Request for Proposal

Background: The client’s network was badly in need of a sophisticated network security solution. After speaking with technicians, the client’s CIO and Executive Director I was charged with creating an Request For Proposal (RFP). One unique element of this project was the very specific nature of the desired solution. The client knew that they wanted a unified solution witha hardware firewall. Scalability was important as well; hence, the benchmark of a Unified Threat Management solution, Fortinet.

SPECIFICATIONS

The supplier shall provide an Enterprise Network Security solution in accordance with the above reference CLINs as directed by the User. Alternate items cannot be substituted for awarded items without written approval of the Contracting Officer. All materials and supplies shall be provided in accordance to the specifications as detailed below. If during the term of this contract, it is determined that additional items are necessary, Client reserves the right to secure pricing and add items to the current award(s).

Enterprise Network Security: System Description and Requirements

Client is seeking proposals from qualified vendors to Engineer, Furnish, Install, and put into service, a maintenance upgrade project to remove the existing network security solution that is insufficient to meet compliance and performance needs, and replace it with an Enterprise Network Security solution modeled after the Fortinet UTM solution. For benchmarking, a suitable hardware solution would have the capability of the following hardware and support (Fortinet):

  • (4) Years of 24×7 – NBD HW Replacement, Support, and Subscription Services for IPS, AntiVirus, and URL Filtering
  • (4) Years of FortiGuard Vulnerability Scan Updates
  • FortiAnalyzer 4000A: Logging, Reporting, and Archiving Content up to 6TB
  • FortiGate-3810A (see features, below)

FortiGate-3810A Specifications
  Maximum Firewall Throughput: 7 Gbps   
  Maximum IPSec VPN Throughput 1 Gbps   
  Maximum Antivirus Throughput: 500 Mbps (HTTP)  
  Maximum IPS Throughput: 4 Gbps (UDP)  
  Maximum Concurrent Sessions: 2 Million  
  Network Interfaces: 8 10/100/1000 Base-T
2 GigE SFP		  

 Overview of the Current Client Environment

[redacted to preserve confidentiality]

The current solution combines free and open source software with hardware that is no longer supported, which presents a number of issues:

  1. Client may be in breach of [redacted to preserve confidentiality] because of an insufficient Web Filter.  Attempts have been made to leverage SquidGuard as a Freeware solution, but this has proven an ineffective means to protect the students from inappropriate web content. 
  2. The Sun® Microsystems SunScreen Firewall used by client is no longer supported, and there is significant risk to the network should it encounter a serious failure.  Hardware, parts and vendor support are no longer commercially available. 
  3. Client cannot prioritize web-based applications; which have been plagued with performance issues.  There are currently no tools to help prioritize this traffic.
  4. Proxies are adding complexities to an already complex network and security environment.  This creates added steps and troubleshooting points in the event of an outage or network problem.  This adds cost and complexity to the client environment through licensing and operational-support costs.
  5. Client continues to experience multiple problems with Internet-based communications.  With the current security tools, it is nearly impossible to troubleshoot some of these problems because of a lack of reporting and tools to determine the cause of these problems.
  6. Client lacks the proper tools to prevent a Denial of Service (DoS) attack, which blocks all access in and out of the network.  

Evaluation Criteria:

  • 30% Total Price and Cost Effectiveness of Solution
  • 20% Meeting Overall Requirements, Best overall value to the client
  • 20% Vendor’s Experience and Demonstrated Support
  • 10% Technical Merits
  • 10%Vendor’s Demonstrated Ability to work with [redacted]
  • 10% Quality/Clarity of bidder’s response , with great care and close attention to detail

Specific HW Requirements

The hardware requirements for this project are those which, combined with subscription services and related software, shall provide the same level of service as the Fortinet benchmark product. Specifically,

  • (4) Years of 24×7 – NBD HW Replacement, Support, and Subscription Services for IPS, AntiVirus, and URL Filtering
  • (4) Years of FortiGuard Vulnerability Scan Updates
  • FortiAnalyzer 4000A: Logging, Reporting, and Archiving Content up to 6TB
  • FortiGate-3810A (see features, above)

Project installation Requirements

Project and Installation Requirements:

  • All installation work will be done off hours to minimize impact on district.
  • This installation will be installed in one location which is Client Data Center.

Upon award, the vendor shall provide a detailed, complete test and acceptance plan for cutover analysis at each site. Each site requires client sign-off and acceptance by the Division of Technology and Information Systems (DTIS) Project Manager. No site will be considered complete until formal acceptance is completed by DTIS. DTIS will be the sole source for acceptance or rejection of the system and all site work.

Vendor Statement of Work (SOW):

  1. Train Network operations and System administrators on device.
  2. Perform DMZ assessment.
  3. Perform Firewall rule migration to new solution.
  4. Perform virtual IP migration to new solution.
  5. Setup and test High Availability
  6. Setup Logging Devices/Services.

Description of Installation Steps

  1. Convert Firewall rules to new Solution Syntax
  2. Convert Virtual IP  to new Solution Syntax
  3. Install all high-availability units
  4. Pre-setup Firewall Devices
  5. Load Firewall Rules and Virtual
  6. Test High Availability
  7. Test internet access
  8. Test Mail
  9. Test WWW
  10. Test PeopleSoft External portal

Warranty and Support Stipulations (RFP)

Support cost table requirement:

The District requests that all bidders describe options for support in a table that describes each option for support with corresponding costs and terms. Specifically, the support cost table should include costs for levels of support, but not limited to; one-hour response, four-hour response, business hours versus after-hours, and phone versus on-site support. The objective of this table is to allow the District to choose the level of support and (and corresponding cost) that best serve the District.

Other stipulations:

  • Maintenance Personnel: All system maintenance during the warranty period and under any maintenance agreements shall be performed by the successful bidding organization using personnel employed full time by the Bidder and at no additional cost to the client other than those charges stipulated to maintain the warranty.
  • Four-Year Support: As part of the response to this specification, the Bidder must guarantee to provide ongoing system maintenance for a period of not less than four (4) years following the expiration of the original warranty period or the discontinuance of the product line.
  • Logistical Support: Bidder must identify the address of the Bidder’s local service centers and the number of service personnel trained on the proposed system.
  • Repair Response: The successful Bidder shall provide routine system monitoring to assure the continued operation of all system components.
  • Response Time: This will be addressed formally by the bidder in the Support Cost Table; however, the district is tentatively interested in the following: during the warranty period, the client is guaranteed a response time of no more than one (1) hour for all major system problems, 12 hours per day, 5 days per week, and a maximum of Four (4) hours response to other system problems.
  • Spare Parts Availability: Bidder shall maintain local availability of spare parts in the area.
%d bloggers like this: