Biodiversity Management Bureau Tender

Description Title Of Procurement: Supply And Delivery Of Next Generation Firewall Appliance (rackmount) Purpose: For Official Use Of The Bmb Approved Budget For The Contract (abc): P1,000,000.00 Page 1 Of 12 Item Items/descriptions Qty./ Unit Price Total Price No. Unit 1 "next Generation Firewall Appliance (rackmount)" 1 Lot P_________ P_________ Technical Specifications: Hardware Features Hardware Specifications Form Factor : 1u Rackmount Processor : X86 Amd Cpu Cpu Memory: 12 Gb (2666) Ddr4 Xstream Flow Processor (npu): Marvell Npu Memory : 4 Gb Ddr4 Storage : 1x Min. 240 Gb Sata-iii Ports : 8x Ge Copper, 2x Sfp Ge Fiber, 2x Sfp+ 10ge Fiber Bypass Port Pairs: 1 Max. Total Port Density (incl. Use Of Modules): 20 Optional Add-on Connectivity: Sfp Dsl Module (vdsl2) Sfp/sfp+ Transceivers I/o Ports : 1x Com Rj45, 2x Usb 3.0 / 1x Usb 2.0 / 1x Rj45 Mgmt / , 1x Micro Usb (cable Included) / W/ 1x Expansion Bay Display : Multi-function Lcd Display Power Supply : Internal Auto-ranging Dc100-240vac, 3-6a@50-60 Hzexternal Redundant Psu Option Product Certifications (safety, Emc) : Cb, Ce, Ukca, Ul, Fcc, Ised, Vcci, Kc, Rcm, Nom, Anatel, Ccc, Bsmi, Tec, Sdppi Max. Power-over-ethernet (using Flexi Port Module) Max. Total Port Density (incl. Use Of Modules) : 20 1 Module: 4 Ports, 60w Max. Security Performance Firewall Throughput : 47,000 Mbps Firewall Imix: 23,500 Mbps Firewall Latency (64 Byte Udp): 4 Μs Ips Throughput : 10,500 Mbps Ipsec Vpn Throughput: 25,000 Mbps Ipsec Vpn Concurrent Tunnels: 6,500 Threat Protection Throughput : 2,000 Mbps Ngfw: 9,000 Mbps Concurrent Connections : 12,260,000 New Connections/sec : 186,500 Ssl/tls Inspection: 2,470 Mbps Ssl/tls Concurrent Connections: 55,296 Maximum Licensed Users : Unrestricted Base Firewall Features General Management Purpose-built, Streamlined User Interface And Firewall Rule Management For Large Rule Sets With Grouping With At-a-glance Rule Feature And Enforcement Indicators Two-factor Authentication (one-time-password) Support For Administrator Access, User Portal, Ipsec And Ssl Vpn Advanced Trouble-shooting Tools In Gui (e.g. Packet Capture) High Availability (ha) Support Clustering Two Devices In Active-active Or Active-passive Mode With Plug-and-play Quick Ha Setup Ha Support In Aws Using The Aws Transit Gateway Full Command-line-interface (cli) Accessible From Gui Role-based Administration Automated Firmware Update Notification With Easy Automated Update Process And Roll-back Features Reusable System Object Definitions For Networks, Services, Hosts, Time Periods, Users And Groups, Clients And Servers Self-service User Portal Configuration Change Tracking Flexible Device Access Control For Services By Zones Email Or Snmp Trap Notification Options Snmpv3 And Netflow Support Central Management Support Via Cloud-based Unified Console Automatic Email Notifications For Any Important Event Backup And Restore Configurations: Locally, Via Ftp Or Email; On-demand, Daily, Weekly Or Monthly Api For 3rd Party Integration Interface Renaming Remote Access Option For Sophos Support Cloud-based License Management Via Licensing Portal Syslog Support Real-time Flow Monitoring Traffic Light Style Indicators Instant Insights At A Glance Quick Drill-down Interaction With Any Control Center Widget Snmp With A Custom Mib And Support For Ipsec Vpn Tunnels Support For New Aws Instances (c5/m5 And T3) Support For Cloud Formation Templates Virtual Wan Zone Support On Custom Gateways For Post Deployment Single Arm Usage "supports A Broad Range Of Virtualization Platforms And Can Also Be Deployed As A Software Appliance On Your Own X86 Intel Hardware" "available In The Aws Marketplace With A Pay-as-you-go (payg) License Model, Or Bring Your Own License (byol) To Best Fit Your Needs." Certified And Optimized For Azure And Is Available In The Microsoft Azure Marketplace. Can Take A Free Test Drive Or The Flexible Payg Or Byol Licensing Options. Nutanix Ahv And Nutanix Flow Support Stronger Password Hash Algorithm (requires A Password Change) Central Firewall Management Cloud-based Management And Reporting For Multiple Firewalls Provides Group Policy Management And A Single Console For All Your Sophos It Security Products Group Policy Management Allows Objects, Settings, And Policies To Be Modified Once And Automatically Synchronized To All Firewalls In The Group Task Manager Provides A Full Historical Audit Trail And Status Monitoring Of Group Policy Changes Backup Firmware Management Which Stores The Last Five Configuration Backup Files For Each Firewall With One That Can Be Pinned For Permanent Storage And Easy Access Firmware Updates Which Offer One-click Firmware Updates To Be Applied To Any Device Zero-touch Deployment Enables The Initial Configuration To Be Performed In Cloud-based Management And Then Exported For Loading Onto The Device From A Flash Drive At Startup, Automatically Connecting The Device Back To Sophos Central Group Firewall Management Via The Partner Dashboard Firmware Update Scheduling Multi-firewall Reporting Across Firewall Groups Save, Schedule And Export Reports From Sophos Central Firewall, Networking & Routing Stateful Deep Packet Inspection Firewall Packet Processing Architecture That Provides Extreme Levels Of Visibility, Protection, And Performance Through Stream-based Packet Processing "tls Inspection With High Performance, Support For Tls 1.3 With No Downgrading, Port Agnostic, Enterprise-grade Polices, Unique Dashboard Visibility, And Compatibility Troubleshooting" "dpi Engine That Provides Stream Scanning Protection For Ips, Av, Web, App Control, And Tls Inspection In A Single High-performance Engine" Accelerates Saas, Sd-wan, And Cloud Traffic Such As Voip, Video, And Other Trusted Applications Via Fastpath Through The New Xstream Flow Processors. Network Flow Fastpath Delivers Policy-driven And Intelligent Acceleration Of Trusted Traffic Automatically Improved Fastpath Support For Active-passive Pairs Pre-packaged Exception List Covers All Ports/protocols Supports All Modern Cypher Suites Unmatched Visibility And Error Handing User, Group, Time, Or Network Based Policies Access Time Polices Per User/group Enforce Policy Across Zones, Networks, Or By Service Type Zone-based Firewall Default Zones For Lan, Wan, Dmz, Local, Vpn And Wifi Full Vlan Support Zone And Vlan Isolation And Zone-based Policy Support. Micro-segmentation And Auto-isolation Via Synchronized Security Custom Zones On Lan Or Dmz Customizable Nat Policies With Ip Masquerading And Full Object Support To Redirect Or Forward Multiple Services In A Single Rule With A Convenient Nat Rule Wizard To Quickly And Easily Create Complex Nat Rules In Just A Few Clicks Flood Protection: Dos, Ddos And Portscan Blocking Country Blocking By Geo-ip Advanced Routing: Static, Multicast (pim-sm), And Dynamic (rip, Bgp, Ospf) With Full 802.1q Vlan Support Upstream Proxy Support Protocol Independent Multicast Routing With Igmp Snooping Bridging With Stp Support And Arp Broadcast Forwarding Vlan Dhcp Support And Tagging Vlan Bridge Support Jumbo Frame Support Sd-wan Link Balancing: Multiple Internet Connections, Auto-link Health Check, Automatic Failover, Automatic And Weighted Balancing, And Granular Multipath Rules 802.3ad Interface Link Aggregation Full Configuration Of Dns, Dhcp And Ntp Dynamic Dns (ddns) Sd-wan Support For Multiple Wan Link Options Including