Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF JUNE 05, 2024 SAM #8226
SOLICITATION NOTICE

D -- Cisco Next Generation Firewall (NGFW)

Notice Date
6/3/2024 12:14:13 PM
 
Notice Type
Solicitation
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
Acquisition Services Washington DC 20401 USA
 
ZIP Code
20401
 
Solicitation Number
040ADV-24-R-0047
 
Response Due
6/6/2024 7:00:00 AM
 
Archive Date
06/21/2024
 
Point of Contact
Jasanya Bias Harrison, Phone: 2025120058, Abdulrashid Behi, Phone: 2023045098
 
E-Mail Address
Proposals-1@gpo.gov., abehi@gpo.gov
(Proposals-1@gpo.gov., abehi@gpo.gov)
 
Description
*The purpose of today's amendment is to Delete all options years which make this soliciation only for 12 months.*�� C.1�������� OBJECTIVE As part of Hardware Lifecycle Refresh task, GPO intends to replace its legacy Cisco Next Generation Firewall (NGFW) with the most recent Cisco NGFW platforms at two (2) geographically separate GPO sites. The existing firewall platform is coming to End of Life and End of Support. The Government Publishing Office (GPO) is seeking qualified Contractor to provide all hardware components as listed in section B.2 and provide end-to-end installation, configuration, and implementation services. The two (2) GPO locations (GPO Data Center in Northern Virginia and Headquarters locations), including hardware and software maintenance and technical support and provide expert professional services to assist GPO with installation, configuration, and validation testing and operational activation of the new NGFW. The new NGFW System should be installed without disrupting the current GPO system. The intent is to have the new NGFW system replaced and take over all the current functions of GPO firewall system at the two (2) GPO locations (GPO Data Center and Headquarters locations) at the conclusion of the project. C.2�������� Technical Requirements C.2.1� Capacity and Performance 2 x 100Gbps physical interfaces capable of being configured as trunks and sub-interfaces 8 x 10/40Gbps physical interfaces capable of being configured as trunks and sub-interfaces 1/10 Gbps Out of Band management interface Firewall Throughput inner tier > 60 Gbps; outer tier > 40 Gbps Throughput with all Next Gen features running > inner tier > 40 Gbps; outer tier > 20 Gbps TLS decryption > 5 Gbps IPsec VPN throughput > 5Gbps Concurrent connections with full Next Gen inspection > 2 million Maximum new connections per second > 100K C.2.2���������������� Management Centralized management of all the physical and virtual firewall, including cloud-based, in the domain via a multi-faceted GUI based controller.� This should include an at-a-glance view of the general health and performance of the environment. Support for Administrative Role Based Access for Authentication and Authorization via a variety of services including TACACS+ RADIUS Active Directory/LDAP/Kerberos SAML Multifactor Authentication incorporating the above and second factors from providers such as RSA SecurID, Okta Adaptive, etc. Notifications via email and/or SNMP in reaction to single or a threshold of events occurring on the firewall Built-in optimization tools such as rules shadowing identification, hit counts, rule usage information Built-in troubleshooting tools such as packet captures, traffic tracing Comprehensive logging to remote destinations via Syslog or SNMP, with the ability to filter and transmit specific logs to a variety of destinations, and the ability to take actions such as Block or Alert based on specific log entries. Comprehensive views, via the local management console, of traffic and events occurring on and through the firewalls. Shall provide a set of individual and summarized, canned reports on web browsing activity including: most attempts to access blocked sites by user and highest web traffic (usage) by user. Able to integrate with the Windows Server 2019 environment to correlate AD user and group information with IP addresses. Firewall rules must be exportable from the NGFW in a file format that can be sorted (expanded) and searched by components such as ports, protocols, zones, interfaces, etc. (CSV format is highly desirable; TXT format is required). An API interfaces Interfaced withing SolarWinds for Pro-active Monitoring of uptime of both virtual and physical interfaces as well 24x7 monitoring of all critical services C.2.3���������������� High Availability Ability to run in a hitless high availability scenario either Active/Active or Active/Standby including the ability to selectively decide what constitutes a failure such as specific groups of interfaces, reachability to an external target C.2.4���������������� Access Control Access control based on ports and protocols at a minimum but must also include additional access controls listed below. Access control via well-known applications regardless of port, and the ability to add new applications and customize applications. Access control based on URLs, and also on browsing running on other that the well-known ports of 80 and 443 Access control based on source user-id. Support for dynamic local allow and blocklists, and external lists and feeds that can be imported by the firewalls and applied to rules.� These lists should include components that can be defined by IP address, URL or user-id. Dynamic Group Expansive URL categorization, and filtering based on these URL categories to control access to inappropriate and dangerous web sites. Web Access Firewall (WAF) functionality (outer tier) or tight integration with a separate WAF is desirable. C.2.5���������������� Next Generation IPS and Traffic Inspection Automatic Threat feed and IPS signature update Support for Anti-Virus, Anti-Spyware, Data Loss Protection File access control � including multi-level decoding of zipped files Zero-day malware inspection and sandboxing C.2.6���������������� Denial of Service (DoS) Protection Denial of Service protection for individual or aggregate devices.� Including SYN, ICMP and UDP flood protection. Protection against reconnaissance such as port scans and hosts sweeps. Packet attacks such as non-SYN initial packets, too large or other malformed packets Protection against Unexpected protocols attacks.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/017854bf4cdb4efab40e542526a4eb3f/view)
 
Place of Performance
Address: Washington, DC 20401, USA
Zip Code: 20401
Country: USA
 
Record
SN07083665-F 20240605/240603230038 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.