REQUEST FOR PROPOSAL FOR SUPPLY & INSTALLATION OF Firewall. Bill of Material



Similar documents
Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

*TKtr *W4>K. Government of India itwm mitm Ministry of Labour & Employment W T HSlPT&llem. Directorate General of Mines Safety TENDER NOTICE

TABLE OF CONTENTS NETWORK SECURITY 2...1

Cisco Certified Security Professional (CCSP)

NETASQ MIGRATING FROM V8 TO V9

FileCloud Security FAQ

Implementing Cisco IOS Network Security

Cisco Secure Access Control Server 4.2 for Windows

Implementing and Managing Security for Network Communications

(d-5273) CCIE Security v3.0 Written Exam Topics

VPN. Date: 4/15/2004 By: Heena Patel

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

Security Considerations for DirectAccess Deployments. Whitepaper

Secure remote access to your applications and data. Secure Application Access

Implementing Core Cisco ASA Security (SASAC)

FIREWALLS & CBAC. philip.heimer@hh.se

Securing Networks with Cisco Routers and Switches ( )

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Proof of Concept Guide

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Securing Networks with PIX and ASA

IINS Implementing Cisco Network Security 3.0 (IINS)

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

Exam Questions SY0-401

Security Technology: Firewalls and VPNs

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

Cisco Virtual Office Express

Gigabit SSL VPN Security Router

Administrator's Guide

Joe Davies Principal Writer Windows Server Documentation

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

Unified Services Routers

Introduction to Security and PIX Firewall

SSL VPN Technical Primer

Executive Summary and Purpose

Request for Quotation For the Supply, Installation, and Configuration of Firewall Upgrade Project

This section provides a summary of using network location profiles to identify network connection types. Details include:

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

Cisco Which VPN Solution is Right for You?

Cisco Certified Network Expert (CCNE)

SSL VPN Technology White Paper

Cisco Wide Area Application Services (WAAS) Software Version 4.0

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Computer Networks. Secure Systems

QUOTATION FOR UTM 4/26(1)/2009/EDP-HO 06/08/2015

Tim Bovles WILEY. Wiley Publishing, Inc.

Technical White Paper

ASA and Native L2TP IPSec Android Client Configuration Example

Chapter 4 Virtual Private Networking

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

ReadyNAS Remote White Paper. NETGEAR May 2010

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Check Point Security Administrator R70

Novell Access Manager SSL Virtual Private Network

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Request for Proposal MDM Offeror s Questions for RFP for Virtual Private Network Solution (VPN)

Data Sheet. NCP Secure Enterprise Management. Next Generation Network Access Technology

Chapter 4: Security of the architecture, and lower layer security (network security) 1

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title

Network Defense Tools

Understanding the Cisco VPN Client

Application Note: Onsight Device VPN Configuration V1.1

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Fortinet Network Security NSE4 test questions and answers:

Securing Cisco Network Devices (SND)

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

Stateful Inspection Technology

Cornerstones of Security

Case Study for Layer 3 Authentication and Encryption

Deploying F5 with Microsoft Remote Desktop Gateway Servers

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

VPN_2: Deploying Cisco ASA VPN Solutions

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

McAfee Firewall Enterprise 8.3.1

CCIE Security Written Exam ( ) version 4.0

Deliver Secure and Accelerated Remote Access to Applications

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Cisco ASA, PIX, and FWSM Firewall Handbook

NCP Secure Enterprise Management Next Generation Network Access Technology

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

TFS ApplicationControl White Paper

Building A Secure Microsoft Exchange Continuity Appliance

White Paper. The risks of authenticating with digital certificates exposed

Network Security and Firewall 1

- Introduction to PIX/ASA Firewalls -

Cisco Integrated Services Routers Performance Overview

DirectAccess in Windows 7 and Windows Server 2008 R2. Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

Transcription:

REQUEST FOR PROPOSAL FOR SUPPLY & INSTALLATION OF Firewall General Scope of Work: Supply & installation of Firewall in the following location. Locations of Installation: ISI kolkata, 203 B.T. Road, Kolkata 700108, West Bengal, INDIA Bill of Material Sl. No. Item Qty 1. Firewall 1 2. Support pack of the firewall(for 3 years) 1 3. Support pack of IPS Signature update(for 3 years) 1

