tender specifications document - fnu | home - fiji · pdf file · 2017-10-08supply...
TRANSCRIPT
SUPPLY & INSTALLATION OF
NEXT GENERATION FIREWALL,
CONTENT GATEWAY
FILTERING & WEB
APPLICATION FIREWALL
Tender Specifications Document
Fiji National University [email protected]
Vision Fiji National University is seeking to acquire an external facing, highly available,
deep-packet inspection perimeter firewall solution, web security and web
application firewall that moves beyond port/ protocol inspection and blocking to
add application-level inspection, intrusion prevention, Zero Day Protection, and
bring intelligence from outside the firewall as described in Technical
Specifications Section
Last Modified: 9 October 2017
REQUEST FOR PROPOSAL - FNU (052/17)
University Information Management System 2016
1 | P a g e F i j i N a t i o n a l U n i v e r s i t y
Change Tracking All changes to this document after the release of the RFP will be registered in the following
table.
Description Page Numbers Modified Date
University Information Management System 2016
2 | P a g e F i j i N a t i o n a l U n i v e r s i t y
Table of Contents Change Tracking ............................................................................................................................. 1
1.1. Purpose of RFP .................................................................................................................... 4
1.2. Disclaimer ............................................................................................................................ 4
1.3. Costs to be borne by Respondents ....................................................................................... 4
1.4. No Legal Relationship ......................................................................................................... 4
1.5. Recipient Obligation to Inform Itself ................................................................................... 4
1.6. Evaluation of Offers ............................................................................................................. 4
1.7. Errors and Omissions ........................................................................................................... 5
1.8. Acceptance of Terms ........................................................................................................... 5
1.9. Requests for Proposal .......................................................................................................... 5
1.9.1. Compliance .......................................................................................................................... 5
1.9.2. Clarification of RFP ............................................................................................................. 5
1.9.3. Amendment to the Bidding document ................................................................................. 6
1.9.4. Language of RFP ................................................................................................................. 6
1.9.5. Erasures or Alterations ......................................................................................................... 6
1.9.6. Bid Currency ........................................................................................................................ 6
1.9.7. Delivery Schedule ................................................................................................................ 7
1.9.8. Period of Validity of Bids .................................................................................................... 7
1.9.9. Deadline for submission of Bids .......................................................................................... 7
1.9.10. Late Bids ....................................................................................................................... 8
1.9.11. Modification And/ Or Withdrawal of Bids: ................................................................. 8
1.9.12. Opening of Bids by the University ............................................................................... 8
1.9.13. Evaluation Methodology .............................................................................................. 9
1.9.14. No Commitment to Accept Lowest or Any Offer ........................................................ 9
1.9.15. Conditional Bids ......................................................................................................... 10
1.9.16. Proposal Ownership .................................................................................................... 10
1.9.17. Contacting the University ........................................................................................... 10
1.9.18. Award of Contract ...................................................................................................... 10
2. Technical Specifications .................................................................................................... 11
3. Appendix 1 ......................................................................................................................... 14
University Information Management System 2016
3 | P a g e F i j i N a t i o n a l U n i v e r s i t y
About FNU Fiji National University (FNU) is the largest and newest University in Fiji and the first national
university. More than 1800 University staff are located at campuses spread across towns around
the country and offer a wide range of programs from certificate to postgraduate degrees. FNU
was formed by a merger of seven training institutions in Fiji - the Fiji Institute of Technology,
Fiji School of Medicine, Fiji School of Nursing, Fiji College of Advanced Education, Lautoka
Teachers College, Fiji College of Agriculture and the Training and Productivity Authority of Fiji
(TPAF).
As an evolving dynamic institution, yet one with an illustrious history within its component
parts, FNU is daily developing, innovating and expanding to provide Fiji and the region with the
education and training that they most need.
University Information Management System 2016
4 | P a g e F i j i N a t i o n a l U n i v e r s i t y
1. Disclaimer and Information to Bidders 1.1. Purpose of RFP
The purpose of this RFP is to seek quotes to purchase hardware equipment’s needed to support
the need for Next Generation Firewall and Web Application Firewall (WAF) as well as to
obtain the license for three years.
The Request for Proposal document contains statements derived from information that is
believed to be relevant at the date but does not purport to provide all the information that may
be necessary or desirable to enable an intending contracting party to determine whether or not to
enter into a contract or arrangement with the University. Neither FNU nor any of its employees,
agents, contractors, or advisers gives any representation or warranty, express or implied, as to
the accuracy or completeness of any information or statement given or made in this document.
1.2. Disclaimer Subject to any law to the contrary, and to the maximum extent permitted by law, FNU and its
officers, employees, contractors, agents, and advisers disclaim all liability from any loss or
damage (whether foreseeable or not) suffered by any person acting on or refraining from acting
because of any information including forecasts, statements, estimates, or projections contained in
this document or conduct ancillary to it whether or not the loss or damage arises in connection
with any negligence, omission, default, lack of care or misrepresentation on the part of FNU or
any of its officers, employees, contractors, agents, or advisers.
