B0046 – NEXT GENERATION FIREWALL SOLUTION -- QUESTIONS/ANSWERS -- February 11, 2016
1
2
3
The RFP states that “Hands on and/or web based demonstrations of Solution components is
encouraged.” Does the college wish to see these before the proposals are submitted or to
arrange the demonstrations when it narrows down the solution options?
We are scheduling demonstrations on March 1st and March 2nd at 9 am, 11 am, and 2 pm
Will the college provide any switching needed to connect the firewalls for redundancy?
This will depend on the solution connectivity requirements.
With asking for a failover firewall solution with multiple ISPs, does the college have the ability to
get multiple hand offs from each ISP?
One hand-off per ISP
4
What are the total number of users at each location?
Harriman
2000
Oak Ridge
2000
Cumberland
400
Fentress
50
Morgan
50
Campbell
100
Knox
100
Loudon
50
Clinton
50
Harriman TV Station 10
Note that not all users are present at any one given time.
5
In addition to total users, will there be guest traffic as well (i.e. large scale events, games, etc.
which will account for large spikes in traffic traversing the firewall)?
Generally traffic generated by guests during events takes place after normal business hours and
does not result in traffic spikes than observed during normal business hours.
6
Number of web applications/servers at each location (i.e. OWA, SharePoint, etc.)
Assume 20 in Harriman and none at the other locations. We do not host from any location other
than Harriman.
7
What is the projected growth over the 5yr term, both in regards to user population as well as ISP
throughput?
User population probably not more than 5%. ISP throughput expectations provided in RFP.
8
Is the proposed solution also handling traffic on any resident networks?
No
9
Technical requirement c.12 – is there an exchange server which this will also be acting as a full
spam filter (including items such as quarantine digest reports, user portal, email encryption/DLP,
etc.)?
If the solution can take the place of an existing SPAM firewall, then suggest it. The solution does
not necessarily have to provide these services but it would be wonderful if it added protection
to the existing protections.
10 In regards to attachment 6.6 Cost Proposal, is it the college’s intent to commit to a 5yr term
while paying annually for subscriptions or will a full 5yr subscription be paid up-front?
That is for the vendor to propose and the college to evaluate.
11 How many optics/GBICs and types are required for each site if needed (1GB or 10GB or copper,
Single mode or Multi mode, etc)
Don’t presently see the need for 10GB. All connections, at present, will be copper, and we don’t
foresee in the near future to go beyond 1GB unless 1GB Internet bandwidth becomes real
cheap, real soon. At that point we would want our ingress/egress ports to far exceed the
throughput capacity of the connections. We will address additional throughput on interfaces as
the need arises. The units at our largest campuses should support that possible expansion.
12 What type of support (8x5 or 24x7)?
That’s for you to propose. Choose one or the other or both. TCO will be important. I will say this,
over the years I have found that maintenance costs far exceed their actual worth. It is a
necessary evil to pay but we have NEVER gotten out of it what we pay into it. I will also say that
24x7 support speaking with someone who is basically ESL is almost as bad as not having any
support at all. When you spend more energy interpreting what is said than understanding the
technical aspects of what is said, it is a sad day.
13 On the training portion, are you just asking for just knowledge transfer or formal training credits and
certification classes for Roane State employees?
That’s for you to decide. I think it is pretty clear in the RFP that you are to propose training and
specify how it is to be delivered. The more formalized the better. The lower cost the better. Show
and tell tends to be less organized and frankly doesn’t leave lasting impressions. Ask yourself, what
sort of training do engineers get to become certified to support your solutions.
14 Also, I assume there is a typo in the following table where “Mpps” should be “Gbps”. (page 29)?
The header on the column is packets per second not bits per second. Are the values somehow in
error with respect to that unit of measure? Since the MTU of IP packets is normally 1500 bytes
(jumbo frames not withstanding), does that make these numbers unrealistic?
Table 2.
Location
Roane (Harriman)
Roane (downtown Harriman)
Anderson (Oak Ridge)
Anderson (Clinton)
Cumberland
Fentress
Throughput
(Packets
Second)
50 Mpps
2 Mpps
50 Mpps
4 Mpps
20 Mpps
4 Mpps
Per
SSL Decryption
Throughput
2.5 Gbps
15 Mbps
2.5 Gbps
150 Mbps
500 Mbps
150 Mbps
IPSEC VPN
Throughput
50 Gbps
1 Gbps
50 Gbps
1 Gbps
10 Gbps
1 Gbps
New
Sessions
per Second
300,000
3,500
300,000
70,000
250,000
70,000
15 On the Table 2 of Attachment 6.4, there is a column titled “Throughput (Packets per
Second).” Is there a way to clarify if this is in reference to Packets per Second or Gbits per
second?
The column title is correct.
16 Secondly, in order to scope for future growth, in Table 1, there is a listing of Present Capacity on
Internet pipe. Is that capacity being fully used and is there any growth anticipated?
Not to come off as glib but please read the text provided with the tables. It should be pretty
much self-explanatory.