30 Role-based administration: The solution must provide Role-based

administration (RBA). ☐ ☐




YES NO

31 Centralized Management: The solution must be manageable via a ‘single

pane of glass’ management console for all features included in the

solution. Management system must be provisioned as a virtual system

compatible with VMware 5.x/6.x.

☐ ☐

32 Change then commit: The solution must allow for a rule base to be

changed and then saved before being committed to the firewalls ☐ ☐

33 Version Control and Compare: The solution must provide version

control (backup) for all modifications made to the system to facilitate

compare, rollback.

☐ ☐

34 Rule verification mechanism: The solution must provide a notification to

the administrator when a new rule either masks another rule, duplicates,

and overlaps or interferes with an existing rule.

☐ ☐

35 Reason/tracking of rule changes: The solution must provide a mechanism

to record the reason for a rule change ☐ ☐

36 Rule usage statistics: The solution must provide the administrator with

statistics on rule usage. ☐ ☐

37 Threat intelligence feeds: The solution must provide a threat intelligence

feed that automatically updates the firewall based on the most current

threat intelligence.

☐ ☐

38 Traffic profile verification: The solution must provide a search/filter

mechanism to list rules matching specified criteria. ☐ ☐

39 Geolocation: The solution must provide traffic control based on country or

location. ☐ ☐

40 Dynamic Host Configuration Protocol (DHCP) relay: The solution must

provide a DHCP relay function. ☐ ☐

41 Routing protocols:

The solution must provide at a minimum, the following routing protocols;

static, OSFP and BGP

☐ ☐

42 IPv6 Support: The solution must be IPv6 ready ☐ ☐

43 Time & Data Based Quota: The web security solution must allow

creating time and bandwidth based quota for daily, weekly or monthly

basis.

☐ ☐

44 WIFI Controller based Authentication: The bidders must provide list of

all wireless controllers supported to pass authentication information

transparently.

☐ ☐

45 Quality of Service: The solution must shape and prioritize traffic based on

rules defined for Quality of Service. ☐ ☐

SUPPORT & MAINTENANCE 46 Manufacturer must include 3 years of 7x24 hardware & software support,

threat intelligence subscription and any other annual fee required as part of

the bidder’s solution.

☐ ☐




YES NO

INSTALLATION & KNOWLEDGE TRANSFER

47 Manufacturer will provide approximately 2-3 days onsite information

gathering and scoping engagement to be used to create an implementation

plan. Engagement will cover the relationship and configuration of existing

hardware to be replaced by the bidder’s solution.

☐ ☐

48 Manufacturer will provide up to 4 days onsite implementation and

knowledge transfer based on the implementation plan generated in the

information gathering engagement.

☐ ☐

49 Manufacturer, or authorized partner, will provide 3-5 day formal, certified,

onsite training for the bidder’s solution, including instructor, courseware

and travel related expenses for up to ten staff.

☐ ☐

50 Manufacturer will execute four post implementation Health Checks on a

quarterly basis to ensure that the solution is configured and performing

optimally.

☐ ☐

COMPATIABILITY & SIZING

51 The solution must include, at a minimum, two (2) 10 Gbps fibre (SFP)

links and four (4) 1 Gbps Copper interfaces plus any additional interface

requirements for the HA cluster.

☐ ☐

52 Combined inspection throughput must be capable of maintaining a

minimum of 1Gbps with all specified feature configured, enabled and

tuned based on manufacturers best practice and recommendations;

• malware protection

• antivirus

• IPS

• application visibility

• URL filtering

• IPSec / SSL VPNs

• data filtering

• Full SSL decrypt and inspect at 1Gbps

☐ ☐

53 Minimum 1Gbps Stateful Inspection Throughput (IMIX) ☐ ☐

PART A [II] – MANDATORY FEATURES – Web Application Firewall


YES NO

1 The solution must address and mitigate the OWASP Top Ten

web application security vulnerabilities ☐ ☐

2 Must Support Reverse Proxy Deployment Method ☐ ☐

3 Protection against common attacks (Not limited to)

• SQL injection

• Cross-site scripting

• Cookie or forms tampering

☐ ☐




YES NO

4 Protection through Adaptive security ☐ ☐

7 JSON payload inspection ☐ ☐

8 Outbound data theft protection

• Credit card numbers

• Custom pattern matching (regex)