1.3. Costs to be borne by Respondents All costs and expenses incurred by respondents in any way associated with the development,
preparation, and submission of responses, including but not limited to; the attendance at
meetings, discussions, demonstrations etc. and providing any additional information required by
FNU, will be borne entirely and exclusively by the Respondent.
1.4. No Legal Relationship No binding legal relationship will exist between any of the Respondents and FNU until execution
of a contractual agreement.
1.5. Recipient Obligation to Inform Itself The Recipient must conduct its own investigation and analysis regarding any information
contained in the RFP document and the meaning and impact of that information.
1.6. Evaluation of Offers Each Recipient acknowledges and accepts that FNU may in its absolute discretion apply
selection criteria specified in the document for evaluation of proposals for short listing / selecting
the eligible Bidder(s).
University Information Management System 2016
5 | P a g e F i j i N a t i o n a l U n i v e r s i t y
1.7. Errors and Omissions Each Recipient should notify FNU of any error, omission, or discrepancy found in this RFP
document.
1.8. Acceptance of Terms All Recipient will, by responding to FNU for RFP, be deemed to have accepted the terms of this
Introduction and Disclaimer.
1.9. Requests for Proposal Recipients are required to direct all communications related to this RFP, through the Nominated
Point of Contact person:
Contact : Sanjay Singh
Position : Acting Manager ICT Infrastructure
Email : [email protected]
Telephone : +679 338 1044
FNU may, in its absolute discretion, seek additional information or material from any of the
Respondents after the RFP closes and all such information and material provided must be taken
to form part of that Respondent’s response.
Respondents should provide details of their contact person, telephone, fax, email and full
address(s) to ensure that replies to RFP could be conveyed promptly.
If FNU, in its absolute discretion, deems that the originator of the question will gain an
advantage by a response to a question, then FNU reserves the right to communicate such
response to all Respondents.
FNU may, in its absolute discretion, engage in discussion or negotiation with any Respondent (or
simultaneously with more than one Respondent) after tender closes to improve or clarify any
response.
1.9.1. Compliance The Bidders are expected to examine all instructions, forms, terms and specifications in the
Bidding documents. Failure to furnish all information required by the Bidding documents may
result in the rejection of its RFP and will be at the Bidder's own risk.
1.9.2. Clarification of RFP 1.9.2.1. The Bidder or its official representative is invited to gather pre-RFP
information from the ICT HQ in Samabula or throught University’s official
Tender publishing website (http://www.fnu.ac.fj/new/tenders). It would be the
responsibility of the Bidders or its representatives to take the relevant
documents.
University Information Management System 2016
6 | P a g e F i j i N a t i o n a l U n i v e r s i t y
1.9.2.2. Clarification sought by Bidder should be made in writing (E-mail) and
submitted latest by three days before closing of tender. The text of the
clarifications asked (without identifying the source of enquiry) and the
response given by the university, together with amendment to the Bidding
document, if any, will be posted on the University tender website
(http://www.fnu.ac.fj/new/tenders). No individual clarifications will be sent to
the Bidders. It would be responsibility of the Bidder to check the website
before final submission of RFP.
1.9.3. Amendment to the Bidding document 1.9.3.1. At any time prior to the date of submission of RFP, the University, for any
reason, may modify the Bidding Document, by amendment.
1.9.3.2. In order to allow prospective Bidders reasonable time in which to take the
amendment into account in preparing their RFP, the University, at its
discretion, may extend the deadline for the submission of RFP.
1.9.3.3. The amendment will be posted on the university tender website
(http://www.fnu.ac.fj/new/tenders)
1.9.3.4. All Bidders must ensure that such clarifications/amendments have been
considered by them before submitting the RFP. The university will not have
any responsibility in case some omission is done by any Bidder.
1.9.4. Language of RFP The RFP prepared by the vendor as well as all correspondence and documents
relating to the RFP exchanged by the vendor and the university and supporting
documents and printed literature shall be written in English.
1.9.5. Erasures or Alterations The offers containing erasures or alterations will not be considered until it is duly
signed and stamped by the authorized signatory. There should be no hand-written
material, corrections or alterations in the offer. Technical details must be completely
filled in. Correct technical information of the product being offered must be filled
in. Filling up of the information using terms such as “OK”, “accepted”, “noted”,
“complied”, “as given in brochure / manual is not acceptable. The University may
treat such offers as not adhering to the tender guidelines and as unacceptable.
1.9.6. Bid Currency Bids should be quoted in Fijian Dollars (FJD) only. Where other currencies are
used, the bidder must specify the equivalent Fijian dollars and the exchange rate
used. All applicable taxes must be clearly indicated.