Firewall Specification Sr No Feature Description 1 The FW should integrate with multiple full-featured, high-performance security services, including application-aware firewall, SSL and IPsec VPN, IPS with Global Correlation. 2 The FW should support a comprehensive command line interface (CLI), verbose syslog, and Simple Network Management Protocol (SNMP). 3 The FW should be 1 RU, 19-in. rack-mountable form factor 4 Should have a maximum throughput of 4 Gbps stateful firewall inspection throughput, 1.2 Gbps IPS throughput and 1.4 Gbps or Multiprotocol throughput. 5 Maximum 3DES/AES throughput of 700 mbps 6 Maximum Firewall Connections 1000,000 7 Maximum Firewall Connections/Second 50,000 8 Firewall should have redundant power supply 9 Should have integrated 8 nos. of 10/100/1000 Base T ports and expandable to another 6 Gigabit Ethernet copper/sfp ports 10 Maximum Virtual Interfaces (VLANs) 500 11 Should support up to 100 Virtual Firewalls 12 The software on the firewall should support online software reconfiguration to ensure that changes made to a firewall configuration take place with immediate effect. 13 Should support Active/Active and Active/Standby Failover 14 Should support integrated Ipsec and Client and Clientless SSL VPN 15 Should support up to 5000 VPN peers 16 Should support Etherchannel with Each channel group supporting up to eight active interfaces. 17 The Security appliance Support Botnet Traffic Filter database accurately and reliably identifies command and control traffic, as well as the domains or hosts receiving the information 18 Should support checking of incoming and outgoing connections against a dynamic database of known bad domain names and IP addresses, and then logs any suspicious activity. 19 The FW should deliver per-flow, policy-based QoS services, with support for LLQ and Traffic Policing for prioritizing latency-sensitive network traffic and limiting bandwidth usage of administrator-specified applications 20 There Performance should not be significantly affected by enabling the firewall features, SSL and IPsec encryption should be performed by dedicated hardware processors. 21 Should have the ability to integrate with either on premises web-security or cloud based web security services 22 The solution should support all popular authentication mechanisms, including but not limited to Local user database, RADIUS, Windows NT LAN Manager (NTLM), Active Directory Kerberos, Native RSA SecurID, RADIUS with Expiry, one-time password (OTP) via RADIUS (State/Reply message attributes), Lightweight Directory Access Protocol (LDAP) with password expiry capabilities (including pre-expiry warning), digital certificates (including X.509), smartcards, SSO and SPNEGO. Should support CRL and OCSP for certification revocation checks. Should supports AAA and Certificate authentication simultaneously. 23 The device should be able to act as a CA by itself 24 Should be able to bind granular policies to specific users or groups across multiple identity management systems via Dynamic Access Policies (DAP). DAPs should be created by setting a collection of access control attributes associated with a specific user tunnel or session 25 It should support feature that enables termination of SRTP/TLS-encrypted endpoints for secure remote access. Should support large scale deployments of secure phones without a large scale VPN remote access hardware deployment. End-user infrastructure is limited to just the IP endpoint, without VPN tunnels or hardware 26 The FW should be able to intercept and decrypt encrypted signaling from encrypted endpoints to the Unified Communications Manager, and apply the required threat protection and access control. It should also ensure confidentiality by re-encrypting the traffic onto the UCM servers. 27 Should have features to identify system issues and report them back to the vendor or through other userdefined channels, often before the issues exist