Vdsl, Dsl, Cable, And 3g/4g/lte Cellular With Essential Monitoring, Balancing, Failover And Fail-back Application Path Selection And Routing, Which Is Used To Ensure Quality And Minimize Latency For Mission-critical Applications Such As Voip Synchronized Sd-wan, A Synchronized Security Feature Which Leverages The Added Clarity And Reliability Of Application Identification That Comes With The Sharing Of Synchronized Application Control Information Between Managed Endpoints And Firewall Synchronized Sd-wan Application Routing Over Preferred Links Via Firewall Rules Or Policy-based Routing Affordable, Flexible, And Zero-touch Or Low-touch Deployment Robust Vpn Support Including Ipsec And Ssl Vpn Centralized Vpn Orchestration Unique Red Layer 2 Tunnel With Routing Integration With Azure Virtual Wan For A Complete Sd-wan Overlay Network Base Traffic Shaping & Quotas Flexible Network Or User Based Traffic Shaping (qos) (enhanced Web And App Traffic Shaping Options Included With The Web Protection Subscription) Set User-based Traffic Quotas On Upload/download Or Total Traffic And Cyclical Or Non-cyclical Real-time Voip Optimization Dscp Marking Authentication Synchronized User Id Utilizes Synchronized Security To Share Currently Logged In Active Directory User Id Between Sophos Endpoints And The Firewall Without An Agent On The Ad Server Or Client Authentication Via: Active Directory, Edirectory, Radius, Ldap And Tacacs+ Server Authentication Agents For Active Directory Sso, Stas, Satc Single Sign-on: Active Directory, Edirectory, Radius Accounting Radius Timeout With Two-factor Authentication (2fa) Client Authentication Agents For Windows, Mac Os X, Linux 32/64 Browser Sso Authentication: Transparent, Proxy Authentication (ntlm) And Kerberos Browser Captive Portal Authentication Certificates For Ios And Android Authentication Services For Ipsec, Ssl, L2tp, Pptp Google Chromebook Authentication Support For Environments With Active Directory And Google G Suite Api-based Authentication Azure Ad Integration Support For Creating Users With Upn Format For Radius Authentication User Self-serve Portal Download The Sophos Authentication Client Download Ssl Remote Access Client (windows) And Configuration Files (other Os) Hotspot Access Information Change User Name And Password View Personal Internet Usage Access Quarantined Messages And Manage User-based Block/allow Sender Lists (requires Email Protection) Base Vpn Options Ipsec And Ssl Vpn Tunnels Wizard-based Orchestration Site-to-site Vpn: Ssl, Ipsec, 256- Bit Aes/3des, Pfs, Rsa, X.509 Certificates, Pre-shared Key Remote Ethernet Device (red) Site-to-site Vpn Tunnel (robust And Light-weight) L2tp And Pptp Route-based Vpn Remote Access: Ssl, Ipsec, Iphone/ipad/ Cisco/andriod Vpn Client Support Ikev2 Support Ssl Client For Windows And Configuration Download Via User Portal Enforcement Of Tls 1.2 For Ssl Site-to-site And Remote Access Vpn Tunnels Network Protection Subscription Intrusion Prevention (ips) High-performance, Next-gen Ips Deep Packet Inspection Engine With Selective Ips Patterns That Can Be Applied On A Firewall Rule Basis For Maximum Performance And Protection Zero-day Threat Protection Perimeter Defenses Thousands Of Signatures Granular Category Selection Support For Custom Ips Signatures Ips Policy Smart Filters Enable Dynamic Policies That Automatically Update As New Patterns Are Added Atp And Security Heartbeat Advanced Threat Protection (detect And Block Network Traffic Attempting To Contact Command And Control Servers Using Multi-layered Dns, Afc, And Firewall) Sophos Security Heartbeat Instantly Identifies Compromised Endpoints Including The Host, User, Process, Incident Count, And Time Of Compromise Sophos