Ombudsman Building, Agham Road, North Triangle, Diliman, Quezon City

Republic of the Philippines

OFFICE OF THE OMBUDSMAN

Ombudsman Building, Agham Road, North Triangle, Diliman, Quezon City

Telefax # 929-37-59

SUPPLEMENTAL BID BULLETIN NO. 1

RE: PUBLIC BIDDING FOR FIREWALL/ UNIFIED THREAT MANAGEMENT APPLIANCES FOR THE OFFICE OF THE OMBUDSMAN (ISSP SUB-PROJECT)

FEBRUARY 11, 2013

AMENDMENTS TO THE BIDDING DOCUMENTS

As discussed during the Pre-Bid Conference held on February 4, 2013, the Bids and Awards Committee hereby issues the following amendments:

1.  Please note the amendments/additions in OMBUDSMAN BID FORM NO. 1 (Technical Proposals) and Section VII. Technical Specifications which are underscored and highlighted as follows:

TECHNICAL SPECIFICATIONS / BE MODIFIED TO:
One (1) set Upgrading of Firewall/ UTM Appliance for Ombudsman Agham, Quezon City site
Throughput and Connections / 1.  Intrusion Prevention System –
2.1 Gbps (or higher) / Intrusion Prevention Service –
3.1 Gbps (or higher)
2.  UTM – 1.3 Gbps (or higher) / UTM – 1.8 Gbps (or higher)
3.  Concurrent Sessions (bi-directional) / Concurrent connections (bi-directional)
VPN Tunnels and Authentication / 4.  Mobile VPN IPSec / Mobile VPN IPSec (incl/max)
5.  Mobile VPN SSL / Mobile VPN SSL/L2TP
6. SSL – At least supports Thin client, Web exchange / SSL – At least supports Thin client
7. Single sign-on – At least supports Transparent Active Directory / Single sign-on – At least supports Transparent Active Directory Authentication
8. XAUTH – At least supports RADIUS, LDAP, Windows Active Directory / XAUTH – At least supports RADIUS, LDAP, Secure LDAP, Windows Active Directory
9. VLAN support / VLAN support (bridging, tagging, routed mode)
Networking Features / 10. IPSec Tranversal / IPSec Traversal
11. IP Address Assignment – At least supports static, DynDNS, PPPoE, DHCP / IP Address Assignment – At least supports static, DynDNS, PPPoE, DHCP (server, client, relay)
12. High Availability – At least supports active/ passive, active/active, load balancing / High Availability – At least supports active/ passive, active/active with load balancing
13. Dynamic Routing – At least supports BGP, OSPF, RIPv1, RIPv2 / Dynamic Routing – At least supports BGP4, OSPF, RIPv1, RIPv2
14. Management – CLI, Web UI (Windows, Linux), System Manager (native to appliance) / Management – CLI, Web UI (Windows, Linux, MAC), System Manager (native to appliance)
15. With option for model upgrade / Other Features – With option for model upgrade
Two (2) sets Upgrading of Firewall/ UTM Appliance for Ombudsman Cebu and Davao sites
Throughput and Connections / 16.  Intrusion Prevention System –
1.8 Gbps (or higher) / Intrusion Prevention Service –
2.4  Gbps (or higher)
17.  UTM – 1.1 Gbps (or higher) / UTM – 1.4 Gbps (or higher)
18.  Concurrent Sessions (bi-directional) / Concurrent connections (bi-directional)
VPN Tunnels and Authentication / 19. Mobile VPN IPSec – 300/300 (or higher) / Mobile VPN IPSec - 300 (or higher)
20. Mobile VPN SSL / Mobile VPN SSL/L2TP
21. SSL – At least supports Thin client, Web exchange / SSL – At least supports Thin client
22. Single sign-on – At least supports Transparent Active Directory Auth / Single sign-on – At least supports Transparent Active Directory Authentication
23. VLAN support / VLAN support (bridging, tagging, routed mode)
Networking Features / 24. IPSec Tranversal / IPSec Traversal
25. IP Address Assignment – At least supports static, DynDNS, PPPoE, DHCP / IP Address Assignment – At least supports static, DynDNS, PPPoE, DHCP (server, client, relay)
26. High Availability – At least supports active/ passive, active/active, load balancing / High Availability – At least supports active/ passive, active/active with load balancing
27. Dynamic Routing – At least supports BGP, OSPF, RIPv1, RIPv2 / Dynamic Routing – At least supports BGP4, OSPF, RIPv1, RIPv2
28. User Authentication – At least supports transparent Active Directory (single sign on), XAUTH for Radius, LDAP Secure, Windows AD, RSA secureID, VASCO, webbased and local, MS Terminal Service, Citrix / User Authentication – At least supports transparent Active Directory (single sign on), XAUTH for Radius, LDAP, Windows AD, RSA secureID, VASCO, webbased and local
29. Management – CLI, Web UI (Windows, Linux), System Manager (native to appliance) / Management – CLI, Web UI (Windows, Linux, MAC), System Manager (native to appliance)
One (1) set Bandwidth Management Appliance and System for Ombudsman Agham, Quezon City site
Capacity / 30. Number of connections – At least 2,000,000 / Number of connections/ flows – At least 2,000,000/ 4,000,000
Throughput / 31. At least 2 Gbps (1 Gbps, full duplex) / 45 Mbps (QoS) or higher, with option up to 2 Gbps (1 Gbps, full duplex)
Configuration / 32. With support of IP configuration and setup via integrated LCD and keypad / “Note: This feature was omitted”
Other Requirements (for all item units) / 33. Should have interruptible power supply (UPS) unit(s) capable of providing at least 10 minutes backup for all equipment. With ISO 9001 Manufacturer’s Certification for at least 10 years. With AVR function, overload protection, alarm, among others. With three years on-site warranty on parts and labor / Should have uninterruptible power supply (UPS) unit(s) capable of providing at least 10 minutes backup for all equipment. With ISO 9001 Manufacturer’s Certification for at least 10 years. With AVR function, overload protection, alarm, among others. With three years on-site warranty on parts and labor