University Information Management System 2016
7 | P a g e F i j i N a t i o n a l U n i v e r s i t y
1.9.7. Delivery Schedule
1.9.7.1. FNU requires an estimated date of delivery from the time of confirmation
of the Purchase Order to delivery of goods and services to FNU.
1.9.7.2. Delivery of the Goods shall be made by the Supplier in accordance with
the terms of the Purchase Contract. The bidder should take responsibility of the
Goods till it reaches the delivery destination as informed by the University,
transport to such place of destination in Fiji, including insurance and storage,
as shall be specified in the Contract, shall be arranged by the Supplier. Bidder
shall arrange for any other document wherever required. Any letter required
for this will be given by the university.
1.9.7.3. Installation will be treated as incomplete in one/all of the following
situations:
1.9.7.3.1. Non-delivery of any equipment or other components viz.
Accessories, software/ drivers media, user manual, commissioning report
mentioned in the order.
1.9.7.3.2. Non-delivery of supporting documentation.
1.9.7.4. The University will consider the inability of the Bidder to deliver the
equipment within the specified time limit, as a breach of contract and would
entail the payment of Liquidation Damages on the part of the Bidder.
1.9.7.5. The liquidation damages represent an estimate of the loss or damage that
the university may have suffered due to delay in performance of the
obligations (relating to delivery, warranty, maintenance etc. of the
deliverables) by the Bidder.
1.9.7.6. The University shall, without prejudice to its other remedies under the
Contract, deduct from the Contract Price, as liquidated damages.
1.9.7.7. Products shall be supplied in a ready to use condition along with all
Cables, Connectors, Software Drivers, Manuals and Media etc.
1.9.8. Period of Validity of Bids 1.9.8.1. Prices and other terms offered by Bidders must be firm for an acceptance
period of 180 days from date of closure of this RFP.
1.9.8.2. In exceptional circumstances the university may solicit the Bidders
consent to an extension of the period of validity. The request and response
thereto shall be made in writing.
1.9.8.3. The University, however, reserves the right to call for fresh quotes at any
time during the period, if considered necessary.
1.9.9. Deadline for submission of Bids 1.9.9.1. The bids must be received by the University at the specified address not
later than the due date specified in the tender advertisement.
University Information Management System 2016
8 | P a g e F i j i N a t i o n a l U n i v e r s i t y
1.9.9.2. The University may, at its discretion, extend the deadline for submission
of Bids by amending the Bid Documents, in which case, all rights and
obligations of the University and Bidders previously subject to the deadline
will thereafter be subject to the deadline as extended.
1.9.10. Late Bids Any bid received by the university after the deadline for submission of bids
prescribed by the university will be rejected and returned unopened to the bidder.
1.9.11. Modification And/ Or Withdrawal of Bids: 1.9.11.1. The Bidder may modify or withdraw its bid after the bid’s submission,
provided that written notice of the modification including substitution or
withdrawal of the bids is received by the university, prior to the deadline
prescribed for submission of bids.
1.9.11.2. The Bidder modification or withdrawal notice shall be prepared, sealed,
marked and dispatched.
1.9.11.3. No bid may be modified or withdrawn after the deadline for submission of
bids.
1.9.11.4. FNU has the right to reject any or all bids received without assigning any
reason whatsoever. University shall not be responsible for non-receipt / non-
delivery of the bid documents due to any reason whatsoever.
1.9.12. Opening of Bids by the University 1.9.12.1. On the scheduled date and time, bids will be opened by the Committee in
presence of Bidder representatives. It is the responsibility of the bidder’s
representative to be present at the time, on the date and at the place specified in
the tender document. The bidders’ representatives who are present shall sign a
document evidencing their attendance.
1.9.12.2. If any of the bidders or all bidders who have submitted the tender and are
not present during the specified date and time of opening it will be deemed that
such bidder is not interested to participate in the opening of the Bid/s and the
university at its discretion will proceed further with opening of the technical
bids in their absence.
1.9.12.3. The Bidder name and presence or absence of requisite RFP cost (if any)
and such other details as the University, at its discretion may consider
appropriate will be announced at the time of technical bid opening. No bid
shall be rejected at the time of bid opening, except for late bids which shall be
returned unopened to the Bidder.
1.9.12.4. Bids that are not opened at Bid opening shall not be considered for further
evaluation, irrespective of the circumstances. Withdrawn bids will be returned
unopened to the Bidders.
University Information Management System 2016
9 | P a g e F i j i N a t i o n a l U n i v e r s i t y
1.9.13. Evaluation Methodology 1.9.13.1. Clarification of bids
During evaluation of Bids, the university, at its discretion, may ask the Bidders for
clarifications of their Bids. The request for clarification and the response shall be in
writing (e- Mail), and it should be submitted within the time stipulated by the
university. No change in the price of substance of the Bid shall be sought, offered or
permitted
1.9.13.2. Preliminary Examinations
1.9.13.2.1. The university will examine the Bids to determine whether they are
complete, the documents have been properly signed, supporting papers/
documents attached and the bids are generally in order.