Security Heartbeat Policies Can Limit Access To Network Resources Or Completely Isolate Compromised Systems Until They Are Cleaned "lateral Movement Protection Further Isolates Compromised Systems By Having Healthy Sophos -managed Endpoints Reject All Traffic From Unhealthy Endpoints Preventing The Movement Of Threats Even On The Same Broadcast Domain" Intelligent Firewall Policies Multi-layered, Call-home Protection Clientless Vpn Unique Encrypted Html5 Self-service Portal With Support For Rdp, Http, Https, Ssh, Telnet, And Vnc Web Protection Subscription Web Protection And Control Fully Transparent Proxy For Anti-malware And Web-filtering Enhanced Advanced Threat Protection Url Filter Database With Millions Of Sites Across 92 Categories Backed By Oemlabs Surfing Quota Time Policies Per User/group Access Time Polices Per User/group Malware Scanning: Block All Forms Of Viruses, Web Malware, Trojans And Spyware On Http/s, Ftp And Web-based Email Advanced Web Malware Protection With Javascript Emulation Live Protection Real-time In-the-cloud Lookups For The Latest Threat Intelligence Second Independent Malware Detection Engine (avira) For Dual-scanning Real-time Or Batch Mode Scanning Pharming Protection Http And Https Scanning On A Per User Or Network Policy Basis With Customizable Rules And Exceptions Ssl Protocol Tunnelling Detection And Enforcment Certificate Validation High Performance Web Content Caching Forced Caching For Sophos Endpoint Updates File Type Filtering By Mime-type, Extension And Active Content Types (e.g. Activex, Applets, Cookies, Etc.) Youtube For Schools Enforcement Per Policy (user/group) Safesearch Enforcement (dns-based) For Major Search Engines Per Policy (user/group) Web Keyword Monitoring And Enforcement To Log, Report Or Block Web Content Matching Keyword Lists With The Option To Upload Customs Lists Block Potentially Unwanted Applications (puas) Web Policy Override Option For Teachers Or Staff To Temporarily Allow Access To Blocked Sites Or Categories That Are Fully Customizable And Manageable By Select Users User/group Policy Enforcement On Google Chromebooks Auto Web-filtering Of Internet Watch Foundation (iwf) Identified Sites Containing Child Sexual Abuse Cloud Application Visibility Control Center Widget Displays Amount Of Data Uploaded And Downloaded To Cloud Applications Categorized As New, Sanctioned, Unsanctioned Or Tolerated Discover Shadow It At A Glance Drill Down To Obtain Details On Users, Traffic, And Data One-click Access To Traffic Shaping Policies Filter Cloud Application Usage By Category Or Volume Detailed Customizable Cloud Application Usage Report For Full Historical Reporting Application Protection And Control Synchronized App Control To Automatically, Identify, Classify, And Control All Unknown Windows And Mac Applications On The Network By Sharing Information Between Managed Endpoints And The Firewall Signature-based Application Control With Patterns For Thousands Of Applications Cloud Application Visibility And Control To Discover Shadow It App Control Smart Filters That Enable Dynamic Policies Which Automatically Update As New Patterns Are Added Micro App Discovery And Control Application Control Based On Category, Characteristics (e.g., Bandwidth And Productivity Consuming), Technology (e.g. P2p), And Risk Level Per-user Or Network Rule Application Control Policy Enforcement Web & App Traffic Shaping Custom Traffic Shaping (qos) Options By Web Category Or Application To Limit Or Guarantee Upload/download Or Total Traffic Priority And Bitrate Individually Or Shared Zero-day Protection Subscription Dynamic Sandbox Analysis Full Integration Into Your Security Solution Dashboard Inspects Executables And