Surveillance & Access Control Tenders

CCTV Camera

CCTV Adaptor

CCTV Adaptor

33 Rate Analysis Firewall SITC of Next Gen Firewal cum Unified Threat Management system alongwith following specs ; Preferred Make-Fortinet/Sophos/SonicWall Security Features Integrated Security Appliance which have these features from day 1 - Firewall, VPN, IPS, Web filtering, Botnet Filtering, Gateway AV, Anti Spyware, Application Control and Geo-IP protection. The firewall should also support anti-Spam services integrated as a license in the firewall. The device should be IPv6 ready (Both phase 1 and Phase2), and should support multi-core architecture and not proprietary ASIC based architecture. Appliance should support IPsec NAT traversal, OSPF, RIP V1 and V2 routing protocol and NAT without degrading the performance of the firewall. Should support authentication using XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, Internal user database, terminal Services, Citrix. Should have Layer 2 bridge or transparent mode, Wire mode, Sniffer mode /Tap mode Dual WAN/ISP Support : Should support automatic ISP failover as well as ISP load balancing for outbound traffic Network security appliance should support "Stateful" policy inspection technology. It should also have application intelligence for commonly used TCP/IP protocols like telnet, ftp etc. Should support Dead Peer Detection, DHCP Over VPN, IPsec NAT Traversal, Redundant VPN Gateway, Route-based VPN. Should provide complete protection by performing full decryption and inspection of TLS/SSL and SSH encrypted connections regardless of port or protocol. Should proactively detect and block mass market, zero-day threats and unknown malware by inspecting directly in memory solution should support policy-basedrouting, Application based routing and also Multi Path routing & Route-based VPN. Should have capability to look deep inside every packet (the header and data) searching for protocol non-compliance, threats, zero days, intrusions, and even defined criteria. The firewall should support stream/flow-based inspection only without compromising/missing any security features like AV, Windows File Sharing (CIFS), email filter, web filter, VOIP etc. Should detect and prevent hidden attacks that leverage cryptography, blocks encrypted malware downloads, ceases the spread of infections, and thwarts command and control (C&C) communications and data exfiltration Should allow total control to customize which traffic is subjected to decryption and inspection based on specific organizational compliance and/or legal requirements. Vendor & OEM should support the appliance with all necessary upgrade for at least 3 years from the date of purchase installation along with 3 years security software subscription. Should scan for threats in both inbound and outbound traffic simultaneously to ensure that the network is not used to distribute malware and does not become a launch platform for attacks in case an infected machine is brought inside. Should provide real-time monitoring and visualization provides a graphical representation of applications, users and bandwidth usage for granular insight into traffic across the network. Should support Route-based VPN that allow dynamic routing over VPN links to ensure continuous uptime in the event of a temporary VPN tunnel failure, by seamlessly re-routing traffic between endpoints through alternate routes. The firewall must support cloud & appliance-based Sandbox technology and OEM must have own Advanced Threat Protection & Sandboxing solutions. Should have H.323 gatekeeper and SIP proxy support to block spam calls by requiring that all incoming calls are authorized and authenticated by H.323 gatekeeper or SIP proxy. Should support mobile device authentication such as (biometric authentication) fingerprint recognition that cannot be easily duplicated or shared to securely authenticate the user identity for network access. The proposed solution should be scalable and offer fault tolerance to safeguard against hardware failures. The failover should be capable of taking over the traffic without any manual intervention and session loss. Should support deep packet SSL to decrypt HTTPS traffic for scanning(IPS, Gateway Antivirus, Content Filtering, Application control) transparently for future requirement and then re-encrypt and send to destination if no threat found. Should have TLS/SSL decryption and inspection engine that decrypts and inspects TLS/SSL encrypted traffic on the fly, without proxying, for malware, intrusions and data leakage, and applies application, URL and content control policies in order to protect against threats hidden in encrypted traffic. Should have deep packet inspection of SSH to decrypt and inspect data traversing over SSH tunnel to prevent attacks that leverage SSH. Should have IPv6 and should support filtering and wire mode implementations. Should support REST APIs that allows the firewall to receive and leverage any and all proprietary, original equipment manufacturer and third-party intelligence feeds to combat advanced threats such as zero-day, malicious insider, compromised credentials, ransomware and advanced persistent threats. Should have Bi-directional raw TCP inspection. The appliance should be capable of scanning raw TCP streams on any port bi-directionally preventing attacks that they to sneak by outdated security systems that focus on securing a few well-known ports. Should have extensive protocol support to identify common protocols such as HTTP/S, FTP, SMTP, SMBv1/v2 and others, which do not send data in raw TCP, and decode payloads for malware inspection, even if they do not run on standard, well-known ports. Should have SD-WAN feature to choose lower-cost public Internet services while continuing to achieve a high level of application availability and predictable performance. Vendors not having SD-WAN fetures integrated in their firewall should provide additional device to provide this feature support from day 1. Necessary licenses, if required, need to be provisioned from day 1. Should have secure SD-WAN feature that enables distributed enterprise organizations to build, operate and manage secure, high-performance networks across remote sites for the purpose of sharing data, applications and services using readily-available, low-cost public internet services. Vendors not having SD-WAN features integrated in their firewall should provide additional device to provide this feature support from day 1. Should control applications, or individual application features, that are identified by the security engine against a continuously expanding database of over thousands of application signatures, to increase network security and enhance network productivity. Should control custom applications by creating signatures based on specific parameters or patterns unique to an application in its network communications, in order to gain further control over the network. The firewall