B0046 – NEXT GENERATION FIREWALL SOLUTION -- QUESTIONS/ANSWERS -- February 11, 2016 1 2 3 The RFP states that “Hands on and/or web based demonstrations of Solution components is encouraged.” Does the college wish to see these before the proposals are submitted or to arrange the demonstrations when it narrows down the solution options? We are scheduling demonstrations on March 1st and March 2nd at 9 am, 11 am, and 2 pm Will the college provide any switching needed to connect the firewalls for redundancy? This will depend on the solution connectivity requirements. With asking for a failover firewall solution with multiple ISPs, does the college have the ability to get multiple hand offs from each ISP? One hand-off per ISP 4 What are the total number of users at each location? Harriman 2000 Oak Ridge 2000 Cumberland 400 Fentress 50 Morgan 50 Campbell 100 Knox 100 Loudon 50 Clinton 50 Harriman TV Station 10 Note that not all users are present at any one given time. 5 In addition to total users, will there be guest traffic as well (i.e. large scale events, games, etc. which will account for large spikes in traffic traversing the firewall)? Generally traffic generated by guests during events takes place after normal business hours and does not result in traffic spikes than observed during normal business hours. 6 Number of web applications/servers at each location (i.e. OWA, SharePoint, etc.) Assume 20 in Harriman and none at the other locations. We do not host from any location other than Harriman. 7 What is the projected growth over the 5yr term, both in regards to user population as well as ISP throughput? User population probably not more than 5%. ISP throughput expectations provided in RFP. 8 Is the proposed solution also handling traffic on any resident networks? No 9 Technical requirement c.12 – is there an exchange server which this will also be acting as a full spam filter (including items such as quarantine digest reports, user portal, email encryption/DLP, etc.)? If the solution can take the place of an existing SPAM firewall, then suggest it. The solution does not necessarily have to provide these services but it would be wonderful if it added protection to the existing protections. 10 In regards to attachment 6.6 Cost Proposal, is it the college’s intent to commit to a 5yr term while paying annually for subscriptions or will a full 5yr subscription be paid up-front? That is for the vendor to propose and the college to evaluate. 11 How many optics/GBICs and types are required for each site if needed (1GB or 10GB or copper, Single mode or Multi mode, etc) Don’t presently see the need for 10GB. All connections, at present, will be copper, and we don’t foresee in the near future to go beyond 1GB unless 1GB Internet bandwidth becomes real cheap, real soon. At that point we would want our ingress/egress ports to far exceed the throughput capacity of the connections. We will address additional throughput on interfaces as the need arises. The units at our largest campuses should support that possible expansion. 12 What type of support (8x5 or 24x7)? That’s for you to propose. Choose one or the other or both. TCO will be important. I will say this, over the years I have found that maintenance costs far exceed their actual worth. It is a necessary evil to pay but we have NEVER gotten out of it what we pay into it. I will also say that 24x7 support speaking with someone who is basically ESL is almost as bad as not having any support at all. When you spend more energy interpreting what is said than understanding the technical aspects of what is said, it is a sad day. 13 On the training portion, are you just asking for just knowledge transfer or formal training credits and certification classes for Roane State employees? That’s for you to decide. I think it is pretty clear in the RFP that you are to propose training and specify how it is to be delivered. The more formalized the better. The lower cost the better. Show and tell tends to be less organized and frankly doesn’t leave lasting impressions. Ask yourself, what sort of training do engineers get to become certified to support your solutions. 14 Also, I assume there is a typo in the following table where “Mpps” should be “Gbps”. (page 29)? The header on the column is packets per second not bits per second. Are the values somehow in error with respect to that unit of measure? Since the MTU of IP packets is normally 1500 bytes (jumbo frames not withstanding), does that make these numbers unrealistic? Table 2. Location Roane (Harriman) Roane (downtown Harriman) Anderson (Oak Ridge) Anderson (Clinton) Cumberland Fentress Throughput (Packets Second) 50 Mpps 2 Mpps 50 Mpps 4 Mpps 20 Mpps 4 Mpps Per SSL Decryption Throughput 2.5 Gbps 15 Mbps 2.5 Gbps 150 Mbps 500 Mbps 150 Mbps IPSEC VPN Throughput 50 Gbps 1 Gbps 50 Gbps 1 Gbps 10 Gbps 1 Gbps New Sessions per Second 300,000 3,500 300,000 70,000 250,000 70,000 15 On the Table 2 of Attachment 6.4, there is a column titled “Throughput (Packets per Second).” Is there a way to clarify if this is in reference to Packets per Second or Gbits per second? The column title is correct. 16 Secondly, in order to scope for future growth, in Table 1, there is a listing of Present Capacity on Internet pipe. Is that capacity being fully used and is there any growth anticipated? Not to come off as glib but please read the text provided with the tables. It should be pretty much self-explanatory.