NOTICE OF PROCUREMENT PLAN FOR EXTERNAL FIREWALL REPLACEMENT

Nghi Son Refinery & Petrochemical Limited Liability Company (NSRP) is planning for procurement of a package for “External Firewall replacement”


NOTICE OF PROCUREMENT PLAN

FOR External Firewall Replacement

       Date: Mar 13th, 2018

Subject: EXTERNAL FIREWALL REPLACEMENT

Ref. No.: 019/2018/NSRP-FIN-PS

Nghi Son Refinery & Petrochemical Limited Liability Company (NSRP) is planning for procurement of a package for “External Firewall replacement” in order to select a suitable contractor for provision of the Goods & Services for NSRP. The tentative date of commencement of the Goods and services will be in early April 2018.

NSRP plans to start the above mentioned procurement process very soon. If your company is interested in this procurement package, please respond to all questions in the questionnaire attached in Attachment 2 and send to the following address by 5.00 PM (Hanoi time) 27th March 2018.

Attention           : Ms. Nguyen Thi Hai Yen - Procurement Section

Email address   : yen.nth@nsrp.com.vn;

Cc                    : hoan.hk@nsrp.com.vn

Please put External Firewall replacement in the subject of your cover email.

Should you have any question, please contact us at yen.nth@nsrp.com.vn and copying hoan.hk@nsrp.com.vn for further information.

For the avoidance of doubt, this notice does not constitute any contractual offer, binding promise or guarantee of business by NSRP. Neither shall your satisfaction of all the minimum requirements mentioned above nor your response to this notice creates any promise or guarantee by NSRP that you will be invited to participate in the above mentioned procurement process.

1. Please provide the following information of your company.

Name:

Address:

Tax Code:

Contact person:

Contact details:

2. Brief description of your company's qualifications and experience in providing services

3. Questionnaire:

Please answer the questions below:

Part 1. Survey questionnaire

QUESTION 1: Do you have a clear intention in supplying External Firewall replacement with detailed as attached file?

1.  Yes

2.  No

QUESTION 2: Do you have business licenses or permits or certificates by Manufacturer for providing such goods and service?

1.  Yes

2.  No

If yes, please provide the proved relevant documents.

QUESTION 3: Have your organization got experience in providing such goods and services, equal or more than five (05) years?

1.  Yes

2.  No

If yes, please provide the proved relevant similar contracts

 

SUMMARY SCOPE OF WORK

There are two S3020F Tipping Point Firewalls in NSRP network system. These firewalls operate as external firewalls, which filter traffic between NSRP network and outside internet. The external firewalls also filters traffic between users and some services in DMZ partition.

The External Firewalls face to internet so there are so many potential security risks with these devices.  Therefore, the external firewalls need to have enough security features to protect NSRP network system. However in reality, the current external firewall has some disadvantages which don’t correspond to security requirements. Besides, the external firewalls are end of sale causing of no replacement if firewall broken. In order to improve security and stability of network system, NSRP would like to replace two current external firewalls by 02 new devices with higher performance.

THE SPECIFICATION REQUIREMENT OF NEW FIREWALLS

-     The new firewalls divide network system to separate partitions (zones) based on security level. Based upon the security classification of network zone, the relevant and required security controls will be implemented.

-    The DMZ, VPN and Trust zone will be deployed on external firewalls with IPS/IDS function, which provides security and intelligent monitoring by inspecting traffic coming in and out the Internet.

-    New firewalls support application control, URL filtering, content filtering, antivirus, antispam to provide further security to protect the business network from virus/bad websites and applications.

-      New firewalls support block anti-bonet to protect NSRP network from DDOS attack and data theft.

-    New firewalls prevent some common attacks like: Reconnaissance attack (Port scan, IP sweeping, OS reconnaissance), Spoofing attack (IP Spoofing, ARP spoofing), DOS (TCP/UDP Flood, ICMP Flood, session table flood, Ping of Death).

-    New Firewalls can be configured for high availability (Active-Active, Active-Standby) to prevent service interruptions and minimize network downtime. Configuration will be synchronized automatically.

-     New Firewalls have to support full routing capacity as router device: Static routing, Dynamic routing (RIP, OSPF, BGP) and multicast routing, Quality of Service.

-      New firewalls support IPsec VPN, Static NAT, Dynamic NAT ( Source NAT, Destination NAT).

       Detail of specification requirement as below:

PERFORMANCE

NEW FIREWALLS REQUIREMENT

Layer 3 Firewall Throughput

>=10Gbps

Layer 7 throughput

>=5Gbps

Threat Prevention throughput

>= 2Gbps

Connection per second

>=50,000

Maximum concurrent sessions

>=500,000

Layer 3 to Layer 7 Firewall

Support

Application Control

Support

Threat Prevention ( IPS, Antivirus, Anti-Spam, Anti Spyware)

Support

Web Filtering, Content Filtering

Support

Prevent Common attacks, DOS attacks, DDOS attacks

Support

Prevent Ransomware

Support

Application QoS

Support

VPN (IPsec, SSL…)

Support

Advance Routing (Static, RIP, OSPF, BGP, Route-Map, Policy-Based Routing, Access-List, VRRP…)

Support

HA ( Active-Active, Active-Standby)

Support

Switching ( Vlans, 802.1q)

Support

IPv6

Support

Dedicated Hardware for security functions

Support

Log correlation Build-in

Support

Report Engine Build-in (can  customize)

Support

Based on above requirements and evaluation of firewall, service providers are required to propose two solutions as below:

Option 1: Using two Palo Alto 3050 firewalls to replace for current external firewalls

Option 2: Using two Juniper SRX 1500 Firewalls to replace for current external firewalls.