should support traffic management option to configure traffic shaping on a per policy basis for specific application/ Specific networks and should be able to define guaranteed bandwidth and maximum bandwidth per policy. Should identify and block command and control traffic originating from bots on the local network to IPs and domains that are identified as propagating malware or are known CnC points. Appliance should protect against DOS&DDOS attacks . Should have anti-evasion technology by using extensive stream normalization, decoding and other techniques ensure that threats do not enter the network undetected by utilizing evasion techniques in Layers 2-7 Should not buffer traffic before scanning for IPS and must support inbound and outbound IPS scanning. It should scan the entire traffic and not few specific kilobytes of the session. Should be integrated solution with appliance-based firewall on a single chassis with multicore processor. The device should be featured with Gateway Antivirus and DPI SSL Scanning. The OEM should have regular update of its attack signature database and the same should be configurable to update the signatures automatically without manual intervention. The new attack signatures and new major software releases should be available in OEM website for free download. Should not buffer traffic before scanning for virus. Should have capacity to scan unlimited file size without buffering them. Should be an unlimited user-based appliance. Firewall must support inbound and outbound Antimalware /Antispyware scanning. Should identify and block command and control traffic originating from bots on the local network to IPs and domains that are identified as propagating malware or are known CnC points. Should enforce acceptable use policies and block access to HTTP/HTTPS websites containing information or images that are objectionable or unproductive with Content Filtering Service and Content Filtering Client. Should block content using the predefined categories or any combination of categories. Filtering can be scheduled by time of day, such as during office or business hours, and applied to individual users or groups. URL database should have at least 15 million sites and 50 + categories. There should be a proposed sandboxing solution which should be cloud based or appliance based and employ sandboxing engine for effective scanning. Should have support for analysis of a broad range of file types, either individually or as a group, including executable programs (PE), DLL, PDFs, MS Office documents, archives, JAR, and APK plus multiple operating systems including Windows, Android, Mac OS X and multi-browser environments. The cloud or appliance Sandbox should have technology that detects and blocks malware that does not exhibit any malicious behavior and hides its weaponry via encryption. Should detect and block mass-market, zero-day threats and unknown malware. The Firewall should have the capability to block/prevent from Side Channel attacks like Meltdown, Spectra, Foreshadow, Foreshadow-NG, Port smash etc. The firewall should have single pass, low latency inspection system that performing stream-based, bi-directional traffic analysis at high speed without proxying or buffering to effectively uncover intrusion attempts and malware downloads while identifying application traffic regardless of port and protocol. Should have ability to prevent potentially malicious files from entering the network. Should have support for files sent to the proposed cloud sandbox for analysis to be held at the gateway until a verdict is determined. Should support Zero-Touch registration & provisioning using mobile App. Should have continuously updated database of tens of millions of threat signatures residing in the sandbox servers and referenced to augment the capabilities of the onboard signature database, providing deep packet inspection with extensive coverage of threats. Should support min 20K DPI signatures, 70 million Cloud AV signatures and 3500+ Application Signatures from day 1. Firewall must have cloud-based sandboxing from day 1 and cloud-based sandboxing must have capability to scans 10Mb of files size at a time. Hardware and Interface Requirements The proposed hardware-based firewall should not consume more than 1RU Rack-mountable space The product should have minimum of 12x1GbE, 3x10G SFP+ interfaces from day 1 Appliances should have dedicated 2 USB 3.0 Port, Console Port & Management port Should have 128 GB or more storage (SSD) . Appliance should support dual power supply Should support REST APIs for management Firewall Performance Requirement Threat prevention throughput of 3 Gbps or higher which should include Firewall, Gateway Anti-Virus, AntiSpyWare, Intrusion Prevention and Application Intelligence and Control, URL/Content Filtering and URL & Reputation service from Advance Threat Prevention/Protection/sandboxing services., Anti Spam The Firewall should have at least 3 Gbps of IPS throughput he Firewall should have VPN throughput at least 2 Gbps The Firewall should support at least 1 million maximum connections and 120 K maximum DPI SSL sessions/connections. Should support at least 2,000 IPsec Site-to-Site VPN tunnels , 1000 no of IPsec Client Remote access VPN and at least 500 SSL VPN users Solution should support IPSEC & SSL VPN and Layer 2 Tunneling protocol (L2TP) over IPSEC Licensing and Certification The devices should not have license restriction on number of users. The license should the following subscriptions from day 1 - Firewall, Gateway Anti-Virus, AntiSpyWare, Intrusion Prevention and Application Intelligence and Control, URL/Content Filtering and Advance Threat Prevention/Protection including advance sandboxing. The Firewall should support regulatory compliance like FCC Class A,CE,UL etc. The OEM should have ICSA Labs Advanced Threat Defense certification testing in 2021 and should have overall detection rate of 99% and above. Logging and reporting Should have reporting facility to generate reports on virus dedicated over different protocols, top sources for viruses, destination for viruses, top viruses etc. Firewall shall support onprem or cloud management and reporting solution. Should have options to generate reports in different formats The solution should have configurable options to schedule the report generation. Warranty, Installation, Testing and Commissioning Proposed Solution should support 24x7 telephone, email and web-based technical support.OEM should have TAC and R&D center in INDIA. Manufacturer’s warranty should be mentioned minimum 03 (three) years warranty including all services like GAV, IPS, Antispyware or antimalware, CFS, Application control, BoT protection , Advance Threat Protection, Patch& Firmware upgrade, Cloud based management. Bidder must carry out on site installation, testing and commissioning. 1.000 Nos. ₹ 574,900.00 ₹ 574,900.00

Supply and Inst of face readers for Biometric

Real Time biometric Machine