28 The FW should support Identity Firewall which provides more granular access control based on users' identities. You can configure access rules and security policies based on user names and user groups name rather than through source IP addresses. 29 Should support dynamic downloading and enforcement of ACLs on a per-user basis once the user is authenticated with the appliance 30 Should support inspection of IPv6 traffic based on the extension header 31 IPv6-enabled inspection services for applications based on HTTP, FTP, SMTP, ICMP, TCP, and UDP. In addition, SSHv2, Telnet, HTTP and HTTPS, and ICMP-based management over IPv6 32 The firewall must have support for virtual firewalls and include at least 2 virtual firewalls without any additional license costs 33 There must be support for bi-directional NAT 34 The firewall should have support for cut-through proxy and user authentication VPN Features 1 The device should support IPSEC/IKEv2 for remote VPN access 2 The security appliance supports the following encryption standards for ESP: DES, 3DES, AES-128, AES-192, AES-256 3 The security appliance supports the following hashing algorithms: MD5, SHA 4 Supports the use of SHA-2 compliant signature algorithms to authenticate SSL VPN connections that use digital certificates. Support for SHA-2 includes all three hash sizes: SHA-256, SHA-384, and SHA-512 5 The Device should preserve the TOS bits as per RFC 2401. TOS bits in the original IP header should be copied to the IP header of the encrypted packet so that QoS policies can be enforced after encryption 6 Should support for acting as a L2TP/IPSec VPN headend, terminating VPN connections from native VPN clients included with Microsoft Windows 2000, Windows XP, Windows 2003, and Windows Pocket PC and also support variety of authentication methods including user ID/password, pre-shared keys, certificate, and two-factor authentication 7 Should support VPN connections between Android mobile devices and the appliance, when using the L2TP/IPsec protocol and the native Android VPN client. 8 Should have capability to automatically identify operating systems and service packs on any remote device establishing a client or clientless SSL VPN 9 Should support VPN from variety of endpoints like desktops, tablets and smartphones on the same appliance 10 Should support Start Before Login (SBL) feature which allows a VPN connection to be established prior to machine login. This functionality allows for native Windows functionality such as AD group policies, drive mapping and login scripts to be provided for VPN users 11 The vpn client should support EAP-TLS (Transport Layer Security), LEAP (Lightweight EAP), MD5 (Message Digest 5) 12 The vpn client should support mobile devices like apple, android 13 Internal websites (both http and https). IPS Features 1 Inspect normal traffic as well as encapsulated traffic including the following GRE MPLS 802.1q, IPv4 in IPv4 IPv4 in IPv6 Q-in-Q double VLAN 2 Concurrent Threat Mitigation Throughput (Mbps) (Firewall + IPS Services) should be 1.2 Gbps 3 Should support custom signatures 4 It should have the capability of defining virtualized IPS sensors 5 Supports central management of policy configuration and one-touch global policy roll-out for policy changes and application

6 Support creation of baseline of normal network traffic and then uses baseline to detect worm-infected hosts 7 Should be able to determine host operating system by inspecting characteristics of the packets exchanged in the network 8 Should be able to correctly track TCP sessions in complex network configurations 9 Support inspection and mitigation of threats in Multiprotocol Label Switching (MPLS) environments 10 IPS should be capable of being installed in asymmetric network environments 11 operator should be able to change from active (inline) mode to passive mode remotely 12 ips device should have features to prioritize alerts after an alert action is taken place eg - if a high priority attack is dropped, the alert should be log, however if an high priority attack is allowed, the alert should be an email 13 The ability to define a default operating system that will be used in the attack relevance calculation - eg if a linux based attack is targeted towards a windows server, the alert severity of the attack should be lowered 14 all traffic should be scrubbed/normalized/reordered as it passes through the sensor 15 the ips should have the ability to dynamically understand the risk posed by an attack to the network so as to best adjust the rating of the alert. This risk should be assessed via various parameters like - relevance of an attack (linux vs windows) and value of target (printer vs server) 16 Ability to identify attacks in IPv6 environments through the inspection of IPv4 traffic being tunnelled in IPv6

OEM Eligibility Criteria: All active components should be same OEM. The OEM should be an ISO-9000 and ISO-14001 certified company. Consortium: If the Bidder is not a manufacturer he should provide documentary evidence (e.g. Manufacturers Authorization Form) for having tied up with all the participating agencies. Tax and Duty Exemption: The Institute may provide necessary certificates for tax/duty exemption as applicable. Bid Currencies: Bids are to be quoted in Indian Rupees only. Cancellation of Tender: 1. The Institute may cancel the tender processing at any point of time prior to the issuance of purchase order without assigning any reason whatsoever for unforeseen and unavoidable circumstances. 2. The Institute may also cancel the tender processing for want of any participating Bidder or if all the participating Bidders fail to qualify eligibility in terms with technical or other reasons. Technical & commercial bids should be submitted in separate sealed envelopes mentioning the contents on it. Any Technical Bid not containing the above

specifications may be rejected. The Technical Bid should not contain any price information, such proposal will be rejected.

Bill of Material (To be included in Technical Bid) The Bidder should provide Bill of Material (details of all Modules / Components of Hardware including those bought-out, off-the-shelf or third-party products / items required) Module-wise, in the following format. Module/Item Description Make/ Model/ Version Part Number Principal Vendor/ Manufacturer Signature of Bidder : Name : Business address : Place : Date :

Bill of Material (To be included in Commercial Bid) Module/ Item Make/ Model/ Version Part Number Principal Vendor/ Manufacturer Quantity/ No. of Licenses per installation Unit Price Total Price without Tax Tax % Tax Estimate Total Price with Tax Signature of Bidder : Name : Business address : Place : Date :

Quotation Address : To The Head Computer & Statistical Service Center 4th Floor, S.N.Bose Bhaban Indian Statistical Institute 203 B.T. Road, Kolkata 700108

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information