Firewall and Unified Threat Management (UTM) End to End Service - - PowerPoint PPT Presentation

firewall and unified threat
SMART_READER_LITE
LIVE PREVIEW

Firewall and Unified Threat Management (UTM) End to End Service - - PowerPoint PPT Presentation

Mar 03, 2023 1.01k likes •1.18k views

Firewall and Unified Threat Management (UTM) End to End Service Stats SA for a period of 36 months BRIEFING SESSION STATS SA ICT Table of contents Purpose of the Bid Scope of work of the Bid Network diagram explained As it is and to be

slide-1
SLIDE 1

Firewall and Unified Threat Management (UTM) End to End Service Stats SA for a period of 36 months

BRIEFING SESSION

STATS SA ICT

slide-2
SLIDE 2

Purpose of the Bid Scope of work of the Bid Network diagram explained – As it is and to be diagram Summary of Technical requirement Proof of concept

Table of contents

slide-3
SLIDE 3

The purpose of this RFB is to invite Suppliers (hereinafter referred to as “bidders”) to submit bid for ”Provision of a Firewall and Unified Threat Management (UTM) End to End Service to Statistics South Africa (Stats SA) for a period of 36 months”.

Purpose of the Bid

slide-4
SLIDE 4

To provide the Next Generation Firewall (NGFW) and Unified Threat Management (UTM) End to End Service. Thus:

  • This means the provider of an application program software and

system will supply all the software as well as hardware requirements of the customer such that no other vendor is involved to meet the needs.

  • E2ES includes installation, integration, and setup.
  • This will however be hosted on Stats SA sites and SITA Centurion

although the equipment will not belong to Stats SA.

Scope of Work of the Bid

slide-5
SLIDE 5

The Bidders are to Provide the NGFW & UTMs End to End service that has the following Residual throughput, RAM, CPU when all the firewall features as depicted in the following table are enabled.

Scope of Work of the Bid

Office area QTY AV AC ATP/AM P/TP Webfilte r IPS DPI SSL Insp ecti

  • n

Residual throuput, RAM, CPU

Edge/H O 2 X X X X X X X

>1.5Gbps,<70%

  • f RAM,<80% of

CPU usage

POs 9 X X X X X X X

>10 Mbps,<70%

  • f RAM,<70% of

CPU usage

DR 1 X X X X X X X

>100 Mbps,<70% of RAM,<70% of CPU usage

APN 1 X X X X X X X

>100 Mbps,<70% of RAM,<70% of CPU usage

slide-6
SLIDE 6

Egde (SITA), HO and Provincial Offices

  • Install and configure the NGFW solution during weekdays, over the

weekends, during holidays or after hours.

  • Configure high availability setup
  • Setup, intergrate centralised management and reporting console.
  • Deploy own tools of trade for real time monitoring and analysis of

the firewall logs and these will send logs to the organisational SIEM.

  • Supplier must configure the firewall zones (different network areas)

e.g. Demilitarized zone (DMZ).

  • Setup and configure all Firewall policies and rules.
  • Certify NGFW solution implementation by the OEM

Scope of Work of the Bid

slide-7
SLIDE 7

Network Diagram – As is.

slide-8
SLIDE 8

Network Diagram – To be.

slide-9
SLIDE 9

NGFW HA Pair (SITA & Head Office) NGFW HA Pair (HO) NGFW UTM (PO) NGFW (DR SITE)

Summary of Technical Requirements

Requirements Performance Firewall throughput

>5 Gbps up to 16 Gbps

Throughput rate with all features enabled >1.5 Gbps

VPN (IPSec) throughput

> 1 Gbps VPN Tunnels >1500 SSL VPN throughput 1Gbps Max SSL sessions 100000 Concurrent Connections >1 mil New TCP connections >25000 HTTP (s) Inspection >1 Gbps Requirements Performance Firewall throughput

> 4 Mbps up to 250 Mbps

Throughput rate with all features enabled up to 125 Mbps Max SSL sessions 10 000 Concurrent Connections 100 k New TCP connections 10 000 HTTP (s) Inspection 10 Mbps Requirements Performance Firewall throughput

> 4 Mbps up to 250 Mbps

Throughput rate with all features enabled >100 Mbps Max SSL sessions 10 000 Concurrent Connections 100 k New TCP connections 10 000 HTTP (s) Inspection 10 Mbps

slide-10
SLIDE 10

APN Virtual FW

Summary of Technical Requirements

Requirements Performance Firewall throughput

> 4 Mbps up to 250 Mbps

Throughput rate with all features enabled >100 Mbps Max SSL sessions 10 000 Concurrent Connections 100 k New TCP connections 10 000 HTTP (s) Inspection 10 Mbps

slide-11
SLIDE 11

The Bidder must have the proposed physical Firewall device available in

  • rder to participate in the POC.

The Proof of concept will be conducted using IXIA Breaking Point Test – end to end solution It should be noted that the maximum throughput capacity of the IXIA Breaking point is 40 Gbps. The Proof Of concept will simulate both good and bad traffic to validate and

  • ptimize Firewall under the most realistic conditions. It will simulate real-world

legitimate traffic, DDOS, exploits, malware, fuzzing e.t.c. All types of traffic will be tested. All of the Proof of Concept (POC) requirements must be demonstrated in full.

Proof of Concept

slide-12
SLIDE 12

THANK YOU

slide-13
SLIDE 13

QUESTIONS??