☐ ☐

9 Granular policies to HTML elements ☐ ☐

10 Protocol limit checks ☐ ☐

11 File upload control – Scanning of all files being uploaded to the publishing

servers ☐ ☐

14 High availability ☐ ☐

15 SSL offloading as well as full SSL of both Internal and External Traffic ☐ ☐

16 Load balancing ☐ ☐

17 Content routing ☐ ☐

18 XML Firewall

• XML DoS Protection

• Schema/WSDL enforcement

• WS-I conformance checks

☐ ☐

19 DDoS Protection ☐ ☐

20 Role Based Administration ☐ ☐

21 IP Reputation ☐ ☐

22 Protocol Validation ☐ ☐

23 Attack Signatures ☐ ☐

24 Antivirus / Data Loss Protection ☐ ☐

25 Advanced Persistent Threat ☐ ☐

26 Advanced Protection ☐ ☐

28 Session Hijacking ☐ ☐

29 Brute Force Protection ☐ ☐



PART B – REPORTS


YES NO

REPORTS

1 The solution should be able to provide summary reports based on

application and URL category usage ☐ ☐

2 The solution should be able to provide summary reports based on top

policies by bandwidth ☐ ☐

3 The solution should be able to provide summary reports based on top users

by browse time by social media ☐ ☐

4 The solution should be able to provide summary reports based on top sites

visited ☐ ☐

5 The solution should be able to provide summary reports based on top

blocked sites by request ☐ ☐


by browse time ☐ ☐


by bandwidth ☐ ☐


by bandwidth ☐ ☐


by browse time ☐ ☐

10 The solution should be able to provide summary reports based on Blocked

Files by Security Threat ☐ ☐

11 The solution must allow to perform investigative report for minimum of

three months of usage ☐ ☐

12 The solution must allow scheduling reports on groups of users and auto

send via email to the specified email addresses ☐ ☐

13 The solution must allow scheduling reports on overall user activity,

performance, and security threats ☐ ☐

14 The solution must allow alerts on custom defined user activities. ☐ ☐

15 The samples of reports are provided with the bid ☐ ☐

PART C – TECHNICAL SPECIFICATIONS & SYSTEM PERFORMANCE

TECHNICAL SPECIFICATIONS

Line Component Description Specify Answers Here

1 Number of 10-GbE SFP+ Interfaces

2 Number of 10/100/1000 Interfaces (RJ-45)

3 Number of GbE SFP or 10/100/1000 Interfaces

4 Number of Management Interfaces

5 Size of Internal Storage (GB)

6 Size of Built-in cache (GB)

7 Number of USB Ports



SYSTEM PERFORMANCE

8 Maximum Firewall Throughput (Gbps)

9 Maximum Firewall Latency (µs)

10 Firewall Throughput (Packets Per Second)

12 Concurrent TCP Sessions

13 New TCP Sessions Per Second

14 Maximum Number of Firewall Policies

15 Maximum IPS Throughput (Gbps)

16 Number of Virtual Firewalls

17 Number of User License (Limited to or Unlimited)

18 Number of Power Supply (1 or 1+1)

PART D – PRICE & TIMELINE

• Price must include all related costs associated with this solution.

• Price must have separate components for VEP Price, Withholding Tax (if applicable),

GST (if applicable), VAT, etc

PRICING TABLE

Attach detailed Part/Component descriptions for the proposed solution including quantity,

unit cost and extended cost to the Bid. List the total VIP Price below for each section

Line Component Description Total Cost

1 Proposed solution including three years of support, applicable fees

and subscriptions

2 Cost of Implementation

3 Certified, onsite training.

4 Post implementation Health Checks.

TOTAL COST

Specify the Currency Used

Timeline

The bidder must provide timeline for delivery and installation from the date of award of contract.

Approximate Delivery Timeline

Scope Time (working days)

Delivery of Hardware

Installation

Training

Complete Commissioning Report including user manuals



PART E – REFERENCE CUSTOMERS

Each bidder must provide list of five customers similar to FNU’s context (preferable other

Universities) who are using their products similar to proposed version.

Product 1: (Select 1 that is applicable from the following)


Product 1 Name:

Customer 1

Company Name:

Application of Product:

Hardware Specifications:

Software Versions:

Contact Name:

Phone:

Email:

Customer 2

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

Customer 3

Company Name:



Software Versions:

Contact Name:

Phone:

Email:



Customer 4

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

Customer 5

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

Product 2: (Select 1 that is applicable from the following) [Continue only if applicable]


Product 2 Name:

Customer 1

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

Customer 2

Company Name:



Software Versions:

Contact Name:

Phone:

Email:



Customer 3

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

Customer 4

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

Customer 5

Company Name:



Software Versions:

Contact Name:

Phone:

Email:



Product 3 Name:

Customer 1

Company Name:



Software Versions:

Contact Name:

Phone:

Email:



Customer 2

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

Customer 3

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

Customer 4

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

Customer 5

Company Name:



Software Versions:

Contact Name:

Phone:

Email:





Product 4 Name:

Customer 1

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

Customer 2

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

Customer 3

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

Customer 4

Company Name:



Software Versions:

Contact Name:

Phone:

Email:



Customer 5

Company Name:



Software Versions:

Contact Name:

Phone:

Email:

The End