شروط الممارسات


الشروط الخاصة والمواصفات الفنية وجدول الكميات للممارسة رقم (ب ز – م 23/2018)

الشروط الخاصة والمواصفات الفنية وجدول الكميات للممارسة رقم (ب ز – م 23/2018)

مشروع شراء جهاز الحماية للشبكة الداخلية والخادمات

 

 

 


 

الشروط الخاصة

 

  1. بما أن بيت الزكاة حاصل على الشهادات التالية ISO 9001 و ISO 27001 فتشترط تلك الشهادات أن يكون الطرف الثاني مكافئ له ولديه نفس الشهادات.

     

  2. يجب أن تكون الأجهزة والبرامج والأنظمة الموردة من إنتاج منتجين دوليين معروفين وحائزين على شهادة ISO9001 وشهادة ISO27001 الصادرة من منظمة المقاييس والجودة العالمية.

     

     

  3. يجب أن تكون كافة البرامج التي تورد مع الأجهزة أصلية ومرخص بها من جانب الشركة المنتجة للبرامج.

     

  4. يجب أن يقدم المشارك كتالوجات والكتيبات والمعلومات الفنية عن الأجهزة أو المعدات المطلوبة من بلد المنشأ وبها المواصفات الفنية كاملة على أن تكون جميع العروض المقدمة معدة ومنسقة بشكل جيد ومرتبة حسب ترتيب الأجهزة الموجودة بكراسة المواصفات الفنية, و تسليم نسخة أصلية ونسخة على قرص ضوئي مضغوط CD-ROM.

     

     

  5. يشترط في الممارس المشارك أن يكون وكيل معتمد من الشركة المصنعة ويشترط أن تكون الوكالة ذهبية (Gold Partnership) وذلك لتوفر الخبرات الفنية اللازمة لإنجاز المشروع الحالي حسب المواصفات العالمية والدولية اللازمة له.

     

  6. يشترط في الممارس المشارك أن يكون حاصل على شهادة اعتماد من الشركة المصنعة لكل بند من بنود الممارسة على حدة ( Certified from the Vendor ).

     

     

  7. الممارسة غير قابلة للتجزئة.

     

  8. مدة الممارسة 3 سنوات تشمل التراخيص والصيانة وجميع التحديثات الرئيسية والثانوية للمنتجات التي تم شرائها لبيت الزكاة.

     

     

  9. يلتزم المورد بان تكون الأجهزة والمعدات الموردة متوافر فيها المواصفات الفنية المرفقة في ملف ( المواصفات الفنية وجداول الكميات) .

     

  10. تقوم الشركة الفائزة بتوفير الأجهزة والمعدات المذكورة في جدول الكميات والشروط الفنية لبيت الزكاة

     

     

  11. على الممارس المتعاقد معه أن يضمن تبديل ما يجب تبديله بالمجان لأي عيب قد يظهر في الأجهزة الموردة وملحقاتها المطلوب صيانتها واصلاحها خلال 36 شهرا , وسنه للبرامج وذلك بعد فحصها واستلامها من قبل لجنة الفحص ببيت الزكاة إذا كان العيب ناشئا عن اخطاء أو عيب في التصميم أو نتيجة اغفال أو اهمال مهما كان نوعه في مواصفات وشروط تركيبها .يجب على الممارس الفائز الانتهاء من الأعمال المذكورة في الممارسة بمدة لا تزيد عن ( 30 ) يوما من تاريخ ارسال كتاب اخطار بمباشرة العمل للممارس الفائز من قبل بيت الزكاة .

     

  12. إذا وجدت المواد غير مطابقة للشروط المتفق عليها والمواصفات المطلوبة رفض قبولها وعلى المتعهد أن يستردها فورا، فإذا تأخر في ذلك حق لبيت الزكاة إيداعها احد الأماكن المعدة لذلك على حساب المورد وإذا لم يقم بسحب المواد المرفوضة خلال أسبوع من إخطاره لا يكون بيت الزكاة مسئولا عما يصيبها من فقد أو نقص أو تلف وله حق التصرف فيها دون أدنى مسئولية على بيت الزكاة .

     

     

  13. إذا تم رفض بعض أو كل المواد الموردة كان لبيت الزكاة الخيار في كل أو بعض مما يلي:
  • أ‌-أن يلزم المورد بتوريد مواد مطابقة لمواصفات المواد المتعاقد عليها بدلا من المواد المرفوضة على أن يكون توريدها خلال مدة التوريد المتفق عليها.