1.9.13.2.2. The University may, at its sole discretion, waive any minor
infirmity, nonconformity or irregularity in a Bid which does not constitute
a material deviation, provided such a waiver does not prejudice or affect
the relative ranking of any Bidder.
1.9.13.2.3. Prior to the detailed evaluation, the University will determine the
substantial responsiveness of each Bid to the Bidding document. For
purposes of these Clauses, a substantially responsive Bid is one, which
conforms to all the terms and conditions of the Bidding Document
without material deviations. Deviations from or objections or reservations
to critical provisions, such as those concerning Bid security, performance
security, qualification criteria, insurance, Force Majeure etc. will be
deemed to be a material deviation. The University's determination of a
Bid's responsiveness is to be based on the contents of the Bid itself,
without recourse to extrinsic evidence. The University would also
evaluate the Bids on technical and functional parameters including
possible visit to inspect live site(s) of the bidder, witness demos, bidders’
presentation, verify functionalities / response times etc.
1.9.13.2.4. If a Bid is not substantially responsive, it will be rejected by the
University and may not subsequently be made responsive by the Bidder
by correction of the nonconformity.
1.9.13.2.5. The Bidder is expected to examine all instructions, forms, terms
and specification in the Bidding Document. Failure to furnish all
information required by the Bidding Document or to submit a Bid not
substantially responsive to the Bidding Document in every respect will be
at the Bidder's risk and may result in the rejection of its Bid.
1.9.14. No Commitment to Accept Lowest or Any Offer 1.9.14.1. The University reserves its right to reject any or all the offers without
assigning any reason thereof whatsoever.
1.9.14.2. The University will not be obliged to meet and have discussions with any
bidder and/ or to entertain any representations in this regard.
University Information Management System 2016
10 | P a g e F i j i N a t i o n a l U n i v e r s i t y
1.9.14.3. The bids received and accepted will be evaluated by the University to
ascertain the best and lowest bid in the interest of the University. However, the
University does not bind itself to accept the lowest or any Bid and reserves the
right to reject any or all bids at any point of time prior to the order without
assigning any reasons whatsoever. The University reserves the right to re-
tender.
1.9.14.4. The bidder including those, whose tender is not accepted shall not be
entitled to claim any costs, charges, damages and expenses of and incidental to
or incurred by him through or in connection with his submission of tenders,
even though the University may elect to modify / withdraw of the tender.
1.9.15. Conditional Bids Conditional bids shall not be accepted on any ground and shall be rejected
straightway. If any clarification is required, the same should be obtained before
submission of bids.
1.9.16. Proposal Ownership The proposal and all supporting documents submitted by the bidder shall become the
property of the University.
1.9.17. Contacting the University 1.9.17.1. Bidder shall NOT contact the University on any matter relating to its Bid,
from the time of opening of Bid to the time a communication in writing about
its qualification or otherwise received from the University.
1.9.17.2. Any effort by the Bidder to influence the University in its decisions on Bid
evaluation, Bid comparison may result in the rejection of the Bidder’s Bid.
1.9.18. Award of Contract The University reserves the right at the time of award of contract to increase or
decrease of the quantity of goods or services or change in location where equipment
are to be supplied from what was originally specified while floating the tender
without any change in unit price or any other terms and conditions.
University Information Management System 2016
11 | P a g e F i j i N a t i o n a l U n i v e r s i t y
2. Technical Specifications FNU intends to purchase next generation firewall solution with protection from zero-day attacks
for its perimeter network. A Firewall solution may have built in Web Security module or is
supported by separate web security solution. The University requires separate Web Application
Firewall (WAF) to support publishing of services. This investment would be contracted for three
years with yearly subscription payments for software licenses. The Illustration below shows the
desired location of the solution, however bidders can recommend other alternative architecture.
The firewall must be able to handle 1 Gbps peak traffic without compromising its functionalities
and performance.
DISASTER RECOVERPRODUCTION DATACENTER AT FOUR DIFFERENT LOCATIONS
INTERNET
LAN USERS EXTERNAL USERS
1 Gbps
FNU LAN/ WAN
PROPOSED
LOCATION
FNU currently has equivalent full-time student number of 10,874 and 1875 staff.
The University also require’s appropriate active/ standby or clustered hardware appliances
that is scalable to cater for increase future needs.
The hardware must support Internet feed from multiple ISP’s.
Details of Specific Funtional Requirements are listed as part of Appendix 1.
University Information Management System 2016
12 | P a g e F i j i N a t i o n a l U n i v e r s i t y
2.1 Submission Compliance
Bidders are required to submit the following
1. Vendor Proposal
2. Complete and Return Appendix 1 Including
• Part A – Compliance Checklist for Mandatory Features
• Part B – Compliance with various Reporting Requirements
• Part C – Details of Technical Specifications and Performance Measurements
• Part D – Pricing & Timeline
• Part E – Reference Customers
3. Bidder to provide list of predefined applications that are supported by firewall
4. Bidder to provide list of all categories and sub categories supported for URL filtering
5. Bidder to provide samples of predefined usage reports (including but not limited to
reports specified in Part B of Appendix 1)
6. Bidder to provide lists of notification modes and notification triggers.
7. Provide Contact Details of atleast five reference customers for each bided product (as per
Part E of Appendix 1).