2.  Bidders who already purchased the bidding documents are reminded to use the attached (Amended Ombudsman Bid Form No. 1 (Technical Proposals), in lieu of the bid form previously issued.

For further inquiries, you may coordinate with the Bids and Awards Committee Secretariat at Tel. No. 929-35-59.

Please be guided accordingly.

EVELYN A. BALITON

Assistant Ombudsman, PACPO

Chairperson, Bids and Awards Committee

Attachments: Amended Ombudsman Bid Form No. 1 (Technical Proposals)

AMENDED OMBUDSMAN BID FORM NO. 1 – TECHNICAL PROPOSAL

HON. EVELYN A. BALITON

Chairman, Bids and Awards Committee

Office of the Ombudsman

Agham Road, North Triangle

Diliman, Quezon City

M a d a m :

Herewith is our TECHNICAL PROPOSAL for your office requirement:

(INSTRUCTION TO BIDDER: Check the “Comply” box if bidder complies with the Ombudsman Specification. A Technical Proposal containing unchecked “Comply” boxes would be automatically rated as “FAILED.”)

QTY./ UNIT / TECHNICAL SPECIFICATIONS / BIDDERS SPECIFICATIONS
1 LOT / FIREWALL/ UNIFIED THREAT MANAGEMENT APPLIANCES FOR THE OFFICE OF THE OMBUDSMAN (ISSP SUB-PROJECT) / Comply
One (1) set Upgrading of Firewall/UTM Appliance for Ombudsman, Agham, Quezon City site with the following specifications: / Comply
Manufacturer’s Certification / At least with ISO 9001, ICSA Firewall / Comply
Throughput and Connections
Firewall / 4.5 Gbps (or higher) / Comply
VPN / 1 Gbps (or higher) / Comply
Gateway Antivirus / 2 Gbps (or higher) / Comply
Intrusion Prevention Service / 3.1 Gbps (or higher) / Comply
UTM / 1.8 Gbps (or higher) / Comply
Concurrent Connections (bi-directional) / 500,000 (or higher) / Comply
10/100/1000 Mbps interface / At least 10 ports copper-based / Comply
I/O port / At least 1 serial, 2 USB / Comply
VPN Tunnels and Authentication
Branch Office VPN / 1,000 (or higher) / Comply
Mobile VPN IPSec (incl/max) / 600/2000 (or higher) / Comply
Mobile VPN SSL/L2TP / 1,000 (or higher) / Comply
Encryption / At least supports DES, 3DES, AES 128-, 192-, 256-bit / Comply
IPSec / At least supports SHA-1, MD5, IKE pre-shared Key, 3rd party cert import / Comply
SSL / At least supports Thin client / Comply
PPTP / At least supports Server & Passthrough / Comply
VPN Failover / Feature present / Comply
Single sign-on / At least supports Transparent Active Directory Authentication / Comply
XAUTH / At least supports RADIUS, LDAP, Secure LDAP, Windows Active Directory / Comply
VLAN support (bridging, tagging, routed mode) / 500 (or higher) / Comply
Networking Features
IPV4 and IPV6 / Supported / Comply
NAT / At least supports static, dynamic, 1:1 / Comply
IPSec Traversal / Feature present / Comply
Policy-based PAT / Feature present / Comply
Traffic Shaping and QoS / Feature present / Comply
Port Independence / Feature present / Comply
IP Address Assignment / At least supports static, DynDNS, PPPoE, DHCP (server, client, relay) / Comply
VPN Failover / Feature present / Comply
WAN Failover / Feature present / Comply
Transparent/ Drop-in Mode / Feature present / Comply
High Availability / At least supports active/passive, active/active with load balancing / Comply
Dynamic Routing / At least supports BGP4, OSPF, RIPv1, RIPv2 / Comply
Policy-based Routing / Feature present / Comply
Multi-WAN Failover / Feature present / Comply
Virtual IP for Server Load Balancing / Feature present / Comply
Security Features
Firewall / At least stateful packet inspection, deep packet inspection, proxy firewall / Comply
Application Proxies / At least supports HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3 / Comply
Threat Protection / At least blocks spywares, DoS attacks, fragmented packets, malformed packets, blended threats / Comply
VoIP / At least supports H.323, SIP, call setup and session security / Comply
User Authentication / At least supports transparent Active Directory (single sign on), XAUTH for Radius, LDAP Secure, Windows AD, RSA secureID, VASCO, webbased and local, MS Terminal Service, Citrix / Comply
Management / CLI, Web UI (Windows, Linux, MAC), System Manager (native to appliance) / Comply
Logging and Reporting / At least with multi-appliance log aggregation; HTML and PDF report; SQL log database; encrypted TCP-based log channel; SNMP v2 and v3; server health status reporting / Comply