    ب-أن يطبق غرامة التأخير المنصوص عليها في شروط هذه الممارسة إذا ما تجاوز توريد مواد مطابقة للمواصفات بدلا من المواد المرفوضة مدة التوريد المتفق عليها.

    ج-أن يشتري تلك المواد المرفوضة على حساب المورد وأن تقوم على حسابه بصيانة أجهزة الحاسب الآلي وملحقاتها إذا ما عجز عن توريد مواد مطابقة للمواد المتفق عليها وذلك بالطريقة التي يراها مع الرجوع عليه بما يترتب على ذلك من زيادة في الثمن فضلا عن تحمل المورد لغرامات التأخير ولنسبة (15%) كمصاريف إدارية من قيمة المواد المرفوضة وأية تعويضات أخرى إذا كان لها مقتضى وذلك بغير حاجة لتنبيه أو إنذار أو اتخاذ أية إجراءات قضائية.

     

  1. يتعين على الشركة إذا تأخرت عن إعادة الجهاز وملحقاته في الموعد المحدد بتوفير جهاز بديل عن الجهاز الذي نقل لإصلاحه في الورشة لحين إعادة الجهاز الأصلي لبيت الزكاة.

     

  2. يجب أن يكون لدى الممارس مهندسين وفنيين متخصصون ومعتمدون لتركيب وصيانة وإصلاح الأجهزة التي يعرضها الممارس.

     

  3. يتعين على الفني المختص الحضور فورا عند تقديم بلاغ بحدوث أعطال في أي من الأجهزة وملحقاتها وتتحمل الشركة غرامة مالية قدرها (0.05%) من قيمة العقد بعد مرور ساعتين (2) على وقت التبليغ عن حدوث الأعطال.

     

  4. غرامة التأخير: إذا تأخر المورد في توريد كل الكميات المطلوبة خلال المدة المتفق عليها كان لبيت الزكاة الحق أن يوقع عليه غرامة تأخير قدرها نصف في المائة عن كل يوم تأخير من قيمة المواد المتأخر توريدها بما لا يتجاوز 20% من قيمة العقد وتستحق هذه الغرامة بمجرد التأخير دون الحاجة إلى إنذار أو تنبيه وكذلك دون الحاجة لإثبات الضرر الذي يعتبر محققا في كل الحالات.
  5. لا يعتبر المشارك الفائز قد أتم التنفيذ ما لم يقم بتركيب الأجهزة وتوصيلها واختبارها للعمل بنجاح، والحصول على الموافقة الكتابية بنجاح كافة الأعمال من بيت الزكاة ، وذلك بنفس الأسعار المذكورة في عطاء المشارك ودون أي تكاليف إضافية.
  6. على المشارك الفائز أن يوضح في عطائه فترة ونوعية الضمان , وتكاليف الصيانة السنوية أو رسوم تجديد الترخيص لكل الأجهزة اوالبرامج بعد انتهاء فترة الضمان.

     

  7. بعد الانتهاء من تقديم عروض الأسعار يمكن لبيت الزكاة دعوة كل أو بعض المشاركين ليقوموا بتقديم عرض لمركز نظم المعلومات يشرح فيه العرض المقدم وطريقة أدائه ومميزاته .
  8. تكون كفالة (ضمان) الأجهزة الموردة من قبل الممارس صادرة من المصنع الأصلي للأجهزة والمواد ، وتكون مدة الكفالة ثلاث سنوات شاملة للأجهزة والبرامج وكذلك أي تحديث جزئي او كلي ( Minor or Major Upgrade ) يصدر من المصنع الأصلي يلتزم الممارس الفائز بتركيبه على الأجهزة الخاصة بالممارسة في بيت الزكاة دون تكاليف اضافية على بيت الزكاة.
  9. إرفاق مرجع يبين أعمال ومشاريع سابقة وعملاء للشركة في دولة الكويت.

     

  10. إرفاق مرجع يبين أعمال داخل الكويت تم توريد نفس المواد والأجهزة التي تقدم بعرضه بها إلى بيت الزكاة في هذه الممارسة.