8. Bidder to provide recent Gartner/ NSS Labs reports relating to the bided hardware/
software/ solutions.
Failure to submit any of the above will deem the bid non-compliant.
2.2 The Bidder to note that:
2.1.1. The technical specifications specified are minimum specifications and the items
quoted by Bidders should have all the minimal functionality enabled from day one.
2.1.2. The University reserves the right to alter the quantities specified in the offer in
the event of changes in plans of the university. The same shall be advised at the time
of placing the order with the Bidder(s).
2.1.3. University reserves the right to place the order with respective Bidder for all the
items in single or multiple lots within the RFP validity period.
2.1.4. The purpose behind issuing this RFP is to invite pre-qualification, technical and
commercial RFP from the eligible Bidders and selection of Bidder(s) for the above
purpose.
2.1.5. The selection process consists of two phases: -
2.1.5.1. Technical Evaluation
2.1.5.2. Commercial Evaluation.
University Information Management System 2016
13 | P a g e F i j i N a t i o n a l U n i v e r s i t y
2.3 Scope of Work
The Scope of Work involves:
• Supply and Installation of Hardware & Virtual (VMWare) appliances where
required.
• To conduct information gathering and scoping engagement to be used to
create an implementation plan. Engagement will cover the relationship and
configuration of existing hardware to be replaced by the bidder’s solution.
Migration of settings and policies from existing policy server to new
solution
• To provide onsite implementation (single location in Suva) and knowledge
transfer based on the implementation plan generated in the information
gathering engagement.
• To provide formal, certified, onsite training for the bidder’s solution,
including instructor, courseware and travel related expenses for up to ten
staff.
• To execute four post implementation Health Checks on a quarterly basis to
ensure that the solution is configured and performing optimally.
• Ensure compliance to requirements of the University.
• No proxy bypass software or techniques should be usable to bypass the
firewall.
University Information Management System 2016
14 | P a g e F i j i N a t i o n a l U n i v e r s i t y
3. Appendix 1 Vendors are required to completely fill and Submit this page onwards
Select the products bided for
☐ Firewall with UTM ☐ Firewall without UTM ☐ Separate Web Security ☐ Web Application Firewall
PART A [I] – MANDATORY FEATURES – Firewall and Web Security
Specifications Compliance
YES NO
CORE FUNCTIONAL REQUIREMENTS
1 Identify applications within the HTTP/HTTPS protocol (browser-
based applications): The solution must provide an application control
feature that must be able to identify the application in use within the
HTTP/HTTPS protocol, as well as Mobile Applications, for any TCP Port
used. Once identified, applications can be allowed, blocked and limit
available bandwidth.
☐ ☐
2 Identify applications outside of HTTP/HTTPS traffic (desktop
applications): The solution must provide an application control feature
that must be able to identify the application in use when the traffic is not
sent via HTTP or HTTP Secure (HTTPS). Once identified, applications can
be allowed, blocked and limit available bandwidth.
☐ ☐
3 Windows Active Directory Integration: The solution must provide an
interface to Active Directory (AD) or Lightweight Directory Access
Protocol (LDAP) to pull user IDs and groups that can then be used in
firewall rules. Must support multiple independent AD/LDAP domains.
☐ ☐
4 Integrated Windows Authentication: For all domain based devices, the
solution must be able to seamlessly authenticate using Integrated Windows
Authentication
☐ ☐
5 Enforce policy on individual users and user groups: The solution must
provide a policy to allow, deny and limit available bandwidth. Traffic must
be enforceable on individual users or user groups.
☐ ☐
6 Support for application information feed: The solution must provide an
application control function and must allow for the importation and use of
information about applications. The feed should include information about
how applications are used and provide recommendations to the University
regarding actions to take if the application is discovered in use.
☐ ☐
7 User-developed application signatures: The solution must provide the
necessary interface for the University to create, edit and deploy custom
application signatures.
☐ ☐
8 Application whitelist/blacklist: The solution must provide an application
control function, must allow the University to create or import whitelists
and blacklists for applications and have the lists used to enforce policy on
network traffic
☐ ☐
University Information Management System 2016
15 | P a g e F i j i N a t i o n a l U n i v e r s i t y
Specifications Compliance
YES NO
9 Categorize and Filter URLs: The solution must be able to block, allow
and limit available bandwidth specific URL categories and/or reputation of
the URL.
☐ ☐
10 Identify applications within SSL protocol: The application control
feature should be able to identify the application in use within SSL traffic.