Other Features / At least with (i) the same security features with existing firewall/ UTM appliance; (ii) application control; (iii) cloud-based web reputation service for real-time protection; (iv) URL and content filtering; (v) real-time spam e-mail blocking; (vi) gateway antivirus; (vii) intrusion prevention service / Comply
Hardware Feature / Rack-mountable 1U (at least) with kit / Comply
100-240VAC / Comply
Warranty / At least three (3) years for hardware, labor and software (including security/support subscriptions) / Comply
Scope of Works / Includes hardware delivery, installation, configuration and enhancement of existing network security policies and secure VPN and VoIP connectivity among OMB Agham, QC, OMB Cebu and OMB Davao sites / Comply
Other Features / With option for model upgrade / Comply
Two (2) sets Upgrading of Firewall/UTM Appliance for Ombudsman Cebu and Davao sites with the following specifications: / Comply
Manufacturer’s Certification / At least with ISO 9001, ICSA Firewall / Comply
Throughput and Connections
Firewall / 3 Gbps (or higher) / Comply
VPN / 550 Mbps (or higher) / Comply
Gateway Antivirus / 1.8 Gbps (or higher) / Comply
Intrusion Prevention Service / 2.4 Gbps (or higher) / Comply
UTM / 1.4  Gbps (or higher) / Comply
Concurrent Connections (bi-directional) / 100,000 (or higher) / Comply
10/100 Mbps interface / At least 1 port copper-based / Comply
10/100/1000 Mbps interface / At least 6 ports copper-based / Comply
I/O port / At least 1 serial, 2 USB / Comply
VPN Tunnels and Authentication
Branch Office VPN / 200 (or higher) / Comply
Mobile VPN IPSec / 300 (or higher) / Comply
Mobile VPN SSL/L2TP / 300 (or higher) / Comply
Encryption / At least supports DES, 3DES, AES 128-, 192-, 256-bit / Comply
IPSec / At least supports SHA-1, MD5, IKE pre-shared Key, 3rd party cert import / Comply
SSL / At least supports Thin client / Comply
PPTP / At least supports Server & Passthrough / Comply
VPN Failover / Feature present / Comply
Single sign-on / At least supports Transparent Active Directory Authentication / Comply
XAUTH / At least supports RADIUS, LDAP, Windows Active Directory / Comply
VLAN support (bridging, tagging, routed mode) / 300 (or higher) / Comply
Networking Features
IPV4 and IPV6 / Supported / Comply
NAT / At least supports static, dynamic, 1:1 / Comply
IPSec Traversal / Feature present / Comply
Policy-based PAT / Feature present / Comply
Traffic Shaping and QoS / Feature present / Comply
Port Independence / Feature present / Comply
IP Address Assignment / At least supports static, DynDNS, PPPoE, DHCP (server, client, relay) / Comply
VPN Failover / Feature present / Comply
WAN Failover / Feature present / Comply
Transparent/ Drop-in Mode / Feature present / Comply
High Availability / At least supports active/passive, active/active with load balancing / Comply
Dynamic Routing / At least supports BGP4, OSPF, RIPv1, RIPv2 / Comply
Policy-based Routing / Feature present / Comply
Multi-WAN Failover / Feature present / Comply
Virtual IP for Server Load Balancing / Feature present / Comply
Security Features
Firewall / At least stateful packet inspection, deep packet inspection, proxy firewall / Comply
Application Proxies / At least supports HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3 / Comply
Threat Protection / At least blocks spywares, DoS attacks, fragmented packets, malformed packets, blended threats / Comply
VoIP / At least supports H.323, SIP, call setup and session security / Comply
User Authentication / At least supports transparent Active Directory (single sign on), XAUTH for Radius, LDAP, Windows AD, RSA secureID, VASCO, webbased and local / Comply
Management / CLI, Web UI (Windows, Linux, MAC), System Manager (native to appliance) / Comply
Logging and Reporting / At least with multi-appliance log aggregation; HTML and PDF report; SQL log database; encrypted TCP-based log channel; SNMP v2 and v3; server health status reporting / Comply
Other Features / At least with (i) the same security features with existing firewall/ UTM appliance; (ii) application control; (iii) cloud-based web reputation service for real-time protection; (iv) URL and content filtering; (v) real-time spam e-mail blocking; (vi) gateway antivirus; (vii) intrusion prevention service / Comply