 

 

 

 

 

 

 

 

الشروط الفنية

The Technical Specification

 

  1. Introduction

     

    ZAKATHOUSE intends to take the advantage of the enterprise security firewall technology evolution so the vendor must be in the leaders’ quadrant in Gartner’s enterprise security firewall report to raise the security of Data Center and Perimeter of Zakat House.

     

    The proposed solution shall offer the following services: 

     

    • Install and configure the provided equipment and software as detailed in this document for high availability Data Center and Perimeter firewall.
    • Integration with our current setup from firewalls and security devices
    • Install and configure the provided equipment and software as detailed in this document.
    • Warranty for all the supplied hardware devices for a period of 3 years,
    • Major and minor upgrade for a period of 3 years for all Drivers and software.
    • Support and operate the deployed firewalls for the period of 3 years.
    • Partner must submit approval from the vendor for the high-level design of the solution.
    • Training for Zakat House Team that handling the project (4 Persons) for (5 days) including original material..etc
    • The supplier shall be responsible for all design activities, drawings, parts and materials, labor, and all other associated apparatus necessary to completely install and test the complete installation at the Site as per attached specification for acceptance of the ZAKATHOUSE.

       

  2. Bidder Qualifications

     

    The following highlight the required qualifications for the bidding ZAKATHOUSE.

    Bidders, who do not meet these requirements shall be disqualified. (Supportive documents shall be submitted).

    ZAKATHOUSE requires the bidder to be a specialized Information and Communication Technology who have proven track record in implementing that kind of firewalls and has Proven Track Record in Operations and Maintenance.

    ZAKATHOUSE accepts proposals only from specialized ICT companies who attained the certifications from leading manufacturers.

     

    Failure to comply with the below shall result in Bidder Proposal Disqualification

     

     

    2.1 Bidder Qualifications:

     

    The bidder must have the following qualifications:

    • The bidder must be ISO 9001, 27001 certified
    • The Bidder must be a partner for the proposed solution.
    • The Bidder must be a gold partner forthe technologies in This project
    • The Bidder must have 3 references for implementing similar projects for enterprise entity like Zakat House.
    • The Bidder must have at least 3 certified resources on the technologies in This project (3 certified resources on Palo Alto Networks Accredited Configuration Expert (ACE) and 3 Certified Fortinet).
    • The Bidder must have 24 x 7 support facilities equipped with a helpdesk application to open support tickets and track it online.
    • The bidder must submit an authorization letter from the vendor.

       

      2.2 Bidder Staff Qualifications:

       Bidding ZAKATHOUSE has to present its credentials in terms of staff qualifications in the firewalls (All the proposed staff shall be under its direct sponsorship of the bidding company).

      Bidder has to submit CVs, certificates and civil IDs for these staff with the tender submission. All proposed staff shall be under Bidder sponsorship during tender submission and shall had employment with the Bidder before the date of submission.

  3. Design Overview and Assumption:

 

Zakat House is always looking to use the latest sharp-edge technology in the IT industry, therefore, Zakat House is looking to implement Data Center and perimeter firewalls to take the advantage of all benefits of the latest technologies in this area.

 The proposed solution must comply with Zakat House current environment technologies and current firewalls.

4. Technical Requirement

 

  1. Required High availability Perimeter NGFW Specifications: Qty:(2)
    1. Scaling Requirements
      1. The Tenderer shall propose 2 Next Generation Firewalls (proposed firewalls) with a capability of supporting at least five (5) gigabit per second of application firewall throughput measured with App-ID and User-ID features enabled utilizing 64K HTTP transactions and two point two (2.2) gigabit per second for threat prevention and modern malware protection, Threat prevention throughput measured with App-ID, User-ID, IPS, AntiVirus,Anti-Spyware,file blocking,anti-botnet,DLP,DNS-proxy and sandboxing features enabled utilizing 64K HTTP transactions using real-world enterprise traffic mix on average packet size of 440bytes.
      2. The proposed firewalls shall support at least 1,000,000 concurrent sessions and at least 58,000 new sessions per second.
      3. The proposed firewalls shall support at least two gigabit per second per second threat prevention throughput and at least two gigabit per second threat prevention Uniform Resource Locator (URL) filtering throughput simultaneously.
      4. The proposed firewalls shall deliver 2.5 Gbps IPSEC VPN throughput
      5. The proposed firewalls shall support at least 1,000 SSL tunnel and 4,000 IPSEC site-to-site tunnels
      6. The proposed firewalls shall be able to protect a minimum of 60 security zone segments, and have at least TWENTY (20) network ports.
      7. The proposed firewalls shall come with four (4) SFP interfaces and four (4) SFP+ interfaces.
      8. The proposed firewalls shall come with Twelve (12) 10/100/1000 interfaces.
      9. The proposed firewalls shall store reports and logs on SSD HDD with minimum of 240GB (excluding the storage of the operating system) of storage and