Documents Containing Executable Content (including .exe, .com, And .dll, .doc, .docx, Docm, And .rtf And Pdf) And Archives Containing Any Of The File Types Listed Above (including Zip, Bzip, Gzip, Rar, Tar, Lha/lzh, 7z, Microsoft Cabinet) Aggressive Behavioral, Network, And Memory Analysis Detects Sandbox Evasion Behavior Machine Learning Technology With Deep Learning Scans All Dropped Executable Files Includes Exploit Prevention And Cryptoguard Protection Technology From Endpoint Security In-depth Malicious File Reports And Dashboard File Release Capability Optional Data Center Selection And Flexible User And Group Policy Options On File Type, Exclusions, And Actions On Analysis Supports One-time Download Links Deep Learning Static File Analysis Multiple Machine Learning Models Dynamic Sandboxing Analysis Suspicious Files Subjected To Threat Intelligence Analysis In Parallel With Full Sandbox Analysis Threat Intelligence Analysis All Files Containing Active Code Downloaded Via The Web Or Coming Into The Firewall As Email Attachments Such As Executables And Documents Containing Executable Content (including .exe, .com, And .dll, .doc, .docx, Docm, And .rtf And Pdf) And Archives Containing Any Of The File Types Listed Above (including Zip, Bzip, Gzip, Rar, Tar, Lha/lzh, 7z, Microsoft Cabinet) Are Automatically Sent For Threat Intelligence Analysis Files Are Checked Against Oemlabs’ Massive Threat Intelligence Database And Subjected To Multiple Machine Learning Models To Identify New And Unknown Malware Extensive Reporting Includes A Dashboard Widget For Analyzed Files, A Detailed List Of The Files That Have Been Analyzed And The Analysis Results, And A Detailed Report Outlining The Outcome Of Each Machine Learning Model. Static And Dynamic Files Analysis Central Orchestration *expected Soon Sd-wan Orchestration "sd-wan And Vpn Orchestration With Easy And Automated Wizard-based Creation Of Site-to-site Vpn Tunnels Between Network Locations Using An Optimal Architecture (hub-and-spoke, Full Mesh, Or Some Combination). Supports Ipsec, Ssl Or Red Vpn Tunnels. Integrates Seamlessly With Sd-wan Features For Application Prioritization, Routing Optimization, And Leveraging Multiple Wan Links For Resiliency And Performance." Central Firewall Reporting Advanced 30-days Of Cloud Data Storage For Historical Firewall Reporting With Advanced Features To Save, Schedule And Export Custom Reports. Xdr And Mtr Connector Ready To Integrate With Sophos Extended Threat Detection And Response (xdr) For Crossproduct Threat Hunting And Analysis Support For Sophos 24/7 Managed Threat Response (mtr) Service Reporting Central Firewall Reporting Pre-defined Reports With Flexible Customization Options Reporting For Firewalls (hardware, Software, Virtual, And Cloud) Intuitive User Interface Provides Graphical Representation Of Data Report Dashboard Provides An At-a-glance View Of Events Over The Past 24 Hours Easily Identify Network Activities, Trends, And Potential Attacks Easy Backup Of Logs With Quick Retrieval For Audit Needs Simplified Deployment Without The Need For Technical Expertise Create Custom Reports With Powerful Visualization Tools Syslog Search And View Syslog Data Storage In Sophos Central On-demand Reporting In Sophos Central 7 Day Cloud Storage For Central Firewall Reporting New Cloud Application (casb) Report No Extra Charge Central Firewall Reporting Advanced Multi-firewall Aggregate Reporting Save Custom Report Templates Scheduled Reporting Export Reports In Pdf, Cfv Or Html Format Up To 1 Year Data Storage Per Firewall Xdr/mtr Connector Syslog Search And View Syslog Data Storage In Sophos Central On-demand Reporting In Sophos Central Report Across Multiple Firewalls