Hardware Feature / Rack-mountable 1U (at least) with kit / Comply
100-240VAC / Comply
Warranty / At least three (3) years for hardware, labor and software (including security/support subscriptions) / Comply
Scope of Works / Includes hardware delivery, installation, configuration and enhancement of existing network security policies and secure VPN and VoIP connectivity among OMB Agham, QC, OMB Cebu and OMB Davao sites. / Comply
Other Features / With option for model upgrade / Comply
One (1) set Bandwidth Management Appliance and System for Ombudsman Agham, Quezon City site / Comply
Manufacturer’s Certification / At least with ISO 9001 / Comply
Purely designed for traffic-shaping functionality (allocation and policy definition) / Feature present / Comply
Capacity
Number of connections/flows / At least 2,000,000 /4,000,000 / Comply
Throughput / 45 Mbps (QoS) or higher, with option up to 2 Gbps (1 Gbps, full duplex) / Comply
No. of subscribers / At least 160,000 / Comply
Interfaces and Connections
Management / At least 1 port 10/100 Mbps copper-based / Comply
Network Interfaces (Internal/ External) / At least 8 ports 10/100/1000 Mbps copper-based / Comply
Console / Serial and copper-based / Comply
Features
Monitoring / At least supports real-time monitoring (can show at least top 50 users, servers protocols, etc.); long-term monitoring / Comply
QoS Policy Management / At least easy to manage; with back-up and restore functionality / Comply
QoS Enforcement / At least with hierarchy of policy rules with inbound/outbound traffic management; ten levels of priorities for protocols or applications; maximum number of connections per protocol/ application/ IP/ subnet/ MAC Add/ host; per flow queuing and bandwidth partitions / Comply
Traffic Classification / At least supports IP/MAC address; network/ IP protocols and applications (up to layer 7 classification); application content for HTTP, VLAN ID/priority / Comply
Network Security / At least supports access control; protection against DoS attacks; secure management with SSH encryption / Comply
Central Management System / Feature present / Comply
Alert / With at least intelligent alerting and event notification system via email or SNMP / Comply
Fail-safe Features / Feature present / Comply
Remote policy configuration via CLI or Web browser / Feature supported / Comply
Hardware Feature / Rack-mountable 1U (at least) with kit / Comply
100-240VAC / Comply
Warranty / At least three (3) years for hardware, labor and software (including support, bandwidth control [at least 45Mbps] and reporting subscriptions) / Comply
Scope of Works / Includes hardware delivery, installation, configuration and enhancement of existing network security policies and secure VPN and VoIP connectivity among OMB Agham, QC, OMB Cebu and OMB Davao sites (complementary to firewall/UTM appliance) / Comply
Other Requirements (for all item units):
·  Should have uninterruptible power supply (UPS) unit(s) capable of providing at least 10 minutes backup time for all equipment. With ISO 9001 Manufacturer’s Certification for at least 10 years. With AVR function, overload protection, alarm, among others. With three years on-site warranty on parts and labor. / Comply
·  Knowledge transfer on operation, troubleshooting and maintenance (on all newly acquired hardware and system) / Comply
·  Classroom-type training with manual and certificate (inclusive of administrative cost – e.g. food, among others) / Comply
·  Provision of supplies, accessories, interface and equipment necessary for integration / Comply
·  Provision of service unit (1:1) of equivalent or higher specs until defective unit is considered repaired / Comply
·  Provision of complete documentation (e.g. migration implementation, operations manual, user’s manual, configuration, setup, system layout/diagram, troubleshooting guide, FAQ) / Comply
·  Signing of non-disclosure agreement (NDA) by everyone (non-OMB employee) involved in the project / Comply
·  Delivery, deployment and completion of the project within 60 calendar days from issuance of Notice-to-Proceed (NTP) / Comply

Very truly yours,