Once identified, applications can be allowed, blocked and limit available
bandwidth. The solution must participate in the initial SSL key exchange
and then decrypt session traffic to examine the contents for attacks,
including both inbound and outbound inspection based on policy, without
availing of off-load to alternate system.
☐ ☐
11 Block specific browsers: The application control function must be able to
block the use of specific browsers and applications (i.e. Java version). ☐ ☐
12 Block upload of data even when allowing access to the site: The
application function must be able to block the upload of data to a site even
if access to the site is allowed by policy. This includes input into forms as
well as the upload of files.
☐ ☐
13 Block unauthorized browser plugins: The application control function
must be able to block the use of specific browser plugins that are visible in
network traffic.
☐ ☐
14 The solution should provide Advanced Persistent Threat (APT)
protection functionality: The solution must provide Advanced Persistent
Threat (APT) protection functionality. This will include features such as
network traffic and user behavioral analysis and anomaly detection.
☐ ☐
15 Redundancy in physical appliances: The solution must support redundant
hot-swappable power supplies and disk drives. ☐ ☐
16 Out-of-band management: The solution must support out-of-band
management interfaces (either Ethernet or serial) ☐ ☐
17 System availability (active/standby): The solution must provide two
Firewalls and allow failover to support 99.999% availability in
active/passive or active/standby mode.
☐ ☐
18 Site-to-site IPsec VPN: The solution must act as VPN gateways for site-
to-site VPNs must support remote site recognition that
is based on certificates or pre-shared key.
☐ ☐
19 SSLVPN: The solution must act as VPN gateways for SSLVPN. VPNs
must support 2 factor authentication and certificates. ☐ ☐
20 Signature-based IPS: The solution must have a signature-based IPS
function where the signatures are created by the manufacturer and
automatically applied once they are published.
• Detection and prevention of vulnerabilities.
• Detection and prevention of protocol misuse.
• Detection and prevention of malware communications.
• Detection and prevention of tunneling attempts.
• Detection and prevention of covert channel communications.
☐ ☐
University Information Management System 2016
16 | P a g e F i j i N a t i o n a l U n i v e r s i t y
Specifications Compliance
YES NO
21 DoS protection: The solution must include the mechanism to protect
itself from basic Denial of Service (DoS) attacks, such as flooding and
resource consumption attacks, and application layer DoS for Web
applications
☐ ☐
22 User developed signatures for IPS: The solution must provide the
necessary interface for the customer to create, edit and deploy custom IPS
signatures
☐ ☐
23 Integrated content filtering functionality: The solution must include
integrated content filtering functionality for:
• Threat Emulation
• Threat Extraction
• Antivirus
• Anti-bot
• Application Control
• URL Filtering
☐ ☐
24 Integrated malware protection: The solution must provide integrated
malware protection ☐ ☐
25 Administrator audit: The solution must ensure that all administrative
actions be logged to include the action taken, a time stamp, and the source
IP address of the endpoint used to make the change and the administrator
user ID
☐ ☐
26 Centralized advanced Reporting console: The solution must provide
reporting engine that allows the customer to create custom and reports
linked to specific queries must be provided. Reports must include and
correlate logs from all functions (firewall, IPS, application control, etc.)
without requiring for customization or scripting.
☐ ☐
27 Email Alerts, based on policy or thresholds for:
• Hardware
• High Availability
• Networking
• Resources
• Log Server Connectivity
• Firewall rule triggered
• User defined
☐ ☐
28 SIEM integration: The solution must be capable of sending logs to a
SIEM system via syslog. ☐ ☐
29 Export of log information: The solution must be capable of exporting log
information in multiple formats (minimum comma-separated values (CSV)
and text formats).
☐ ☐
30 Role-based administration: The solution must provide Role-based
administration (RBA). ☐ ☐
University Information Management System 2016
17 | P a g e F i j i N a t i o n a l U n i v e r s i t y
Specifications Compliance
YES NO
31 Centralized Management: The solution must be manageable via a ‘single
pane of glass’ management console for all features included in the
solution. Management system must be provisioned as a virtual system
compatible with VMware 5.x/6.x.
☐ ☐
32 Change then commit: The solution must allow for a rule base to be
changed and then saved before being committed to the firewalls ☐ ☐
33 Version Control and Compare: The solution must provide version
control (backup) for all modifications made to the system to facilitate
compare, rollback.
☐ ☐
34 Rule verification mechanism: The solution must provide a notification to
the administrator when a new rule either masks another rule, duplicates,
and overlaps or interferes with an existing rule.
☐ ☐
35 Reason/tracking of rule changes: The solution must provide a mechanism
to record the reason for a rule change ☐ ☐
36 Rule usage statistics: The solution must provide the administrator with
statistics on rule usage. ☐ ☐
37 Threat intelligence feeds: The solution must provide a threat intelligence
feed that automatically updates the firewall based on the most current
threat intelligence.
☐ ☐
38 Traffic profile verification: The solution must provide a search/filter
mechanism to list rules matching specified criteria. ☐ ☐
39 Geolocation: The solution must provide traffic control based on country or
location. ☐ ☐
40 Dynamic Host Configuration Protocol (DHCP) relay: The solution must
provide a DHCP relay function. ☐ ☐
41 Routing protocols:
The solution must provide at a minimum, the following routing protocols;
static, OSFP and BGP
☐ ☐
42 IPv6 Support: The solution must be IPv6 ready ☐ ☐
43 Time & Data Based Quota: The web security solution must allow
creating time and bandwidth based quota for daily, weekly or monthly
basis.
☐ ☐
44 WIFI Controller based Authentication: The bidders must provide list of
all wireless controllers supported to pass authentication information
transparently.
☐ ☐
45 Quality of Service: The solution must shape and prioritize traffic based on
rules defined for Quality of Service. ☐ ☐
SUPPORT & MAINTENANCE 46 Manufacturer must include 3 years of 7x24 hardware & software support,
threat intelligence subscription and any other annual fee required as part of
the bidder’s solution.
☐ ☐
University Information Management System 2016
18 | P a g e F i j i N a t i o n a l U n i v e r s i t y
Specifications Compliance
YES NO
INSTALLATION & KNOWLEDGE TRANSFER
47 Manufacturer will provide approximately 2-3 days onsite information
gathering and scoping engagement to be used to create an implementation
plan. Engagement will cover the relationship and configuration of existing
hardware to be replaced by the bidder’s solution.
☐ ☐
48 Manufacturer will provide up to 4 days onsite implementation and
knowledge transfer based on the implementation plan generated in the
information gathering engagement.
☐ ☐
49 Manufacturer, or authorized partner, will provide 3-5 day formal, certified,
onsite training for the bidder’s solution, including instructor, courseware
and travel related expenses for up to ten staff.
☐ ☐
50 Manufacturer will execute four post implementation Health Checks on a
quarterly basis to ensure that the solution is configured and performing
optimally.
☐ ☐
COMPATIABILITY & SIZING
51 The solution must include, at a minimum, two (2) 10 Gbps fibre (SFP)
links and four (4) 1 Gbps Copper interfaces plus any additional interface
requirements for the HA cluster.
☐ ☐
52 Combined inspection throughput must be capable of maintaining a
minimum of 1Gbps with all specified feature configured, enabled and
tuned based on manufacturers best practice and recommendations;
• malware protection
• antivirus
• IPS
• application visibility
• URL filtering
• IPSec / SSL VPNs
• data filtering
• Full SSL decrypt and inspect at 1Gbps
☐ ☐
53 Minimum 1Gbps Stateful Inspection Throughput (IMIX) ☐ ☐
PART A [II] – MANDATORY FEATURES – Web Application Firewall
Specifications Compliance
YES NO
1 The solution must address and mitigate the OWASP Top Ten
web application security vulnerabilities ☐ ☐
2 Must Support Reverse Proxy Deployment Method ☐ ☐
3 Protection against common attacks (Not limited to)
• SQL injection
• Cross-site scripting
• Cookie or forms tampering
☐ ☐
University Information Management System 2016
19 | P a g e F i j i N a t i o n a l U n i v e r s i t y
Specifications Compliance
YES NO
4 Protection through Adaptive security ☐ ☐
7 JSON payload inspection ☐ ☐
8 Outbound data theft protection
• Credit card numbers
• Custom pattern matching (regex)
☐ ☐
9 Granular policies to HTML elements ☐ ☐
10 Protocol limit checks ☐ ☐
11 File upload control – Scanning of all files being uploaded to the publishing
servers ☐ ☐
14 High availability ☐ ☐
15 SSL offloading as well as full SSL of both Internal and External Traffic ☐ ☐
16 Load balancing ☐ ☐
17 Content routing ☐ ☐
18 XML Firewall
• XML DoS Protection
• Schema/WSDL enforcement
• WS-I conformance checks
☐ ☐
19 DDoS Protection ☐ ☐
20 Role Based Administration ☐ ☐
21 IP Reputation ☐ ☐
22 Protocol Validation ☐ ☐
23 Attack Signatures ☐ ☐
24 Antivirus / Data Loss Protection ☐ ☐
25 Advanced Persistent Threat ☐ ☐
26 Advanced Protection ☐ ☐
28 Session Hijacking ☐ ☐
29 Brute Force Protection ☐ ☐
University Information Management System 2016
20 | P a g e F i j i N a t i o n a l U n i v e r s i t y
PART B – REPORTS
Specifications Compliance
YES NO
REPORTS
1 The solution should be able to provide summary reports based on
application and URL category usage ☐ ☐
2 The solution should be able to provide summary reports based on top
policies by bandwidth ☐ ☐
3 The solution should be able to provide summary reports based on top users
by browse time by social media ☐ ☐
4 The solution should be able to provide summary reports based on top sites
visited ☐ ☐
5 The solution should be able to provide summary reports based on top
blocked sites by request ☐ ☐
6 The solution should be able to provide summary reports based on top sites
by browse time ☐ ☐
7 The solution should be able to provide summary reports based on top users
by bandwidth ☐ ☐
8 The solution should be able to provide summary reports based on top sites
by bandwidth ☐ ☐
9 The solution should be able to provide summary reports based on top users
