S.No. Page no & clause 1. Technical 2. Technical Existing RFP Clause Vendor Queries Bank Reply Appliance should have minimum of 16 GB RAM or more expandable up to 64GB. Firewall should have dual power supplies, redundant hard disk & cooling fans. 6GB of RAM is sufficient for the appliances based on Multi Core Architecture and they provide better performance based on the System Architecture. Request you to make it 6GB or more. Considering the throughputs requested and the current FW appliance. We feel that a minimum of 16 GB RAM on the FW appliance should be sufficient to meet the Banks HDD are primarily used for storing reports, which can be stored internally or externally. Request to provide an option to provide external reporting with redundant Hard Drive if not internal. Appliance should have minimum 16 GB RAM. Solution should have dual power supplies, redundant hard disk and cooling fans on the firewall appliances as well as on centralized monitoring, management and Log server if required separately. 3. Technical The communication between all the components of Firewall System (firewall module, logging & policy management server, and the GUI/ WebUI Console) GUI and Reporting Module can be made available as an out of box management and reporting, the communication of which is encrypted. Request you to accept quotes on such solutions. Page 1 of 5
4. Technical 5. Technical 6. Technical 7. Technical should be encrypted with SSL or PKI. IPsec ISAKMP methods should support Diffie- Hellman Group 1,2,5,14 & 19, MD5 & SHA Hash, RSA & Manual Key Exchange Authentication, 3DES/AES- 256 Encryption of the Key Exchange Material and algorithms like RSA-1024 / 1536 It should support the VOIP Applications Security by supporting to filter SIP, H.323, MGCP and Skinny flows. Should have more than 100+ Categories based on Urls, Application types, Security Risk level etc Solution should have an option of mechanism of education users for eg Ask user before allowing access website. Request you to make DH group as 1, 2,5,and 14. Also the hashing parameters like MD5 & SHA along with encryption parameters such as 3DES/AES256 can provide the great level of security to the VPN. Request to make it It should support the VOIP Applications Security by supporting to filter SIP, H.323 as MGCP and Skinny flow are not commonly used protocols. Request you to make it Should have more than 80+ Categories based on Urls, Application types, Security Risk level etc. since the URL s supported with 80+ categories might be higher than the competition providing 100+ categories. It is always better to have controls in the administrators hand instead of the users, since users can access anything and everything if the access is given to them. Recommended is to use a newer As this is the Security System and latest algorithms techniques for encryption/ decryption and Hashing is necessary for the protection of the system. Bank is using VOIP application and to protect the system the said support is required. Should have more than 80+ predefined Categories based on Urls, Application types, Security Risk level etc. However solution should be able to create custom categories for URL and application. Solution should have an option of allow / block / Monitor / Authentication a user before allowing access to Page 2 of 5
8. Technical Page no- 14 Should be able to scan any file irrespective of it size. feature Temporary Access Portal where in a Portal can be made accessible to end users wherein the users can ask for temporary access of web categories or URLs through the same. Also the administrator can restrict prohibited categories which the users can access and to rule down the request put forward by his team members. The need to Allow/Block / Monitor / Authenticate a user in the Banks environment should be sufficient to meet the Bank's requirements. Kindly let us know if this wound meet UBI's requirement Scanning file irrespective of the size may increase the load on the system CPU and Memory and may drag down the performance of the Appliance. For example if the file size is 1GB it might take much time and resources of the appliance and user also will not get notified for the same. website. However solution should have capability to send customized messages to guide the user at the time of accessing website.. Page 3 of 5
9. Technical Firewall Real-Time Monitoring, Management & Log Collection should be available & stored. Not able to understand " & stored " The firewall appliance/management server should be able to store configuration and Logs locally. The Solution should be capable to take backup of the configuration and logs on periodical intervals. 10. Technical 11. Technical 12. Technical It should support BGP, OSPF, RIPv1 &2, Multicast Tunnels, DVMRP protocols Application Control Databases should have sizable application and widget control list Solution should have an option of creating custom categories for URL and Application control. Need to know the requirement of DVMRP on a security appliance Widget Control List is specific to a particular Vendor Custom Categories are not possible in Application Control but FortiOS allows for configuring Application Overrides. Kindly let us know if this would meet the Banks requirement It should support BGP, OSPF, RIPv1 &2, Multicast Tunnels, Multicast protocols like DVMRP,PIM etc. Application Control Databases should have application control list. Should have more than 80+ predefined Categories based on URLs, Application types, Security Risk level etc. However solution should be able to create custom categories for URL and application. Page 4 of 5
13. New clause NA Under NSIC and MSME, sought the exemption from tender fee and EMD/BG. MSMEs registered under Single Point Registration Scheme of NSIC may be exempt from payment of cost of RFP and EMD. For this purpose bidder must submit the relevant Registration Certificate clearly indicating their capacity and monetary limit. In case the capacity and monetary limit specified in the registration certificate is less than the tender value, bidder must get assessed the competency of the unit to execute contract of the higher value keeping in view of the pending load on the unit from inspection agency of NSIC for higher capacity / competence. However the exemption is only for Bid Security. If such a bidder is successful, then bid security as per the RFP document shall be submitted Page 5 of 5