Save, Export, And Schedule Your Reports Warranty And Support Hardware Warranty & Rma With Advanced Exchange 24x7 Enhanced Plus International Support Via Telephone & Email With Remote Consultation From Stse (up To 4 Hrs) Free Security Updates & Patches Free Software Features Updates & Upgrades Security Subscriptions - Xstream Protection Bundle Xstream Protection Bundle Includes : Base License: Networking, Wireless, Xstream Architecture, Unlimited Remote Access Vpn, Site-to-site Vpn, Reporting Network Protection: Xstream Tls And Dpi Engine, Ips, Atp, Security Heartbeat, Sd-red Vpn, Reporting Web Protection: Xstream Tls And Dpi Engine, Web Security And Control, Application Control, Reporting Zero-day Protection: Machine Learning And Sandboxing File Analysis, Reporting Central Orchestration: Sd-wan Vpn Orchestration, Central Firewall Advanced Reporting (30-days), Mtr/xdr Ready Enhanced Support: 24/7 Support, Feature Updates, Advanced Replacement Hardware Warranty For Term "sophos Central Management And Reporting (included At No Charge)" Sophos Central Management : Group Firewall Management, Backup Management, Firmware Update Scheduling Sophos Central Firewall Reporting: Prepackaged And Custom Report Tools With Seven Days Cloud Storage For No Extra Charge Additional Requirements And Scope Of Work; Scope Of Work: Supply, Delivery, Installation And Configuration Of Firewall With Free One (1) Year Preventive Maintenance. Local Onsite Support 1 Yr. Limited Onsite Technical Support – 8x5 Onsite Assistance With 4 Hrs. Response Time (within Metro Manila Area) During Regular Business Hours (monday To Friday Excluding Holidays, 9am To 6pm). Support Services Includes 8x5 Remote Assistance Via Phone, Email, Chat Application, Fax And Sms From 9:00am – 6:00pm, Mondays To Fridays, Excluding Holidays. 1-year Coverage. Onsite Support Is Within Metro Manila For Outside Metro Manila Fare And Transportation, Food, And If Necessary, Lodging Of Technical Personnel Shall Be For The Account Account Of The Client. Certifications; Supplier Must Have Manufacturer Certified Architect For Firewall Supplier Must Have Manufacturer Certified Engineer For Firewall Supplier Must Have Certification From The Manufacturer As Gold Partner Of The Product Being Offered Supplier Must Have Certification From The Manufacturer As Synchronized Security Partner. With One (1) Year License Dual Processor Architecture Duration: January 1, 2024 - December 31, 2025 Additional Requests From Procuring Entity: [ ] Please Provide Sample Upon Request Of End-user [ ] Please See Full Specifications/attached Sample Design For Reference. [x] Other Conditions To This Request, Please State: For More Info, Please Contact The End-user At 8924-6031 Loc. 226/253 Kindly Address All Proposals To The Chairperson, Bids And Awards Committee Contract Shall Be Awarded To The Bidder Per: [ ] Item Basis [x] Lot Basis _______________________________________________________________ Bidders Must Submit The Following Requirements Upon Submission Of Proposal. Non-submission Of These Requirements Shall Be Grounds For Disqualification From The Bidding Process: 1. Dti/sec Registration Certificate 2. Valid And Current Mayor's Permit 3. Philgeps Certificate Of Registration 4. Bir Certificate Of Registration 5. Sign Omnibus Sworn Statement 6. Income Tax Return (itr) "important Note: -for Goods, Conforme Of The Winning Bidder Must Be Done Within Seven (7) Calendar Days Upon Serving Of The Po. -for Services,conforme Of The Winning Bidder Must Be Done Within Fourteen (14) Calendar Days Upon Serving Of The Jo. -notarization Of The Oss Should Be Complied With After The Award Of The Contract But Before Payment Pursuant To Item 6.3 Of Gppb 09-2020"