         

  2. Required High availability Data Center Firewall Specifications: Qty:(2)

     

  1. Functional Requirements
  1. Simplify policy management. Restore visibility and control with easy-to-use graphical tools and a policy editor that ties applications, users, and content together in a unified manner.
  2. NGFW must have separate management (control) plane and data plane to avoid any disruption to traffic processing while managing the box or generating logs reports
  3. NGFW should have on-box reporting and logging facility. The solution should not consider external reporting/log analyzer engine
  4. The NGFW platform should be optimized for layer 7 application level content processing
  5. The NGFW platform shall handle traffic in a single pass stream-based manner with all security features turned on
  6. The NGFW platform should be optimized for layer 7 application level content processing and have special FPGA chips to handle signature matching and processing in a single pass parallel processing architecture
  7. Unlimited Concurrent User License
  8. Application Detection, and application match should be done as the main policy match criteria not with an add on profile
  9. Possibility to support internally developed applications with app-id customized manually by the customer
  10. The NGFW platform shall support dual IPv4 and IPv6 stacks application control and threat inspection support in tap mode, transparent mode L1, layer 2 and layer 3
  11. The NGFW platform shall support Domain Name System (DNS) proxy and Dynamic Host Configuration Protocol for IPv6 (DHCPv6) relay
  12. The NGFW platform shall support multiple virtual routers to run different set of routing protocols (Interfaces can be binded to different virtual routers)
  13. IPS, Antivirus and Anti-Spyware scanning with single stream scanning with 6M+ signature applied at the same time
  14. Anti-Virus should not reduce the IPS inspection throughput and should be able to give full threat prevention capabilities with single pass parallel processing architecture
  15. Anti-Spyware should not reduce the IPS inspection throughput and should be able to give full threat prevention capabilities with single pass parallel processing architecture
  16. Advanced malware protection to prevent unknown modern targeted attacks and APTs
  17. Support IPSec VPN, and dynamic site-to-site VPN support with LSVPN.
  18. High Availability, Active / Active with Asymmetrical Routing support and Active/Passive
  19. NGFW should have the capability to be virtualized. Each virtual system should support with full security features and interface combinations (L2, L3, Tap, and Virtual Vire (L1) interface configurations at the same virtual system). Multi deployment modes in a single virtual system
  20. QoS (marking and/or traffic shaping) for 8 classes at the same time
  21. SSL Decryption for all application traffic, and ability to block any unknown encryption standard
  22. SSH Decryption for all application traffic, and ability to block any unknown encrypted standard
  23. Identify users, not just IP addresses. Leverage information stored in Active Directory for visibility, policy creation, reporting, and forensic investigation.
  24. Inspect content in real-time. Protect the network against attacks and malware embedded in application traffic at low-latency, high throughput speeds., all signatures over 6 Million plus applied at the same time
  25. The proposed firewalls shall come with two dedicated high availability ports with one out-of-band management ports
  26. The proposed firewalls must allow policy rule creation for application identification, user identification, threat prevention, Uniform Resource Locator (URL) filtering, traffic management Quality of Service (QoS) per policy and scheduling in a single unified rule and not in multiple data-entry locations in the management console.
  27. The firewall policy engine should take decision based on different matching parameters not based on layer4 parameters. It should be based on applications, URL categories, device state/posture, IP addresses, security zones, username/group(s)
  28. The proposed firewalls shall have the hardened Operating System (OS) and built as a firewall appliance (i.e. not on generic server hardware) and shall handle traffic in a single pass stream-based manner with all features turned on.
  29. Policy-based control by application and/or application category (non-port based) - as a policy matching criteria
  30. The proposed firewalls shall be administered locally on the appliance without additional management or logging software.
  31. The proposed firewall shall have modern malware protection that identifies unknown malicious files by directly and automatically executing them in a virtual cloud-based environment to expose malicious behavior even if the malware has never been seen in the wild before without the need for additional hardware.
  32. The proposed firewalls must have ICSA Labs certification or similar.
  33. The Proposed Solution should be an integrated platform with NGFW, Sandboxing/APT and Advance Endpoint Protection. Working with a feedback loop between the three in order to have automated response to security incidents.
  34. The proposed solution should be able decrypt ssh/ssl protocols and extend Advance Malware Protection to all file types over HTTP, HTTPS, FTP, SMPT and others.
  35. The proposed solution should be single-pass next generation solution technology and not to be UTM based technology. I.e. the performance should not degrade when different security functions are enabled.
  36. The proposed solution should not lose more than 50% of performance whence all threat prevention features are enabled (IPS, Anti-Malware, File Inspection, etc) and it should be stream based Next Generation Security Solution.
  37. The proposed solution must be an enterprise – grade product, recognized as leader by Gartner in enterprise firewall category, for at least 5 years in a row.
  38. The Proposed solution should have parallel processing architecture and protect against Exploits, Viruses, Spyware, CC#, SSN in a single pass.
  39. The solution should identify at least 2200+ applications and categorize the applications into five categories (business-systems, collaboration, general-internet, media, networking)
  40. The proposed NGFW platform must support the following techniques to protect against Credential Theft Attacks:
  41. Identify the phishing websites that used for credential theft.
  42. Configure security profile to detect corporate credential submissions to websites that are allowed by the corporate.
  43. Configure Multi-Factor Authentication (MFA) to ensure that each user responds to multiple authentication challenges of different types (factors) when accessing highly sensitive services and applications.
  1. High Availability ( HA )
  1. The proposed firewalls overall solution shall be available in High Availability Configuration
  2. The proposed firewalls solution shall support active/active and active/passive HA configuration
  3. The proposed firewall solution shall be capable of detecting link and path failure in addition to device failure
  4. The proposed firewall solution shall be capable of supporting encryption of HA heartbeat and control traffic
  5. The proposed firewalls shall synchronize all sessions, decryption certificates, all VPN security associations, all threat and application signatures, all configuration changes and Forwarding

     

  1. The Firewall must be appliance based and should facilitate multi-application environment.
  2. The platform must use a security-hardened, purpose-built operating system
  3. The platform should use hardware acceleration (ie ASIC) to optimize the packet, encryption/decryption and application level content processing.
  4. Licensing: should be per device license for unlimited users for Firewall / VPN (IPSec & SSL) and other features. There should not have any user/IP/host based licenses – Please specify if the product does not follow the required licensing policy.
  5. Support for Virtualization (ie Virtual Systems / Virtual Domains), should support by default10 virtual systems and up to 500 virtual Firewall
  6. Should support USB interfaces for config backup/restore, upgrading images and for connecting 3G Modems as fall-back.
  7. Should support more than one ISP with automatic ISP failover as well as ISP load sharing for outbound traffic.
  8. Should have support for Explicit Proxy (especially for the purpose of having session based policies for Citrix/Terminal Server users).
  9. The platform must be capable of supporting a minimum of 48 x 10GE SFP+/GE SFP Network Interfaces. These should be Hardware Accelerated interfaces. It should have interfaces accommodating Physical zones.
  10. The platform should support the standards based Multi-Link aggregation technology (IEEE 802.3ad) to achieve higher bandwidth.
  11. The platform should support VLAN tagging (IEEE 802.1q) with about 4096 VLANs supported (in NAT/Route mode).
  12. Performance Requirements:
    1. The Firewall must support at least 50,000,000 concurrent connections.
    2. The Firewall must support at least 400,000 new sessions per second processing.
    3. The Firewall should support throughputs of minimum 50 Gbps for 1518byte packet , 512 byte packet and 64 byte packet.
    4. The Firewall should support a minimum of 50 Gbps of IPSec VPN Throughput and should be hardware accelerated.
    5. The Firewall should support a minimum of 44 Gbps of IPS throughput (HTTP) & minimum 25Gbps for enterprise traffic mix.
    6. The device should also include and support Threat Protection Throughput (FW + IPS + Application Control + Antimalware) of minimum 15 Gbps.
  13. Network/Routing Requirements:
    1. Static routing must be supported.
    2. Policy based Routing must be supported
    3. Dynamic Routing (RIP, OSPF,BGP & IS-IS) must be supported for IPv4
    4. Should support RIPng, OSPFv3 and BGP4+
    5. Multicast Routing must be supported
    6. hould support netFlow or sFlow
  14. High Availability Requirements:
    1. The device must support Active-Active as well as Active-Passive redundancy.
    2. The Firewall must support stateful failover for both Firewall and VPN sessions.
    3. The HA Architecture should have the ability for Device Failure Detection and Notification as well as Link Status Monitor.
    4. Should support VRRP and Link Failure Control
  15. DataCenter Optimization:
    1. Should support Server Load Balancing with features like HTTP persistence
    2. Should support TCP Multiplexing
    3. Should support HTTPS Offloading with flexible Digital Certificate Management
    4. Should have support for WCCP protocol
  16. Administration/ Management Requirements:
    1. he device must support Web UI (HTTP/HTTPS) and CLI (Telnet / SSH) based Management
    2. Should have configurable option to define remote access to the Firewall on any interface and restrict the same to a specific IP/Subnet (ie Trusted Hosts for Management).
    3. There must be a means of connecting directly to the firewall through a console connection (RJ45 or DB9)
    4. The device should have SNMPv2c and SNMPv3 support (for sending alerts to NMS in case of threats and system failures).
    5. Provision to generate automatic notification of events via mails / syslog.
    6. Provision to send alerts to multiple email recipients
    7. Support for role based administration of firewall.
    8. Should support simultaneous login of Multiple Administrators.
    9. Should have provision to customize the dashboard (eg: by selecting suitable Widgets).
    10. The Firewall must provide a means for exporting the firewall rules set and configuration to a text file via Web or TFTP
    11. Support for Image upgrade via FTP, TFTP and WebUI
    12. Should support system software rollback to the previous version after upgrade
  17. Network IPS:
    1. Should have integrated Network Intrusion Prevention System (NIPS) and should be ICSA Labs certified and NSS Lab NGIPS & DCIPS recommended.
    2. Should have a built-in Signature and Anomaly based IPS engine on the same unit
    3. Should have protection for 10,000+ signatures
    4. Able to prevent Denial of Service and Distributed Denial of Service attacks.
    5. Should be able to exclude certain hosts from scanning of particular signatures
    6. Supports CVE-cross referencing of threats where applicable.
    7. Should provide the facility to configure Profile based sensors (Client/Server) for ease of deployment
    8. Should support granular tuning with option to configure Overrides for individual signatures.
    9. Supports automatic Attack database updates directly over the internet. (ie no dependency on any intermediate device)
    10. Supports attack recognition inside IPv6 encapsulated packets.
    11. Supports user-defined signatures (ie Custom Signatures) with Regular Expressions.
    12. Supports several prevention techniques including Drop-Packet, TCP-Reset (Client, Server & both) etc. List all prevention options
    13. Should offer a variety of built-in responses including dashboard alerts, syslog / email notifications, SNMP traps and Packet Capture log. List all response options, excluding prevention responses
    14. Should Identify and control over 3900+ applications (i.e. Application control feature)
  18. Certifications:
    1. OS should be “IPv6 Phase II Ready” certified
    2. Leader in Gartner Enterprise Firewall magic quadrant 2017
    3. Recommended in NSS Lab Data Center Gateway , NGIPS & DCIPS

       

  19. Services & Support:
    1. The solution should have valid subscription services for Threat Prevention (IPS/App Control & AntiMalware)for 3 years.
    2. 3 years HW & SW warranty including 24x7 Vendor Support

       

       

       

       

       

  • 5Service Level Agreement

                      

    ZAKATHOUSE requires maintenance support for the ZAKATHOUSE new procured hardware and software that are mentioned in BoQ. Contractor shall provide complete hardware & software maintenance support services for 3 years after the project hand over, as per the Vendor support service level agreement. The agreement shall include services as account management, premier support feature, hardware & software preventive maintenance with OS / patches upgrade, reporting etc.

     

    Service Levels

    All services shall be available on a continuous basis.

     

    Service level table

     

    Priority

    Response

    Fix time from answering call

    Severity 1

    30 Min

    80% in 2 hours 100% in 4 hours

    Severity 2

    1 Hour

    80% in 4 hours 100% in 8 hours

    Hardware

    maintenance

    In case the problem persists and the contractor could not solve the problem within the fix time limit, a replacement has to be given to ZAKATHOUSE within 2 working days.

    Reporting

    The Contractor shall provide monthly and quarterly reports detailing actual performance against targets with full explanation of corrective actions. The reports shall be available within 7 working days of the end of the previous calendar month

     

     

     

    Terms & Conditions:

  • 9Delivery and Testing

     

    The project is considered to be finished within 3 months. The implementation of the project will cover all the required products mentioned in BOQ specification.

     

     

     

  • 10BOQ:
  1. The contractor shall provide maintenance support for ZAKATHOUSE new procured hardware & software. Remedial maintenance shall be recorded as work orders. In case the contractor finds out that any equipment is beyond economical repair, contractor should inform ZAKATHOUSE representative who can decide to replace the item.

     

  2. In the event of the contractor determining that it is necessary to move the hardware or part of the hardware, the contractor shall provide a replacement while the corporation’s hardware is being serviced. The defective item is to be returned to ZAKATHOUSE after repair within (2) days. Cost can be calculated after evaluating the defected items.

     

  3. The contractor shall produce summary reports of all activities, and information on the service they provide, on a monthly and quarterly basis to ZAKATHOUSE. The format and detail of the reports shall be proposed by the contractor and approved by the corporation.

     

  4. The monthly service reports shall be made available to ZAKATHOUSE within seven working days from the end of each reporting period.

     

     

  5. Contractor shall carry out regular monthly preventive checks as may be required to keep the equipment in good operating condition, in accordance with the specific needs of the individual item of Equipment. Preventive Maintenance will include lubrication, if applicable, adjustments, modifications, repairs or replacement of unserviceable parts. Contractor shall submit a Preventive Maintenance Program and follow it closely upon approval by the corporation.

     

  6. Contractor shall carry out regular check for any updates for OS / patches and if applicable, shall update the required system with updated OS / patch (with the latest new minor or major releases of the software i.e. with the latest OS / firmware release).

     

     

    • 6Warranty
  • Warranty and maintenance information is required for each element described in this document.
  • Detailed information of how warranty and maintenance will be carried out by participant is required. Participants are required to indicate cost of post-warranty maintenance.
  • The warranty of the delivered items should be with minimum THREE YEARS for the all hardware and software components after the project hand over.

     

     

     

     

     

    • 7Training and Documentation

       

      Training Program

       

  • Bidder must provide details of training plan to 4 engineers from Zakathouse on official training.
  • The training should be conducted in authorized training center inside Kuwait or on premises.
  • Original Training Material from the manufacture should be provided in the training.
  • Bidders must clearly mention the name of each course, location of the course, training center name.

     

     

    • 8Documentation

       

      The proposed Blade solution products should be delivered with all necessary technical documentation.

       

      The bidders must supply the following documentation:-

       

      • Operations manuals
      • Technical reference
      • Low Level Design (LLD) document for the complete project

        No

        Part

        Description

        Qty

        Perimeter NGFW - High Availability (3Years) – Palo Alto

        1

        PAN-PA-3220

        Palo Alto Networks PA-3220 with redundant AC power supplies

        2

        2

        PAN-PWR-CORD-UK

        Power cord for United Kingdom (all platforms except PA-7050)

        4

        3

        PAN-PA-3220-TP-3YR-HA2

        Threat prevention subscription 3 year prepaid for device in an HA pair, PA-3220

        2

        4

        PAN-PA-3220-WF-3YR-HA2-R

        WildFire subscription 3 year prepaid renewal for device in an HA pair, PA-3220

        2

        5

        PAN-PA-3220-URL2-3YR-R

        BrightCloud URL filtering subscription 3-year prepaid renewal, PA-3220

        2

        6

        PAN-SVC-BKLN-3220-3YR-R

        Partner enabled premium support 3-year prepaid renewal, PA-3220

        2

        7

        PAN-QSFP-AOC-10M

        QSFP+ active optical cable, 10m length

        2

        8

        PAN-SFP-PLUS-SR

        SFP+ SR 10GigE transceiver

        8

        Training

        9

        5 Days Training with original material for the Palo Alto Networks Firewall 8.1 Essentials: Configuration and Management ( EDU-210 )

        4

        Data Center Firewall - High Availability (3Years) - FotiNet

        10

        FG-3200D

        48 x 10GE SFP+ slots, 2 x GE RJ45 Management, SPU NP6 and CP8 hardware accelerated, 960GB SSD onboard storage, and dual AC power supplies

        2

        11

        FC-10-03200-928-02-36

        Threat Protection (24x7 FortiCare plus Application Control, IPS, AV) - 3 Years

        2

        12

        FG-TRAN-SFP+SR

        10GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots

        24

        13

        FT-ONSITE

        Onsite Trainig for 5 days for FortiGate Infrastructure & Security NSE4

        4

         

         

         

         

         

No

Part

Description

Qty

Perimeter NGFW - High Availability (3Years) – Palo Alto

1

PAN-PA-3220

Palo Alto Networks PA-3220 with redundant AC power supplies

2

2

PAN-PWR-CORD-UK

Power cord for United Kingdom (all platforms except PA-7050)

4

3

PAN-PA-3220-TP-3YR-HA2

Threat prevention subscription 3 year prepaid for device in an HA pair, PA-3220

2

4

PAN-PA-3220-WF-3YR-HA2-R

WildFire subscription 3 year prepaid renewal for device in an HA pair, PA-3220

2

5

PAN-PA-3220-URL2-3YR-R

BrightCloud URL filtering subscription 3-year prepaid renewal, PA-3220

2

6

PAN-SVC-BKLN-3220-3YR-R

Partner enabled premium support 3-year prepaid renewal, PA-3220

2

7

PAN-QSFP-AOC-10M

QSFP+ active optical cable, 10m length

2

8

PAN-SFP-PLUS-SR

SFP+ SR 10GigE transceiver

8

Training

9

5 Days Training with original material for the Palo Alto Networks Firewall 8.1 Essentials: Configuration and Management ( EDU-210 )

4

Data Center Firewall - High Availability (3Years) - FotiNet

10

FG-3200D

48 x 10GE SFP+ slots, 2 x GE RJ45 Management, SPU NP6 and CP8 hardware accelerated, 960GB SSD onboard storage, and dual AC power supplies

2

11

FC-10-03200-928-02-36

Threat Protection (24x7 FortiCare plus Application Control, IPS, AV) - 3 Years

2

12

FG-TRAN-SFP+SR

10GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots

24

13

FT-ONSITE

Onsite Trainig for 5 days for FortiGate Infrastructure & Security NSE4

4

 

 

جدول الكميات

Bill Of Quantities

 

 

Please feel free to reach out for any additional information you may require

No

Part

Description

Qty

Perimeter NGFW - High Availability (3Years) – Palo Alto

1

PAN-PA-3220

Palo Alto Networks PA-3220 with redundant AC power supplies

2

2

PAN-PWR-CORD-UK

Power cord for United Kingdom (all platforms except PA-7050)

4

3

PAN-PA-3220-TP-3YR-HA2

Threat prevention subscription 3 year prepaid for device in an HA pair, PA-3220

2

4

PAN-PA-3220-WF-3YR-HA2-R

WildFire subscription 3 year prepaid renewal for device in an HA pair, PA-3220

2

5

PAN-PA-3220-URL2-3YR-R

BrightCloud URL filtering subscription 3-year prepaid renewal, PA-3220

2

6

PAN-SVC-BKLN-3220-3YR-R

Partner enabled premium support 3-year prepaid renewal, PA-3220

2

7

PAN-QSFP-AOC-10M

QSFP+ active optical cable, 10m length

2

8

PAN-SFP-PLUS-SR

SFP+ SR 10GigE transceiver

8

Training

9

5 Days Training with original material for the Palo Alto Networks Firewall 8.1 Essentials: Configuration and Management ( EDU-210 )

4

Data Center Firewall - High Availability (3Years) - FotiNet

10

FG-3200D

48 x 10GE SFP+ slots, 2 x GE RJ45 Management, SPU NP6 and CP8 hardware accelerated, 960GB SSD onboard storage, and dual AC power supplies

2

11

FC-10-03200-928-02-36

Threat Protection (24x7 FortiCare plus Application Control, IPS, AV) - 3 Years

2

12

FG-TRAN-SFP+SR

10GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots

24

13

FT-ONSITE

Onsite Trainig for 5 days for FortiGate Infrastructure & Security NSE4

4

Total Pricing