Next Generation Firewall Solution

The vendor is required to provide a next generation firewall (NGFW) solution to regulate north-south traffic into the city's networks.
- Technical requirements
a. Performance requirements
1. Throughput and capacity
• Minimum 10 Gbps firewall throughput with all security services enabled 
• Minimum 8 physical network ports, 10gbe copper or SFP+ 
• Support for at least 1 million concurrent sessions 
• At least 20,000 new connections per second 
• Maximum latency impact of 5ms with all security services enabled 
• Ability to handle encrypted traffic inspection with minimal performance degradation
2. High availability
• Must provide high availability (ha) functionality 
• Active/active or active/passive configuration options 
• Stateful failover capabilities 
• Proposals must either include HA pairs or clearly document how HA is achieved
b. Security features
1. Required security services
• Enterprise-grade next-generation firewall functionality
• Advanced application control with deep packet inspection
• Comprehensive intrusion prevention system (IPS)
• Web filtering with URL categorization and content analysis
• DNS filtering and security
• Anti-malware protection
• SSL/TLS inspection capabilities
• Advanced threat protection
• User identity awareness and integration
2. Optional security services
• Data loss prevention (DLP)
• Advanced sandbox integration
• IoT security
• Hybrid mesh firewall capabilities (to be priced separately as an option)
•  Cloud security integration
• Email security
c. Connectivity and integration
1. Network integration
• Support for VLANs and trunking
• Support for multiple virtual firewalls/contexts
• Support for multiple ISP connections with load balancing
• Support for IPsec VPN
• Support for ipv4 and ipv6
• Support for VXLAN or equivalent overlay networks
2. Authentication integration
• Support for radius and TACACS+
• Support for multi-factor authentication
• Role-based access control d. Migration requirements
1. Rule migration tools and services
• Must provide tools or services to migrate existing rules and configurations from the city's Fortigate 601e
• Must support migration of VDOM configurations
• Must provide a migration methodology and plan
• Must include verification and testing processes
• Must include knowledge transfer to city IT staff
2. Implementation services
• Remote guided installation and configuration services
• Cutover planning guidance
• Testing and validation services
- Management and reporting
1. Management interface
• Web-based management interface
• Command line interface (CLI)
• API for automation and integration
• Role-based administration
• Audit logging of administrative actions
• Change management capabilities
2. Reporting and monitoring
• Real-time monitoring dashboard
• Comprehensive logging capability
• Traffic analysis reporting
• Threat detection and security incident reporting
• Customizable report templates
• Log retention for minimum of 12 months
• Log export capabilities
• Integration with SIEM systems, city uses hosted as a SIEM currently. - Support and maintenance
1. Support services
• 24x7x365 technical support
• Maximum 1-hour response time for critical issues
• Escalation procedures and contacts
• Regular maintenance and health checks
• RMA process for hardware replacement
2. Software updates
• Regular firmware and software updates
• Security definition updates
• Feature enhancements
• Upgrade planning assistance
• Emergency patch management
3. Training
• Documentation and knowledge base access
• Optional advanced training options.
- Contract Period/Term: 1 year
- Questions/Inquires Deadline: June 25, 2025