by browse time ☐ ☐
10 The solution should be able to provide summary reports based on Blocked
Files by Security Threat ☐ ☐
11 The solution must allow to perform investigative report for minimum of
three months of usage ☐ ☐
12 The solution must allow scheduling reports on groups of users and auto
send via email to the specified email addresses ☐ ☐
13 The solution must allow scheduling reports on overall user activity,
performance, and security threats ☐ ☐
14 The solution must allow alerts on custom defined user activities. ☐ ☐
15 The samples of reports are provided with the bid ☐ ☐
PART C – TECHNICAL SPECIFICATIONS & SYSTEM PERFORMANCE
TECHNICAL SPECIFICATIONS
Line Component Description Specify Answers Here
1 Number of 10-GbE SFP+ Interfaces
2 Number of 10/100/1000 Interfaces (RJ-45)
3 Number of GbE SFP or 10/100/1000 Interfaces
4 Number of Management Interfaces
5 Size of Internal Storage (GB)
6 Size of Built-in cache (GB)
7 Number of USB Ports
University Information Management System 2016
21 | P a g e F i j i N a t i o n a l U n i v e r s i t y
SYSTEM PERFORMANCE
8 Maximum Firewall Throughput (Gbps)
9 Maximum Firewall Latency (µs)
10 Firewall Throughput (Packets Per Second)
12 Concurrent TCP Sessions
13 New TCP Sessions Per Second
14 Maximum Number of Firewall Policies
15 Maximum IPS Throughput (Gbps)
16 Number of Virtual Firewalls
17 Number of User License (Limited to or Unlimited)
18 Number of Power Supply (1 or 1+1)
PART D – PRICE & TIMELINE
• Price must include all related costs associated with this solution.
• Price must have separate components for VEP Price, Withholding Tax (if applicable),
GST (if applicable), VAT, etc
PRICING TABLE
Attach detailed Part/Component descriptions for the proposed solution including quantity,
unit cost and extended cost to the Bid. List the total VIP Price below for each section
Line Component Description Total Cost
1 Proposed solution including three years of support, applicable fees
and subscriptions
2 Cost of Implementation
3 Certified, onsite training.
4 Post implementation Health Checks.
TOTAL COST
Specify the Currency Used
Timeline
The bidder must provide timeline for delivery and installation from the date of award of contract.
Approximate Delivery Timeline
Scope Time (working days)
Delivery of Hardware
Installation
Training
Complete Commissioning Report including user manuals
University Information Management System 2016
22 | P a g e F i j i N a t i o n a l U n i v e r s i t y
PART E – REFERENCE CUSTOMERS
Each bidder must provide list of five customers similar to FNU’s context (preferable other
Universities) who are using their products similar to proposed version.
Product 1: (Select 1 that is applicable from the following)
☐ Firewall with UTM ☐ Firewall without UTM ☐ Separate Web Security ☐ Web Application Firewall
Product 1 Name:
Customer 1
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Customer 2
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Customer 3
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
University Information Management System 2016
23 | P a g e F i j i N a t i o n a l U n i v e r s i t y
Customer 4
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Customer 5
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Product 2: (Select 1 that is applicable from the following) [Continue only if applicable]
☐ Firewall with UTM ☐ Firewall without UTM ☐ Separate Web Security ☐ Web Application Firewall
Product 2 Name:
Customer 1
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Customer 2
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
University Information Management System 2016
24 | P a g e F i j i N a t i o n a l U n i v e r s i t y
Customer 3
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Customer 4
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Customer 5
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Product 3: (Select 1 that is applicable from the following) [Continue only if applicable]
☐ Firewall with UTM ☐ Firewall without UTM ☐ Separate Web Security ☐ Web Application Firewall
Product 3 Name:
Customer 1
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
University Information Management System 2016
25 | P a g e F i j i N a t i o n a l U n i v e r s i t y
Customer 2
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Customer 3
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Customer 4
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Customer 5
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
University Information Management System 2016
26 | P a g e F i j i N a t i o n a l U n i v e r s i t y
Product 4: (Select 1 that is applicable from the following) [Continue only if applicable]
☐ Firewall with UTM ☐ Firewall without UTM ☐ Separate Web Security ☐ Web Application Firewall
Product 4 Name:
Customer 1
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Customer 2
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Customer 3
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email:
Customer 4
Company Name:
Application of Product:
Hardware Specifications:
Software Versions:
Contact Name:
Phone:
Email: