HIGH COURT OF MADHYA PRADESH : JABALPUR

NOTICE INVITING TENDER

e-Tenders are invited by the High Court of Madhya Pradesh for the
“Supply, Installation, Commissioning, Maintenance of Firewall, WAF with
Server Load Balancer and Network Monitoring System for the High
Court of Madhya Pradesh”. The last date of online tender submission is
14th October, 2024 before 06:00 P.M. (mandatory). The sealed tender
complete in all respect addressed to “Registrar General, High Court of
Madhya Pradesh, Jabalpur” must be submitted before 05:00 P.M. on
15th October, 2024 (mandatory). The technical bids of the tender shall
be opened online on 16th October, 2024 at 11:00 A.M. The detailed
tender document is available in the official website of the High Court of
Madhya Pradesh www.mphc.gov.in and Government e-procurement
portal www.mptenders.gov.in.

Sd/-
REGISTRAR GENERAL
 HIGH COURT OF MADHYA PRADESH : JABALPUR

//TENDER//

No. Reg(IT)(SA)/2024/1263 Dated:22.08.2024

Bid Document for

Supply, Installation, Commissioning, Maintenance of Firewall,

WAF with Server Load Balancer and Network Monitoring
System for the High Court of Madhya Pradesh

Note: - This document contains total 59 pages including cover. No change and
modification in the document by the bidder is permissible.

Seal and Signature of the Bidder Page 1

 Table of Contents

Section Particulars Page No.

1. NOTICE INVITING TENDER 03 - 04

2. INSTRUCTIONS TO BIDDERS 05 – 15

3. TERMS AND CONDITIONS FOR e-TENDERING 16-17

GENERAL CONDITIONS OF THE CONTRACT

4. 18-24
(GCC)

SPECIAL CONDITIONS OF THE CONTRACT

5. 25-26
(SCC)

6. SCOPE OF WORK 27-30

7. TECHNICAL SPECIFICATIONS 31-49

FORMATS TO BE USED FOR SUBMISSION OF

8. 50-58
PROPOSAL

9. CERTIFICATES 59

Seal and Signature of the Bidder Page 2

 Section – I
NOTICE INVITING TENDER

No. Reg(IT)(SA)/2024/1263 Dated:22.08.2024

The Registrar General, on behalf of High Court of Madhya Pradesh

invites e-tenders / online tenders from experienced and reputed
firms/organizations/ Original equipments manufacturer (OEM) for the
“Supply, Installation, Commissioning, Maintenance Firewall, WAF with
Server Load Balancer and Network Monitoring System for the High Court
of Madhya Pradesh”
S. Estimated EMD Cost of Date and Last Date / Last Date/ Date and Time for
No. project (In online Time of Time of Time of Time of Completion of
cost Lakh Tender Pre-Bid online tender Opening the work /
(In Lakh Rs.) Document Meeting tender submission of project
Rs.) (In Rs.) Submission in Technical
hardcopy Bid
(online/
hardcopy)
1. 1.50 03 5,000/- 12th 14th 15th 16th 60 days
Crore Lakh September, October, October, October,
2024 at 2024 before 2024 before 2024 at
11:30 A.M 06:00 PM 05:00 PM 11:00 AM
in the
Committee
Hall No. 03
of High
Court of
Madhya
Pradesh,
Jabalpur.

1. Tender documents may be viewed or purchased online by interested and

eligible bidders from the website https://mptenders.gov.in after paying
Tender fee of Rs.5,000/- and Processing Fee, as applicable. The tender
document is also available in website http://www.mphc.gov.in.
2. Bidders can submit its tender online at https://mptenders.gov.in/ on or
before the key dates given above. The Physical copy of the Technical Bid
along with copy of online EMD should also be submitted at the address
below latest by 15th October, 2024 at 05:00 P.M.
3. All further notifications/amendments, if any shall be posted on
https://mptenders.gov.in and www.mphc.gov.in only. No separate
communication shall be made with individual Bidders.

Seal and Signature of the Bidder Page 3

 4. The financial bids are to be submitted online and no hard sheet/ copy

is to be submitted along with the bid.

All other terms and conditions for submission of tender are contained in this
document. If the date of submission/opening of the Bid is declared as holiday
then the bids shall be submitted / opened on next working day.
The Registrar General, High Court of Madhya Pradesh, Jabalpur (M.P.)
reserves the right to accept or reject any or all bids without assigning any
reason thereof.

Address for communication:-

Registrar General,
High Court of Madhya Pradesh
Jabalpur (M.P.)
Email ID: regithcjbp@mp.gov.in & copy to on: - mphc@nic.in
Landline: 0761-2623358

Seal and Signature of the Bidder Page 4

 Section – II

2. INSTRUCTIONS TO BIDDERS:-
2.1 DEFINITIONS:-
a) “The Employer” or “The Purchaser” means the "Registrar General, High
Court of Madhya Pradesh, Jabalpur" and the "District Judge" of the District
Courts.
b) “The Bidder” means a firm which participates in the tender and submits
its proposal.
c) “Successful Bidder” means the Bidder, who, after the complete
evaluation process, gets the Letter of Award. The Successful Bidder shall
be deemed as “Contractor” appearing anywhere in the document.
d) “The Letter of Award” means the issue of a signed letter by the
Purchaser of its intention to award the work mentioning the total Contract
Value. The timeline for delivery of products and services will start from the
date of issue of Letter of Award.
e) “The Contract” means the agreement entered into between the Employer
and the Contractor, as recorded in the Contract Form signed by the
parties, including all attachments and appendices thereto and all
documents incorporated by reference therein.
f) “The Contractor” means the individual or firm or OEM supplying the
Goods / items and Services under this Contract.
g) “The Contract Price” means the price payable to the Successful Bidder
under the Letter of Award for the full and proper performance of its
contractual obligations. The Contract Price shall be deemed as “Contract
Value” appearing anywhere in the document.
h) “Site Acceptance Test (SAT)” is a process of testing the contracted
services provided by the Bidder at the locations specified by the Registrar
General, High Court of Madhya Pradesh. SAT comprises of Product
Acceptance Tests with respect to Technical Specifications and Bill of
Materials as specified in this tender, checking the installation,

Seal and Signature of the Bidder Page 5

 commissioning and integration of sub-components and integration with
High Court software and acceptance of the Training at the site.
i) “Services” means System Integration, Training and coordinating with the
original equipment manufacturer (OEM) for installation, commissioning,
system integration and maintenance for proper working of supplied
equipments/items etc.
j) “NIT” is the Notice Inviting Tender. It is essentially the Press Notification
of the Tender.
k) “OEM” - means Original Equipment Manufacturer and/or Original
Software Developer.
l) This tender is subject to availability of funds / Budget from the State
Government/ Department of Justice, Govt. of India.
2.2 BID DOCUMENT:-
2.2.1 The process and procedures of bidding, the materials to be supplied and
the various terms and conditions of this tender are provided in the Bid
Document. The Bid Documents include:-

i. Section I Notice Inviting Tender

ii. Section II Instructions to Bidders
iii. Section III Terms and Conditions for E-Tendering.
iv. Section IV General Conditions of Contract
v. Section V Special Conditions of Contract
vi. Section VI Scope of work
vii. Section VII Technical Specifications
viii. Section VIII Format to be used for submission of proposal
ix. Section IX Certificates

2.2.2 The Bidder should carefully read all the instructions, terms and conditions,
specifications and various forms that are provided in the Bid Document.
The tender may be rejected if any or all of the information asked for in this
document are not furnished along with the tender or if the tender is not
responsive with the Bid Document.

Seal and Signature of the Bidder Page 6

2.3 AMENDMENT OF BID DOCUMENTS:-
At any time, prior to the date of submission of Bids, the Purchaser may,
for any reason, whether at its own initiative or in response to a clarification
requested by a prospective Bidder, modify bid documents by amendments
by issuing corrigendum / addendum in the website of the High Court.
2.4 COST OF BIDDING:-
The Bidder has to bear all the costs associated with the preparation and
submission of the bid. Purchaser will, in no case, be responsible or liable
for any of the costs, regardless of the conduct or outcome of the bidding
process.
2.5 EARNEST MONEY DEPOSIT (EMD):-
2.5.1 The proposal should be submitted along with only online application fee
of Rs.5,000/- (Rs. Five Thousand only) and Earnest Money Deposit
(EMD) of Rs.03 Lakh (Rupees Three Lakh only) in the form of online
mode through e-procurement tender portal www.mptenders.gov.in valid
for the period of 06 months in favour of “Registrar General, High Court
of Madhya Pradesh, Jabalpur”. The Bid submitted without EMD and/or
the application fee shall be summarily rejected.
2.5.2 The EMD of the successful Bidder will be returned when the Bidder has
signed the Contract Agreement with the purchaser and has furnished the
required Performance Guarantee.
2.5.3 The EMD will be forfeited:
(i) If a Bidder withdraws its bid during the period of bid validity.
or
(ii) If the Bidder fails to accept the Purchaser’s corrections of arithmetic
errors in the Bidder’s bid (if any),
or
(iii) If the Successful Bidder fails to sign the contract agreement with the
purchaser,
or
(iv) If the Successful Bidder fails to furnish the Performance Guarantee
with in the stipulated time.

Seal and Signature of the Bidder Page 7

2.6 BID PRICES:-
2.6.1 The Bidder shall give the pricing as individual and as a total composite
price inclusive of all levies & taxes, packing, forwarding, freight and
insurance etc.
2.7 DISCOUNTS:-
The Bidders are informed that discount, if any, should be included in the
total price.
2.8 BID VALIDITY:-
The bids shall remain valid for the period of 180 days from the date of
last submission.
2.9 ONLY ONE BID PER PARTY:-
Each bidder is permitted to submit ONLY ONE BID. In case it is found that
any party has submitted more than one bid for the subject work(s) in any
of the above capacities, all bids so submitted shall be summarily rejected
and the EMPLOYER shall not entertain any further request/
correspondence in this matter.
2.10 SUBMISSION OF PROPOSALS:-
2.10.1 All physical proposals have to be submitted ONLY in HARD BOUND
(Hard bound implies such binding between two covers through
stitching or otherwise whereby it may not be possible to replace
any paper without disturbing the document) form with all pages
sequentially numbered either at the top or at the bottom right corner of
each page. It should also have an index giving page wise information of
above documents. Incomplete proposal or those received without hard
bound will summarily be rejected. All the Pages and Papers to be
signed and sealed by the authorized signatory of the bidder.
2.10.2 The Bidders are required to fill up and submit the Section VIII (only
online) documents with their proposals.
2.10.3 The proposals shall be submitted in two parts, viz.:-
(a) Envelope-1: Containing Copy of Earnest Money Deposit (EMD) valid for
the period of six months. The envelope should be superscribed as
“Envelope-1: EMD” at the top left corner of the envelope.
Seal and Signature of the Bidder Page 8
(b) Envelope-2: Pre-qualification Proposal and Technical Proposal super
scribed as “Envelope 2 – Pre-qualification and Technical Proposal”
(Containing duly signed PRE-QUALIFICATION PROPOSAL
SUBMISSION FORM as prescribed in tender, Other required
Prequalification documents, clause-by-clause compliance to the technical
specifications of the equipments as prescribed in Section-VII, all
technical literature, brochures etc.). In the technical proposal, there
should not be any indication about the prices (printed or otherwise) of
any of the products offered.
2.10.4 All the sealed envelopes should again be placed in a single sealed
cover superscribed as “Supply, Installation, Commissioning, Maintenance
of Firewall, WAF with Server Load Balancer and Network Monitoring
System for the High Court of Madhya Pradesh” bid from: M/s -----------------
----------” “NOT TO BE OPENED BEFORE 11:00 A.M. on 16th October,
2024”, which will be received as time mentioned in the Schedule of
Events. The Bid is to be submitted to the “Inward / Receipt Section of
the High Court of M.P., Jabalpur”.
2.10.5 The Bids and all correspondence and documents relating to the bids,
shall be written in English language.
2.10.6 The financial bids are to be submitted online and no hard copy to be
submitted along with the bid.
2.11 LATE BIDS:-
Any bid received by the Purchaser after the time and date for receipt of
bids prescribed by the Purchaser in the tender may be rejected and
returned unopened to the Bidder.
2.12 MODIFICATION AND WITHDRAWAL OF BIDS:-
2.12.1 The Bidder is allowed to withdraw its submitted bid any time prior to the
last date prescribed for receipt of bids, by giving a written notice to the
Purchaser.

Seal and Signature of the Bidder Page 9

2.12.2 Subsequent to the last date for receipt of bids, no modification/
withdrawal of bids shall be allowed.
2.12.3 The Bidders cannot withdraw the bid in the interval between the last date
for receipt of bids and the expiry of the bid validity period specified in the
Bid. Such withdrawal may result in the forfeiture of its EMD from the
Bidder.
2.13 LOCAL CONDITIONS:-
2.13.1 Each Bidder is expected to fully get acquainted with the local conditions
and factors, which would have any effect on the performance of the
contract and /or the cost.
2.13.2 The Bidder is expected to know all conditions and factors, which may
have any effect on the execution of the contract after issue of Letter of
Award as described in the bidding documents. The Purchaser shall not
entertain any request for clarification from the Bidder regarding such local
conditions.
2.14 CONTACTING THE PURCHASER:-
Any effort by a Bidder influencing the Purchaser’s bid evaluation, bid
comparison or contract award decisions may result in the rejection of the
bid.
2.15 ELIGIBILITY/ PRE-QUALIFICATION CRITERIA:-
Bidders that meet ALL of the following pre-qualification criteria need only
apply.
2.15.1 (i) Average Annual Financial turnover of the bidder during last 03 financial
years, ending 31st March of previous financial year i.e. 2023-24
should be at least Rs. 05 Crore.
2.15.2 (ii) Experience in Supply, Installation, commissioning, Maintenance of
firewall, WAF, NMS tool and similar IT equipments during last 05 years
ending last day of month previous to the month of publication of this
tender, should be either of the following:-

Seal and Signature of the Bidder Page 10

(a) Three similar completed work costing not less than the amount equal to
40% of the estimated cost.
OR
(b) Two similar completed work costing not less than the amount equal to
50% of the estimated cost.
OR
(c) One similar completed work costing not less than the amount equal to
80% of the estimated cost.
Similar works means: Supply, installation and System Integration of
firewall, WAF, NMS tool and similar IT equipments.
2.16 SCHEDULE OF EVENTS:-
The tentative dates for the schedule of key events of this tender are
given as under:-
Sl. Events Date
No.
01 Date of Pre-Bid meeting 12th September, 2024 at 11:30 A.M
in the Committee Hall No. 03 at the
High Court of M.P. Note: - The
vendor are requested to send their
suggestions / queries on following e-
mail id:- regithcjbp@mp.gov. as per
format of pre-bid query.
02 Last date and time of online
14th October, 2024 before 06:00 PM
submission of proposal (mandatory).
03 Last date and time of submission of
15th October, 2024 before 05:00 PM
hardcopy of proposal (mandatory).
04 Date and time of opening of the
16th October, 2024 at 11:00 AM
technical Bids
05 Date and time of opening of the Date and time of opening of
financial Bid at High Court of Madhya financial bids will be intimated to
Pradesh, Jabalpur qualified bidders via e-mail / letter /
telephone.

2.17 OPENING OF PROPOSAL:-

The Evaluation Committee or its authorized representative will open
the tenders.
2.18 EVALUATION:-
2.18.1 The Purchaser reserves the right to modify the Evaluation Process at
any time during the Tender Process, without assigning any reason,

Seal and Signature of the Bidder Page 11

 whatsoever, and without any requirement of intimating the Bidders of
any such change.
2.18.2 Any time during the process of evaluation, the Purchaser may seek for
clarifications from any or all Bidders.
2.18.3 The tender has been invited under two bid system i.e. Technical Bid
and Financial Bid. The interested agencies are advised to submit
sealed envelopes super as mentioned above under clause 2.10.3
Phase-1: Online Application Fee & EMD: First, the envelope
containing Online Application fee and Copy of Earnest Money
Deposit will be opened and if both are found furnished by the Bidders
in the prescribed manner, then the second envelope containing Pre-
Qualification & Technical Proposal documents shall be opened. At any
stage during the evaluation, if the EMD is found invalid, the respective
Bidder’s bid will be summarily rejected.
Phase-2: Pre-Qualification and Technical Proposal Evaluation:
The Bidder shall have to fulfill all the Pre-qualification Criteria. These
documents will be scrutinized along with the Technical Proposal in this
phase of evaluation. Those bidders who do not fulfill the terms and
conditions of Pre-qualification Criteria as specified in this tender or
whose Technical Proposal is non-responsive will not be eligible for
further communication. Technical Proposals of the Bidders would be
evaluated for the clause-by-clause compliance of the technical
specifications as mentioned in the Bid document. Evaluation of
Prequalification and Technical Proposal by Registrar General, High
Court of Madhya Pradesh shall not be questioned by any of the
Bidders. The Purchaser reserves the right to ask for a technical
elaboration/clarification in the form of a technical presentation from the
Bidder on the already submitted Technical Proposal at any point of
time during evaluation process. The proposals shall be opened in
presence of their representatives who wish to attend.

Seal and Signature of the Bidder Page 12

 Phase-3: Online Financial proposal of only qualified bidders will
be opened for further evaluation.
The Commercial Proposal Evaluation will be based on the
“individual cost”, which would be the total payouts including all
taxes, duties and levies for the supply, installation,
commissioning, system integration of equipments and
Maintenance cost.
2.19 DECIDING AWARD OF CONTRACT:-
2.19.1 The Purchaser reserves the right to ask for a technical
elaboration/clarification in the form of a technical presentation from
the Bidder on the already submitted Technical Proposal at any point of
time before opening after opening of the proposals. The Bidder has to
present the required information to the Registrar General, High Court
of Madhya Pradesh and its appointed representative on the date
asked for, at no cost to the Purchaser.
2.19.2 Arithmetical errors will be rectified on the following basis: If there is a
discrepancy between the unit price and the total price that is obtained
by multiplying the unit price and quantity, the unit price shall prevail
and the total price shall be corrected. If the Bidder does not accept the
correction of the errors, his bid will be rejected. If there is a
discrepancy between words and figures, the amount mentioned in
words will prevail.
2.19.3 The Purchaser will notify the Successful Bidder on its intention to
award the work through “Letter of Award/ acceptance” mentioning
the total Contract Value. The timeline for delivery of products and
services will start from the date of issue of Letter of Award.
2.19.4 The Purchaser will subsequently send the Successful Bidder the Form
of Contract Agreement provided in the Bidding Documents,
incorporating all agreements between the parties.
2.19.5 As soon as practically possible, following receipt of the Form of
Contract Agreement, the successful Bidder shall sign and date the
Form of Contract Agreement and return it to the Purchaser. This is
Seal and Signature of the Bidder Page 13
 deemed as the “Contract” or “Contract Agreement” defined elsewhere
in this tender document.
2.19.6 The Registrar General, High Court of Madhya Pradesh, Jabalpur may
award the entire contract to a single firm or to multiple firms
depending upon rates available with the bid.
2.20 GENERAL INSTRUCTIONS TO THE BIDDERS:-
2.20.1 The cost of preparing the proposal, cost involved for the technical
presentation and of visit to the High Court of Madhya Pradesh is not
reimbursable.
2.20.2 All cutting, overwriting in the proposal should be authenticated by the
initials of the authorized signatory. In case of any calculation error the
unit rates would prevail. The amount will also have to be written in
words.
2.20.3 Successful bidder must ensure his establishment in India and in
the State of Madhya Pradesh for post-installation services and
support of the supplied equipments.
2.20.4 Canvassing in any form will lead to disqualification of the bid.
2.21 CONFIDENTIALITY:-
2.21.1 The Bidder shall keep confidential any information related to this
tender with the same degree of care as it would treat its own
confidential information. The Bidders shall note that the confidential
information will be used only for the purposes of this tender and shall
not be disclosed to any third party for any reason whatsoever.
2.21.2 As used herein, the term “Confidential Information” means any written
information, including without intimation, information created by or for
the other party, which relates to internal controls, computer or data
processing programs, algorithms, electronic data processing
applications, routines, subroutines, techniques or systems, or
information concerning the financial affairs and methods of operation
or proposed methods of operation, accounts, transactions, proposed
transactions or security procedures of either party or any of its
affiliates, or any client of either party, except such information which is

Seal and Signature of the Bidder Page 14

 in the public domain at the time of its disclosure or thereafter enters
the public domain other than as a result of a breach of duty on the part
of the party receiving such information. It is the express intent of the
parties that all the business process and methods used by the Bidder
in rendering the services hereunder are the Confidential Information of
the Bidder.
2.21.3 At all times during the performance of the Services, the Bidder shall
abide by all applicable High Court of Madhya Pradesh security rules,
policies, standards, guidelines and procedures. The Bidder should
note that before any of its employees or assignees is given access to
the Confidential Information, each such employee and assignees shall
agree to be bound by the term of this tender and such rules, policies,
standards, guidelines and procedures by its employees or agents.
2.21.4 The Bidder should not disclose to any other party and keep confidential
the terms and conditions of this tender, any amendment hereof, and
any Attachment or Annexure hereof.
2.21.5 The obligations of confidentiality under this section shall survive
rejection/termination/expiry of the contract for a period of five years.
2.22 The Government of India had amended the General Financial Rules
2017 to enable the imposition of restrictions under Rule 144(xi) on
bidders from countries which share a land border with India on
grounds of defense of India, or matters directly or indirectly related
thereto including national security. The bidder has to submit proper
documents in this regards as per the policy.
As per the Public Procurement (Preference to Make in India), Order
2017, the Class-I local suppliers shall get preference in procurement
of goods, services or works. In furtherance of the Revised PPP-MII
Order dated 04.06.2020, the Ministry of Electronics & Information
Technology (MEIT) has notified the mechanism for calculation of local
content for the 13 electronic products vide Notification no. 43/4/2019-
IPHW-MeitY dated 07.09.2020.

Seal and Signature of the Bidder Page 15

 Section – III
3. Terms and Conditions for e-Tendering:-

3.1 For participation in e-tendering module, it is mandatory for prospective

bidders to get registration on website https://mptenders.gov.in/.
Therefore, it is advised to all prospective bidders to get registration by
making on line registration fees payment at the earliest.

3.2 Tender documents can be purchased only online on payment of tender

fees and downloaded from website https://mptenders.gov.in/ by making
online payment for the tender document fee.

3.3 Service and gateway charges shall be borne by the bidders.

3.4 Since the bidders are required to sign their bids online using class – III
Digital Signature Certificate, they are advised to obtain the same at the
earliest.

3.5 For further information regarding issue of Digital Signature Certificate, the
bidders are requested to visit website https://mptenders.gov.in/. Please
note that it may take upto 07 to 10 working days for issue of Digital
Signature Certificate. Department will not be responsible for delay in issue
of Digital Signature Certificate.

3.6 If bidder is going first time for e-tendering, then it is obligatory on the part
of bidder to fulfill all formalities such as registration, obtaining Digital
Signature Certificate etc. well in advance.

3.7 Bidders are requested to visit our e-tendering website regularly for any
clarification and / or due date extension.

3.8 Bidder must positively complete online e-tendering procedure at

https://mptenders.gov.in/

3.9 Department shall not be responsible in any way for delay /difficulties
/inaccessibility of the downloading facility from the website for any reason
whatever.

Seal and Signature of the Bidder Page 16

3.10 For any type of clarification bidders can / visit https://mptenders.gov.in.
In case of any assistance please call Help desk numbers 0120-4200462,
0120-4001002. Support timings: Monday to Saturday from 10:00 AM to
7:00 PM.

3.11 Interested bidders may attend the free training programme in Bhopal at
their own cost. For further query please contact help desk.

3.12 The bidder who so ever is submitting the tender by his Digital Signature
Certificate shall invariably upload the scanned copy of the authority letter
as well as submit the copy of same in physical form with the offer of
particular tender.

3.13 The firms registered under NSIC and MSME (The vendor to be
registered with both NSIC and MSME for claiming exemption of
tender fees) are exempted for submission of tender fees only. But
they have to submit valid EMD as per the tender requirement.

Seal and Signature of the Bidder Page 17

 Section – IV
4 GENERAL CONDITIONS OF THE CONTRACT (GCC):-
4.1 GENERAL:-
The Products/equipments supplied under this contract shall conform to
the Technical Specifications given in this tender under Section VII.
4.2 PERFORMANCE GUARANTEE:-
4.2.1 The Successful Bidder will be required to furnish performance guarantee
in the form of unconditional Bank Guarantee issued by a Nationalized /
Scheduled Bank in India equivalent to 05% of the Contract Value initially
valid for a period of 36 months within 30 days from the date of issue of
Letter of Award / acceptance. For remaining 24 months Bidder will
submit fresh BG before expiry of the initial BG.
4.2.2 BANK GUARANTEE:-
The Bank Guarantee issued by following banks would be accepted. SBI
or its subsidiaries, any Indian Nationalized Bank/Scheduled Bank, Export
Import Bank of India, a foreign bank (issued by a branch outside India)
with counter guarantee from SBI or its subsidiaries or any Indian
Nationalized Bank, and any scheduled commercial bank approved by
RBI having a net worth of not less than Rs.500 Crores as per the latest
annual report of the bank.
4.2.3 The Performance Guarantee shall be as per the format approved by the
Registrar General, High Court of M.P., Jabalpur.
4.2.4 The Performance Guarantee shall be payable to the Purchaser as a
compensation for any loss resulting from the Bidder’s failure to complete
its obligations under the contract. The Purchaser will discharge the
Performance Guarantee after completion of the Bidder’s performance
obligations, including any warranty obligations, under the contract.
4.3 DELIVERY OF MATERIALS AND RELATED DOCUMENTATION:-
4.3.1 Delivery, Installation and Commissioning of the materials along with the
related documents as per the tender document and technical
specification section (Section VII) are the responsibility of the Bidder.

Seal and Signature of the Bidder Page 18

4.3.2 The Successful Bidder shall ensure that all Products/equipment is
supplied within the Implementation schedule mentioned in the tender
document under Section V.
4.3.3 The Successful Bidder shall submit all the Software Kits (CDs), License
Papers, Warranty Papers and any other relevant documentation related
to the supplied products to the Purchaser along with the supplied
products/equipments.
4.4 WARRANTY:-
4.4.1 The Bidder is required to provide on-site comprehensive warranty valid
for 60 months for all supplied hardware items from the date of
installation.
4.4.2 The Bidder shall warrant that all the equipment supplied under the
contract is newly manufactured and shall have no defect arising out of
design, materials or workmanship or from any act or omission of the
Bidder that may develop under normal use of the supplied equipments in
the conditions prevailing across the country.
4.4.3 The Bidder shall warrant that the services provided under the contract
shall be as per the Warranty Service Level Requirements given under
Section-VI. During the warranty, the Bidder shall perform all the
functions as enunciated in Section-VI at no extra cost to the Purchaser.
All the penalty clauses shall be applicable during the period of warranty
in case of failure on part of Bidder. The terms and conditions for
Warranty are given in Section-VI.
4.4.4 The bidder shall quote for comprehensive On-Site warranty and
support for FIVE years, which shall become effective after the Final
Acceptance Sign-off. The cost, including visits of the engineers etc. shall
be quoted as part of the individual equipment prices. No separate
charges shall be paid for visit of engineers or attending to faults and
repairs or supply of spare parts.
4.4.5 The Registrar General, High Court of Madhya Pradesh shall promptly
notify the Bidder about any claims arising under this warranty. Upon
receipt of such notice, the Bidder shall repair / replace / reconfigure / re-
Seal and Signature of the Bidder Page 19
 provisions the defective equipments or service. Replacement under
warranty clause shall be made by the Successful Bidder free of all
charges at site including freight, insurance and other incidental charges.
4.4.6 The Bidder shall, at the time of submitting the bid submit the
Technical Proposal specifying how the Bidder proposes to carry
out repair under Warranty. The Bidder shall also indicate what
spares will be kept for immediate replacement. The infrastructure
planned to be created by the Bidder to fulfill his obligations under
Warranty and his action plan to deal with the various situations
arising out of hardware and software faults shall be clearly
indicated.
4.4.7 If the Bidder, having been notified, fails to remedy the defect(s) within
the period specified in the Service Level Agreement, the Registrar
General, High Court of Madhya Pradesh may proceed to take such
remedial action as may be necessary at the Bidder’s risk and expense
and without prejudice to any other rights, which Registrar General, High
Court of Madhya Pradesh may have against the Bidder under the
contract.
4.5 PAYMENT TERMS:-
4.5.1 For the supply, installation, commissioning, testing and warranty
maintenance of all hardware items for the period of 60 months:-
Payments will be made in Indian Rupees only
4.5.1.1 80% of total price against delivery of the equipments at the site after
submitting the duly verified delivery challan of the site / locations certified
by the Office of District and Session Judge of District Courts.
4.5.1.2 20% of total price against successful installation and getting Sign-off from
all the District Courts.
4.6 PRICES:-
4.6.1 The rate contract of all the quoted items shall be valid for the period of
01 year from the date of agreement/contract.
4.6.2 The rates and prices quoted by the bidder shall be fixed for the duration
of the contract and shall not be subjected to adjustment.
The rates shall be valid for the period of one year from the date of
agreement. However on introduction of new taxes / duties , the
Seal and Signature of the Bidder Page 20
 rates of the quoted items shall be change in same proportionate.
Further, order on approved rates shall be placed by High Court of
Madhya Pradesh, Jabalpur on need basis.
4.7 PURCHASER’S RIGHTS:-
4.7.1 The Purchaser reserves the right to make changes within the scope
of the work and Contract and configuration of items at any point of
time.
4.7.2 The Purchaser reserves the right to accept or reject any bid, and to annul
the bidding process and reject all bids, at any time prior to award of
contract without assigning any reason whatsoever and without thereby
incurring any liability to the affected bidder or bidders on the grounds of
purchaser’s action.
4.8 TIME SCHEDULE TO COMPLETE THE CONTRACT:-
4.8.1 The successful bidder shall complete the assignment within 60 days
from the date of issue of Letter of Acceptance / Letter of Intent.
4.8.2 In case the purchase order is received directly from the District Court
then the period of supply and installation will be 60 days.
4.8.3 The Successful Bidder shall ensure that the delivery of Products/
equipment and/or the delivery of the services are in accordance with the
time schedules specified in tender documents. In case of any deviation
from the schedule, the Purchaser reserves the right to either cancel the
Contract and/or recover Liquidated Damage charges.
4.8.4 The Successful Bidder, if faced with problems in timely delivery of
services, which have dependencies on the Service Provider and/or the
Purchaser, which are beyond their control at any time before the Final
Acceptance Signoff, shall immediately inform the Purchaser in writing,
about the causes of the delay and tentative duration of such delay etc.
The Purchaser, on receipt of such notice, shall analyze the facts at the
earliest and may at its sole discretion, extend the contract period as
deemed reasonable.

Seal and Signature of the Bidder Page 21

4.8.5 Any delay by the Successful Bidder in the delivery of Products/
equipment and/or the services will make the Successful Bidder liable to
any or all of the following:
i. Forfeiture of Performance Bank Guarantee
ii. Imposition of Liquidated Damage charges
iii. Termination of the contract for default.
iv. Blacklisting of the vendor.
4.9 LIQUIDATED DAMAGES (LD):-
If the Bidder fails to deliver any or all of the equipment or to perform the
services within the time period(s) as mentioned in tender document.
Registrar General, High Court of Madhya Pradesh shall without prejudice
to its other remedies under the contract, deduct from the contract price,
as liquidated damages, a sum equivalent to the 0.5% of the contract
price for every week (seven days) or part thereof of delay, up to
maximum deduction of 10% of the contract price. Once the maximum is
reached, Registrar General, High Court of Madhya Pradesh may
consider termination of the contract.
4.10 FORCE MAJEURE:-
4.10.1 Neither party shall be responsible to the other for any delay or failure in
performance of its obligations due to any occurrence commonly known
as Force Majeure which is beyond the control of any of the parties,
including, but without limited to, fire, flood, explosion, Acts of God or any
governmental body, public disorder, riots, embargoes, or strikes, acts of
military authority, epidemics, strikes, lockouts or other labour disputes,
insurrections, civil commotion, war, enemy actions.
4.10.2 If a Force Majeure arises, the Bidder shall promptly notify the Registrar
General, High Court of Madhya Pradesh in writing of such condition and
the cause thereof. Unless otherwise directed by the Registrar General,
High Court of Madhya Pradesh the Bidder shall continue to perform his
obligations under the contract as far as is reasonably practical, and shall
seek all reasonable alternative means for performance not prevented by
the Force Majeure event. The Bidder shall be excused from performance

Seal and Signature of the Bidder Page 22

 of his obligations in whole or part as long as such causes, circumstances
or events shall continue to prevent or delay such performance.
4.11 TERMINATION:-
4.11.1 Termination on expiry of the CONTRACT: The Agreement shall be
deemed to have been automatically terminated on the expiry of the
Contract period unless the Registrar General, High Court of Madhya
Pradesh has exercised its option to extend the Contract in accordance
with the provisions, if any, of the Contract.
4.11.2 Termination on account of Force Majeure: Either party shall have the
right to terminate the Contract on account of Force Majeure.
4.11.3 Termination on account of insolvency: In the event the Successful Bidder
at any time during the term of the Contract becomes insolvent or makes
a voluntary assignment of its assets for the benefit of creditors or is
adjudged bankrupt, then the Registrar General, High Court of Madhya
Pradesh shall, by a notice in writing have the right to terminate the
Contract and all the Successful Bidder’s rights and privileges hereunder,
shall stand terminated forthwith.
4.11.4 Termination for breach of contract: A breach by the Successful Bidder of
its obligations hereunder and such breach not being rectified by the
Successful Bidder within 30 days of receipt of the Purchaser’s notice
intimating such breach. Upon termination, the Successful Bidder shall
surrender all the data and materials belonging to the Purchaser.
4.11.5 Termination for delay: Successful Bidder shall be required to perform all
activities/services as per tender document If the Successful Bidder fails
to do so, the Contract may be terminated by the Registrar General, High
Court of Madhya Pradesh by giving 30 days written notice unless the
Registrar General, High Court of Madhya Pradesh has extended the
period with levy of Liquidated Damages, as per conditions of the tender.
4.11.6 The Registrar General, High Court of Madhya Pradesh may at any time
terminate the Contract by giving 30 days notice without assigning any
reason.

Seal and Signature of the Bidder Page 23

4.11.7 Consequences of termination: In all cases of termination herein set forth,
the obligation of the Registrar General, High Court of Madhya Pradesh to
pay shall be limited to the period upto the date of effective termination.
Notwithstanding the termination of the Agreement, the parties shall
continue to be bound by the provisions of the Agreement that reasonably
require some action or forbearance after such termination.
4.11.8 In case of termination of Contract herein conditions of the tender
document the Contractor shall be put on holiday [i.e. neither any enquiry
will be issued to the party by the Registrar General, High Court of
Madhya Pradesh against any type of tender nor their offer will be
considered by the Registrar General, High Court of Madhya Pradesh
against any ongoing tender(s) where contract between the Registrar
General, High Court of Madhya Pradesh and that particular Contractor
(as a bidder) has not been finalized] for two years from the date of
termination by the Registrar General, High Court of Madhya Pradesh to
such Contractor.
4.12 ARBITRATION:-
In the event of any dispute or difference arising out or touching upon any
of the terms and conditions of this contract and / or in relation to the
implementation or interpretation hereof, the same shall be resolved
initially by mutual discussion and conciliation but in the event of failure
thereof, the same shall be referred to the Registrar General, High Court
of Madhya Pradesh or his nominee. The sole arbitrator will be appointed
by Hon’ble the Chief Justice, High Court of M.P. and the decision of the
Arbitrator shall be final and binding on the parties. The arbitration shall
be in Jabalpur and the Arbitrator shall give his award in accordance with
“The Arbitration and Conciliation Act, 1996”.
4.13 GOVERNING LAWS AND JURISDICTION:-
The Agreement shall be governed by the laws in force in India. Any
dispute arising in relation to the Agreement shall be subject to the
Jurisdiction of the Court at Jabalpur.

Seal and Signature of the Bidder Page 24

 Section – V
5. SPECIAL CONDITIONS OF THE CONTRACT (SCC):-
5.1 GENERAL:-
The conditions given in this Section V, supplement the “Instructions to
the Bidders” given in Section II & “GCC" given in Section IV and in case
of any conflict, the conditions given herein shall prevail over those in
Sections II and IV.
5.2 EQUIPMENTS AND SUPPORTING SOFTWARE:-
5.2.1 All the equipments / system and related software to be supplied shall
conform to the relevant technical specifications as mentioned in Section-
VII of this document.
5.3 SITE ACCEPTANCE TESTS (SAT):-
5.3.1 The Purchaser shall carry out the entire test detailed in the Acceptance
test schedule to be furnished by the Contractor to confirm that the
performance of the different modules, sub-systems and the entire
installation satisfies the specification requirements. The Purchaser
reserves the right to include any other tests which in his opinion is
necessary to ensure that the equipment meets the specifications.
5.3.2 The Purchaser reserves the right to ask for modifications/additions to the
Site Acceptance Test Procedure at any point of time till the Site
Acceptance signoff at each location.
5.3.3 The Site Acceptance Tests shall cover the intended functioning of the
equipments with proper integration with other sub components and
software’s.
5.3.4 The contractor shall carry out the Site Acceptance Tests in the presence
and supervision of the Purchaser or its designated Officer / agency at the
site. The contractor, at its own cost, shall provide the testing
equipment/instruments/software programs necessary for performing and
demonstrating the Site Acceptance Tests.
5.3.5 The Purchaser or its appointed testing authority shall supervise the tests
at each site, as described in the Site Acceptance Test Procedure and
performed by the contractor to confirm that the complete solution at each
Seal and Signature of the Bidder Page 25
 site satisfies the requirement of specifications including the service
performance.
5.3.6 The contractor shall rectify all deficiencies immediately, if found, in the
performance of the system as per the requirement during the Site
Acceptance Tests, at no cost to High Court of Madhya Pradesh,
Jabalpur.
5.3.7 Any components or parts failing during the acceptance tests shall be
replaced free of cost by the Contractor. These replacements shall not be
made out of spares supplied by the Contractor as part of supplies under
this Contract. This shall also not entitle the contractor to any extension of
completion time.
5.3.8 The cost of all test and / or analysis shall be fully borne by the contractor.
Material put up for inspection shall be those to be supplied and in
quantities laid down in the Schedule of Quantities. Any variation shall
require the prior approval of the Purchaser before the material is
manufactured/ offered for inspection.
5.3.9 All material brought to site shall be permitted to be installed only after
inspection and acceptance by the Purchaser.
5.3.10 The completed installation at all stages shall be subjected to checks and
tests as decided by Purchaser. The contractor shall be liable to remedy
all of such defects as discovered during these checks and test and make
good all deficiencies brought out. The complete installation shall be taken
over finally on successful commissioning in entirety.
5.4 CONSIGNEE AND SECURITY OF MATERIAL:-
Security of all material at the site where the work is in progress shall be
the contractor’s responsibility and he shall arrange to guard the same
from theft/pilferage/vandalism. In the event of any loss the contractor
shall be responsible for the same. Any stores lost, prior to formally taking
over by the Purchaser, shall be made good by the contractor at no cost
to the Purchaser.

Seal and Signature of the Bidder Page 26

 Section – VI

6. SCOPE OF WORK:-
6.1 The Registrar General, High Court of Madhya Pradesh Jabalpur is
interested to assign the task for Supply, Installation, Commissioning,
Maintenance of Firewall, WAF with Server Load Balancer and Network
Monitoring System for the High Court of Madhya Pradesh.
6.2 SUPPLY:-
Supply of all equipments, materials, components, accessories, mounting
hardware, software, wires and cable for connection, etc. as per
requirement of High Court of Madhya Pradesh.
6.3 INSTALLATION & WIRING:-
6.3.1 Installation & wiring of all equipments, components and accessories.
Installation of all necessary software’s and drivers.
6.4 INSTALLATION PRACTICE AND METHOD OF WORK:-
6.4.1 The work shall be executed to the highest standards using best quality
material. The system design shall use state-of-the art techniques/tools.
The contractor shall ensure that the entire specification is complied with
the technical specifications. It shall be the responsibility of the contractor
to demonstrate compliance of technical as well as functional
specifications. Meeting individual requirements shall not be deemed as
meeting the overall efficient functioning of the total system.
6.4.2 The completed installation shall be subject to checks at all stages and
tests as prescribed in the bid or as deemed necessary by the Registrar
General. The same shall be done by the Purchaser and the contractor
shall be liable to rectify such defects as brought out by the Purchaser
during these checks and tests and make good all deficiencies at his own
cost.
6.5 COMPREHENSIVE WARRANTY:-
The contractor will be required to maintain the installed systems for the
period of FIVE years after the taking-over certificate / installation
certificate.

Seal and Signature of the Bidder Page 27

6.6 WARRANTY TERMS AND CONDITIONS:-
6.6.1 The Contractor shall be solely responsible for the maintenance, repair of
the whole equipments / items supplied and integrated and the Registrar
General; High Court of Madhya Pradesh shall not be liable to interact
with any of the partners/ collaborators of the Contractor.
6.6.2 The Contractor shall have adequate Technical Support Center to meet
the criteria for fault restoration/faulty unit repair times as mentioned in the
Section-VI. The Contractor shall furnish the names, locations, complete
postal address, telephone numbers and FAX numbers of all Technical
support Centers at the time of signing the Contract.
6.6.3 The Contractor shall also provide the name of alternate contact person or
Technical Support Center with address & telephone / fax numbers / E-
mail which may be contacted by the Registrar General, High Court of
Madhya Pradesh or its authorized Officer / staff for support in case of no
response/poor response from the designated Technical support center.
This however shall not preclude from imposing the penalties, if any, as
applicable as per the terms & conditions of this tender.
6.6.4 Any change in Address, Phone number, FAX Number, e-mail etc., shall
have to be intimated in writing by the Contractor to the Registrar General,
High Court of Madhya Pradesh, Jabalpur
6.6.5 The Contractor shall ensure that all the Technical support centers are
manned by fully competent and responsible Engineers and are capable
of attending faults / supporting their engineers at the High Court of
Madhya Pradesh and District Courts
6.7 WARRANTY SERVICE LEVEL REQUIREMENTS – SLA:-
6.7.1 Service Hours:-
The Service window for all the equipments would be all working
days from 09:00 A.M. to 06:00 P.M.
6.7.2 Scheduled Downtime:-
(a) Scheduled downtime is defined as the period of time when software
application will remain unavailable for conducting necessary
preventive maintenance, urgent repairs etc. This is the maximum
Seal and Signature of the Bidder Page 28
 duration, which the Contractor can take for scheduled downtime
purposes.
(b) It will be expressed in hours.
(c) The maximum scheduled downtime for any equipment would be 02
days in every calendar month.
(d) The preventive maintenance would be carried out with a minimum
advance notice of 24 hours in writing and subsequent acceptance of
the same by Registrar General, High Court of Madhya Pradesh or
officer who will execute the contract.
6.7.3 Mean Time to Resolve / solve the problem (MTTR): -
(a) MTTR is defined as the arithmetic average of the time taken to
attend to resolve the issues logged over a defined period of time.
(b) The Severity Levels for measuring MTTR are provided in the
following table:-
S. No. Severity Level
1 High
2 Low

6.7.4 The various Service Level Requirements and related penalties for default
are given below:-
Parameter Details Measurement Penalties per day of
Criteria delay / per fault / per
occasion
Mean time to (i) Within 48 Calculation of (i) For High Severity
resolve working Hours fault duration events, Rs.1000/-.
(MTTR) from the call per instance (ii) For Low Severity
logging time – for based on Fault events, Rs.500/-
all High Severity Docket Delay will be counted
events in steps of one hour.
(ii) Within 72
working hours from
the time of
attending the
problem for all Low
severity events

6.7.4.1 The Successful Bidder needs to maintain the Service Levels as

follows:
(a) 99% of the times for the MTTR of High Severity Events
(b) 95% of the times for the MTTR of Low Severity Events
Seal and Signature of the Bidder Page 29
6.7.4.2 The penalty will be applicable on per fault basis even if there is a
commonality of fault at any point causing full or part failure of services.
6.7.4.3 After the expiry of warranty, it shall be optional for Registrar General,
High Court of Madhya Pradesh not to enter the contract further with
the contractor. If Registrar General, High Court of Madhya Pradesh is
not satisfied with the performance of the Contractor during Warranty it
reserves the right to terminate the same during its currency, after
giving a notice to the Contractor.
6.7.4.4 The Contractor has to maintain adequate spares for maintaining the
SLA (Service Level Agreement) parameters as mentioned below. Any
cost involved to meet the service level requirements specified above
is to be borne by the Bidder.
6.7.4.5 In case the Service Level Requirements are violated continuously for
a period of three months, the Purchaser reserves the right to
terminate the Contract by giving a notice to the Successful Bidder.
6.7.4.6 The preventive maintenance of all the installed equipments /
products to be carried on yearly basis during the warranty period
and the report is to be submitted to the Registrar General, High
Court of Madhya Pradesh or his authorized officer.

Seal and Signature of the Bidder Page 30

 Section – VII

7. TECHNICAL SPECIFICATIONS:-

All the products/equipment/items supplied should be quoted with:-

(i) Five years comprehensive Onsite Warranty and support on all

hardware equipments.

(ii) All the necessary required cables and other accessories.

(iii) Enclose all product catalogues and technical brochures of the

products / items along with MANUFACTURER AUTHORIZATION
FORM (MAF) addressed to the "Registrar General, High Court of
Madhya Pradesh", Jabalpur (M.P.)

(iv) The bidder has to quote only 01 product of single make / brand at a
time and not multiple brands for same item.

(v) The Original equipment manufacturer can authorize more than one
partner for participation in the bid.

(vi) Back-to-Back support letter is to be submitted by OEM regarding

support of their quoted products.

The details of the Hardware articles along with technical specifications is

enumerated as given below:-
S.
Items Minimum Specifications* / Make
No.

01 Firewall Technical Specifications Minimum Specification – A

Web Application Firewall with
02 Minimum Specification – B
Server Load Balancer

03 Network Monitoring System Minimum Specification – C

Note: - Please submit the product catalogue / brochure in above serial

ORDER only.

Seal and Signature of the Bidder Page 31

 “Specification – A”
Firewall Technical Specifications
S. Compliance
Feature Technical Specification
No. Yes / No
1 Type Next Generation Enterprise Firewall
The proposed firewall vendor must have over 97% of Exploit Block
3rd party rate in latest NGFW NSS Lab Test report.
Test
2 The proposed vendor must be in the Leader’s or challenger
Certificatio
n quadrant of the Network Firewalls Gartner Magic Quadrant for
latest year report.
6 X 10G Copper/RJ45 Day 1
8 X 1/10G SFP/SFP+ Day 1 with LR/SM transceivers and 8x3m
Interface
and patch cords.
Connectivi 4X 10/25Gig SFP28 Ports with 4 nos. of LR transceivers and
3
ty 4x3m patch cords from Day one
Requirem Minimum 2 x 10G HA port in addition to requested data ports,
ent Dedicated 1 X 10/100/1000 RJ45 Management Port
Should have support 2x40/100G for future use.
The appliance based security platform should provide Next-Gen
Firewall functionality like IPS, Application Control, URL and
content filtering and Anti-malware functionality in a single
appliance from day one.
The appliance hardware should be a multicore CPU architecture
and should not be proprietary ASIC based in nature & should be
Hardware open architecture based on multi-core cpu's to protect & scale
4 Architectu against dynamic latest security threats. The appliance hardware
re should have a hardened operating system from the OEM and
should support minimum of 64GB of RAM to make sure all the
security capabilities are provided without degradation from day
one.
The firewall should have integrated redundant fan and dual
redundant hot swappable power supply to remove any single
point of failure in the solution
The NGFW throughput of the firewall should be a minimum 20
Gbps with application identification and firewalling enabled with
real world/enterprise/ production traffic with logging enabled. The
Threat Prevention/NGIPS throughput after enabling IPS, AVC,
antimalware, sandboxing with logging enabled should be 12 Gbps.
Performan The firewall should provide 12 Gbps of IPSEC VPN throughput
5 ce & NGFW Firewall should support at least 1400,000 Layer 7
Scalability Concurrent sessions
NGFW Firewall should support at least 150,000 connections per
second L3/L4 or New Layer 7 connections per second – Min
90,000
High Availability: Active/Active and Active/Passive and should
support session state synchronization among firewalls from day 1.

Seal and Signature of the Bidder Page 32

 Firewall should support creating security policies with
source/destination zones, network subnets/ranges, relocation
objects, ports/protocols, applications, user/group attributes,
URL/URL categories and action on traffic. The actions on the
traffic should be to allow, alert, block, block and continue, reset.
The firewall should provide time based polices with options for
reccurrecing schedule or one time schedule.
The firewall should supports NAT's like source NAT , destination
NAT , U-Turn NAT. Firewall should support Nat66, Nat 64 or
Nat46 functionality
Solution should provides capabilities like dynamic real-time
metrics based , policy-based, application path selection across
multiple WAN connections and supports service chaining for
additional services such as WAN optimization and firewalls.
The solution should provide the following routing capabilities:
OSPF, EIGRP, BGP, RIP, Multicast, Static,
Route Tracking(SLA) PBR, ISIS, BFD, ECMP, VRF, Application
based Routing
Should support capability to create multiple virtual
context/instance with strict hardware resource (CPU, Memory &
Storage) reservation and ensure traffic isolation between virtual
context/instance
Next Gen The solution should be able to provide contextual information
6 Firewall about the hosts and the network subnets present such that the
Features admins are able to capture all the required information and build
the security profiles based on the details shown on the solution.
The details captured should consist of the following: IOC's , MAC
addresses, IP address, Applications, Ports & protocols,
vulnerabilities etc.
Should support capability to integrate with other security solutions
to receive contextual information like security group tags/names.
Should support more than 4000+ (excluding custom application
signatures) distinct application signature as application detection
mechanism to optimize security effectiveness and should be able
to create 40 or more application categories for operational
efficiency
Should be capable of dynamically tuning IDS/IPS sensors (e.g.,
selecting rules, configuring policies, updating policies, etc.) with
minimal human intervention.
Should support more than 19,000 (excluding custom signatures)
IPS signatures or more. Solution should be able to passively
detect endpoints and infrastructure for threat correlation and
Indicators of Compromise (IoC) intelligence. The signatures
should also have categorization based on MITRE TTP's.
The firewall solution should have the following capabilities to make
sure the current solution is future ready for technologies like WAN
routing, SASE etc. The firewall should have application aware

Seal and Signature of the Bidder Page 33

 routing with HTTP and ICMP ping, ZTNA based clientless access
to applications from day1.
The firewall solution should have capabilities like Application
Aware Routing, Health Monitoring, DIA, Dual ISP, Data interface
Management for simplified branch capabilities
Should be capable of automatically providing the appropriate
inspections and protections for traffic sent over non-standard
communications ports.
The solution should be able to identify, decrypt and evaluate both
inbound and outbound SSL traffic on-box. The NGFW shall
support the ability to have a SSL inspection policy differentiate
between personal SSL connections i.e. banking, shopping, health
and non-personal traffic.
The solution should have ML/AI capability to detect client apps
and process. Moreover it should be able identify malicious
encrypted traffic even when it is destined for a trustworthy service.
This is required to help administrators control specific applications
and improve network security
The solution should provide traffic hit count, Rule Conflict
Detection (Redundant &
Shadowed) and policy warning for streamlining firewall policies.
The solution should provide Change Management capability for
the organizations needs to implement more formal processes for
configuration changes, including audit tracking and official
approval before changes are deployed.
Should support the capability to quarantine end point by
integrating with other security solution like Network Admission
Control.
The solution must provide IP reputation feed that comprised of
several regularly updated collections of poor reparation of IP
addresses determined by the proposed security vendor. Solution
must support IP reputation intelligence feeds from third party and
custom lists of IP addresses including a global blacklist. The
solution should have the capability to detect MD5, SHA256 and
SHA512 traffic hashes to detect any malicious traffic pattern
The solution should provide Configuration Deployment History,
Pending Changes and Policy Compare capability before the
security policies are deployed on the firewall. It should also
provide configuration rollback capacity to the last good
configuration running on the firewall.
The Appliance OEM must have its own threat intelligence analysis
center and should use the global footprint of security deployments
for more comprehensive network protection.
The detection engine should support capability of detecting and
preventing a wide variety of threats (e.g., network
probes/reconnaissance, VoIP attacks, buffer overflows, P2P
attacks, etc.).

Seal and Signature of the Bidder Page 34

 Should be able to identify attacks based on Geo-location and
define policy to block on the basis of Geo-location
The detection engine must incorporate multiple approaches for
detecting threats, including at a minimum exploit-based
signatures, vulnerability-based rules, protocol anomaly detection,
and behavioral anomaly detection techniques.
Should be IPv6 Logo or USGv6 certified
Should support Open based Application ID / Custom Application
ID for access to community resources and ability to easily
customize security to address new and specific threats and
applications quickly
URL Should must support URL threat intelligence feeds to protect
7 Filtering
against threats
Features
Should support Reputation- and category-based URL filtering
offering comprehensive alerting and control over suspect web
traffic and enforces policies on more than 250 million of URLs in
more than 75+ categories from day1.
Should support the capability of providing network-based
detection of malware by checking the disposition of unknown files
using SHA-256 file-hash or signature (update to be provided in
300 seconds) as they transit the network and capability to do
Anti-APT / dynamic analysis.
8 Malware
Solution shall have capability to analyze and block TCP/UDP
Features
protocol to identify attacks and malware communications. At
minimum, the following protocols are supported for real-time
inspection, blocking and control of download files: HTTP, SMTP,
POP3, IMAP, NetBIOS-SSN and FTP
Proposed solution shall have required subscription like Threat
Intelligence for proper functioning
The management platform must be accessible via a web-based
interface and ideally with no need for additional client software
and must provide centralized logging and reporting functionality
The management platform must be a dedicated OEM appliance or
VM (bidder to consider Required computing / hardware resource)
running on server.
The management platform must be capable of integrating third
Managem party vulnerability information into threat policy adjustment
9 routines and automated tuning workflows
ent
The management platform must be capable of role-based
administration, enabling different sets of views and configuration
capabilities for different administrators subsequent to their
authentication.
Should support troubleshooting techniques like Packet tracer and
capture
The management platform must provide multiple report output
types or formats, such as PDF, HTML, and CSV. The
management platform support running on-demand and scheduled
reports
Seal and Signature of the Bidder Page 35
 The management platform must support multiple mechanisms for
issuing alerts (e.g., SNMP, e-mail, SYSLOG).
The centralized management platform must not have any limit in
terms of handling logs per day
The management platform must provide built-in robust reporting
capabilities, including a selection of pre-defined reports and the
ability for complete customization and generation of new reports.
The management platform must risk reports like advanced
malware, attacks and network
The management platform must include an integration
mechanism, preferably in the form of open APIs and/or standard
interfaces, to enable events and log data to be shared with
external network and security management applications, such as
Security Information and Event Managers (SIEMs), and log
management tools.
10 Support
OEM should be present in India from at least 5 years and
Proposed solution should support 24x7x365 OEM TAC support
and advance Next Business Day Hardware replacement. The
NGFW should be proposed with 5 years onsite support and
subscription licenses for NGFW, NGIPS, Anti Virus, Anti Spyware,
URL Filtering, DNS, VPN and Anti Botnet.
The Solution should support DNS security in line mode and not
proxy mode. Necessary licenses to be included from day 1.
Solution should maintain a database containing a list of known
botnet command and control (C&C) addresses which should be
updated dynamically.
DNS Security should have predictive analytics to disrupt attacks
that use DNS for Data theft and Command and Control.
DNS security should block known Bad domains and predict with
advanced machine learning technology and should have global
threat intelligence of at least 10 million malicious domains.
It should prevent against new malicious domains and enforce
consistent protections for millions of emerging domains.
DNS
11 The solution should integrate and correlate to provide effective
Security
prevention against.
New C2 domains, file download source domains, and domains in
malicious email links.
Ingegrate with URL Filtering to continuously crawl newfound or
uncategorized sites for threat indicators.
Should have OEM human-driven adversary tracking and malware
reverse engineering, including insight from globally deployed
honey pots.
Should take inputs from at least 25 third-party sources of threat
intelligence.
Should have simple policy formation for dynamic action to block
domain generation algorithms or sinkhole DNS queries.

Seal and Signature of the Bidder Page 36

 Solution should prevent against DNS tunneling which are used by
hackers to hide data theft in standard DNS traffic by providing
features like DNS tunnel inspection
The solution should have capabilities to neutralize DNS tunneling
and it should automatically stop with the combination of policy on
the next-generation firewall and blocking the parent domain for all
customers.
The solution should have dynamic response to find infected
machines and respond immediately. There should be provision for
administrator to automate the process of sink holing malicious
domains to cut off Command and control and quickly identify
infected users.
Proposed firewall should support for internet links load balancing
and fail‐over based parameters such as Latency, Jitter,
Packet‐Loss,
Support for WAN Link-Load balancing and Fail-over with 4 Links
12 SD-WAN or more.
Integrated Traffic Shaping functionality for both inbound and
outbound traffic.
The proposed firewall should support SD-Wan functionality for
application aware traffic control
The proposed system shall comply/support industry standards,
supports without additional external solution, hardware or
modules: IPSEC VPN , PPTP VPN, L2TP VPN,SSL VPN
The system shall support 2 forms of site-to-site VPN
configurations: Route based IPSec tunnel ,Policy based IPSec
tunnel
The system shall provide IPv6 IPSec feature to support for secure
IPv6 traffic in an IPSec VPN.
13 VPN The proposed system shall support TWO modes of SSL VPN
operation:
Web-only mode: for thin remote clients equipped with a web
browser only and support web application such as: HTTP/HTTPS,
SMB/CIFS, SSH, RDP.
Tunnel mode, for remote computers that run a variety of client and
server applications
The proposed solution shall support to a minimum of 2000
concurrent IPSEC-VPN and 1000 concurrent SSL-VPN users from
day 1
The Proposed system shall support automation response based
on following events:
Compromised Hosts detected
Automatio Configuration Change
n& Event Log
14
Incident
High CPU
Response
License Expiry
Email Alert
IP Ban
Seal and Signature of the Bidder Page 37
 Device Minimum 800GB SSD
15
Storage
Bidder has to propose on premise dedicated logging, analytics &
reporting solution from same OEM (Virtual /Physical Appliance)
from day1, the logging solution to be deployed at Data Center
only.
In Case of Virtual Appliance, bidder to consider Required
computing / hardware resource for the VM. The firewall should
support to store all log of minimum 8months period on external
storage such as NAS/SAN. The required external storage (Hitachi
VSP E590H through) will be provided by High Court of M.P.
Required Features:
Should Deliver single-pane visibility, also have reporting facility to
Logs & generate reports on virus detected over different protocols, top
16
Reporting
sources for viruses, destination for viruses, top viruses etc.
Should have options to generate Predefined or customized
Advance reports in different formats. The solution should have
configurable options to schedule the report generation. Log
retention customization by category. Solution should offer
Centralized NOC/SOC Visibility for the Attack Surface. Bidder has
to include any additional license for analytics /event corelation
from day1. The solution should machine learning capability to
detect the exploit and not depend on the vulnerabilities with
trained models and traffic classifiers. The same should be
available on public website to validate the capabilities.
The bidder must migrate the existing configuration and policies
Installatio from the SonicWall NSA6600 firewall to the new one and provide
17 n and six days of training on the configuration and management of all
Migration key security aspects to the technical team of the High Court of
Madhya Pradesh, Jabalpur

Seal and Signature of the Bidder Page 38

 “Specification – B”
Web Application Firewall with Server Load Balancer
S. Compliance
Specifications
No. (Yes/No)
Web Application Firewall with Server Load Balancer
The proposed appliance should be a dedicated ADC/WAF/SLB appliance
1 having DDoS protection, SSL inspection, and real-time threat intelligence. it
should not be part of any Firewall or UTM.
Traffic Ports support: 4 x 10 GE Fiber, 4 x 1G GE Fiber and 4 x 1G
Copper Port from day-1. Additionally should have 8 x 1GE Fiber for future
use (Break-Out should not be used). All transceivers (SM) from day1.
Device L4 Throughput: 20 Gbps and scalable upto 40 Gbps
Layer 7 requests per second: 1300,000
Layer 4 connection per second: 500,000
2 Concurrent Connection: 38 Million
RSA CPS (2K Key): 20,000
ECC CPS (EC-P256): 12,000 with TLS1.3 Support
Processor: Intel 12-core CPU, 64GB RAM, minimum 480GB SSD Disk and
dual power supply.
The appliance should have 1 x 1G RJ45 Management Port and 1G RJ45
Console port.
The solution must be able to protect both HTTP Web applications, SSL
3
(HTTPS) web applications & Should support HTTP/2
The solution must be able to decrypt SSL web traffic between clients and
4
web servers.
Device must have Dynamic routing protocols like OSPF, RIP1, RIP2, BGP
5
from Day 1
The proposed appliance should support the below metrics:
— Minimum Misses,
— Hash,
— Persistent Hash,
— Tunable Hash,
6 — Weighted Hash,
— Least Connections,
— Least Connections Per Service,
— Round-Robin,
— Response Time,
— Bandwidth, etc
Following Load Balancing Topologies should be supported:
• Virtual Matrix Architecture
• Client Network Address Translation (Proxy IP)
• Mapping Ports
7 • Direct Server Return
• One Arm Topology Application
• Direct Access Mode
• Assigning Multiple IP Addresses
• Immediate and Delayed Binding
Seal and Signature of the Bidder Page 39
 The proposed device should have Hypervisor (should not use Open Source)
Based Virtualization feature (NO Multi-Tenancy) that virtualizes the Device
resources—including CPU, memory, network, and acceleration resources.
It should NOT use Open Source/3rd party Network Functions. The proposed
appliance should have capability to run in Virtualized as well as Standalone
mode (Bidder may be asked to demonstrate this feature during Technical
Evaluation). Should be high performance purpose built next generation
8 multi-tenant (min. 5 virtual instances from Day 1 and scalable upto 10 Virtual
Instances) hardware. Platform must have multiple functions including
Advance application load balancing and global server load balancing,
Network security functionality and complete application protection
functionality.
Each Virtual Instance contains a complete and separated environment
of the Following:
a) Resources, b) Configurations, c) Management, d) Operating System
The proposed Hardware must have Bandwidth Management feature from
9
Day 1
The solution should provide comprehensive and reliable support for
high availability with Active- active & active standby unit redundancy
10
mode using standard/ RFC compliant redundancy protocol like VRRP
or equivalent, for HA interconnection over network from day 1.
The solution should support IPv6 as well as IPv4 and have the ability to turn
11
IPv4 traffic to IPv6 traffic on the backend
12 The solution should have support for multiple VLANs with tagging capability
The solution should support link aggregation for bonding links to prevent
13
network interfaces from becoming a single point of failure
Appliance should support Local Application Switching, Server load
Balancing, HTTP, TCP Multiplexing, Compression, Caching, TCP
14
Optimization, Filter-based Load Balancing, Content-based Load
Balancing, Persistency, HTTP Content Modifications
15 Should have ability to upgrade/downgrade device software Images.
The device should support following health check types:
• Link Health Checks • TCP Health Checks • UDP Health Checks • ICMP
Health Checks • HTTP/S Health Checks
• TCP and UDP-based DNS Health Checks • TFTP Health Check • SNMP
Health Check • FTP Server Health Checks
• POP3 Server Health Checks • SMTP Server Health Checks • IMAP Server
Health Checks • NNTP Server Health Checks
16
• RADIUS Server Health Checks • SSL HELLO Health Checks • WAP
Gateway Health Checks • LDAP/LDAPS Health Checks
• Windows Terminal Server Health Checks • ARP Health Checks • DHCP
Health Checks • RTSP Health Checks
• SIP Health Checks • Virtual Wire Health Checks • DSSP Health Checks •
Script-Based Health Checks
• Cluster-based Health Checks

Seal and Signature of the Bidder Page 40

 Device should be accessed through the below:
• Using the CLI
17 • Using SNMP
• REST API
• Using the Web Based Management
The proposed Solution should have ICSA Certified and PCI Compliant WAF
18 on the same Hardware from the same OEM. It must be able to handle
OWASP Top 10 attacks and WASC Web Security Attack Classification.
WAF should have the flexibility to be deployed in the following modes:
19 Reverse proxy
Out of Path (OOP)
Solution should dynamically understand the Changes on the
20
Web/Application Server
The Proposed WAF Solution should support both a Positive Security Model
Approach (A positive security model states what input and behavior is
allowed and everything else that deviates from the positive security model is
21 alerted and/or blocked) and a Negative Security Model (A negative security
model explicitly defines known attack signatures). The solution must support
automatic updates to the signature database to ensure complete protection
against the latest web application threats
The WAF should support the following escalation modes:
22
a) Active, b) Bypass, c) Passive
The solution must have a database of signatures that are designed to detect
23
known problems and attacks on web applications
Hiding Sensitive Content Parameters:
24 It should be able to Mask values of sensitive parameters (for example,
passwords, credit card and social security details)
25 Auto Policy Optimization
a • Known Types of Attack Protection - Rapid Mode
b • Zero Day Attack Blocking - Extended Mode
c • Working in Learn Mode
d • Auto Discovery
26 Following Threats should be protected by the proposed WAF solution:
a Parameters Tampering
b Cookie Poisoning
c SQL Injection
d Session Hijacking
e Web Services Manipulation
f Stealth Commands
g Debug Options
h Backdoor
f Manipulation of IT Infrastructure Vulnerabilities
g 3rd Party Misconfiguration
h Buffer Overflow Attacks
f Data Encoding
g Protocol Piggyback
h Cross-Site Scripting (XSS)
Seal and Signature of the Bidder Page 41
f Brute Force Attacks
g OS Command Injection
h Cross Site Request Forgery (CSRF)
g Information Leakage
h Path (directory) Traversal
f Predefined resource location
g Malicious file upload
h Directory Listing
The proposed WAF should support the Activity Tracking, which should
27
include the following:
a Dynamic IP
b Anonymity
c Scraping
28 Device Fingerprint-based tracking
The Proposed WAF should support Device Fingerprint technology or
a equivalent by involving various tools and methodologies to gather IP
agnostic information about the source.
The proposed solution should have Signature Update, Attacker Feed and
29
Geo Location database from day1.
Bidder should propose Centralized Management & Reporting Solution from
30
Day 1.
31 The proposed appliance/software should be EAL2 certified.
The appliance should support site selection feature to provide
32
global load balancing features for disaster recovery and site redundancy.
Global load balancing should support advance functions Authoritative name
33 sever, DNS proxy/DNS NAT/ full DNS server with DNSSec/DNS DDOS/
application load balancing from day one with relevant Licenses.
Capable of handling complete Full DNS bind records including A, AAAA, etc.
34
for IPv4/IPv6
Should have a Web Vulnerability Scanner feature to detect existing
35 vulnerabilities like SQL Injection, Cross Site Scripting, Source code
disclosure, OS Commanding in the web applications.
Should enforce strict RFC compliance check to prevent attacks such as
36
encoding attacks, buffer overflows and other application specific attacks.
Appliance should have application‐aware load‐balancing engine to distribute
37
traffic and route content across multiple web servers.
The solution should have configurable persistency features to maintain
38
sessions to the load balanced backend servers
The solution should support a connection draining mode in order to allow
39 maintenance of a protected server without disrupting the client experience
with the application
Solution must have the API protection and support Json , XML and Open
40
API
Protection for REST APIs filters malicious inputs in requests with JSON
41
payloads.
42 Data Analytics , Logs and Reporting
a Solution must have analytics functionality which includes logical view / tree
Seal and Signature of the Bidder Page 42
 view of virtual servers and connectivity.
b Solution must have the various charts static and dynamics for analytics
c Solution must have real time monitoring views or dashboards
d Solution should support realty time logging and reporting functionality
e Solution must have support to configure SNMP
43 Integration
a Solution must support integrations like SAP , Cloud platform and SIEM tools
b Solution must support REST API
Solution should support virtual servers or profiles, one for internal traffic and
one for external traffic. Configure load balancing rules specific to each
domain. Internal traffic can be routed to internal servers, and external traffic
c
to public-facing servers. Should have option to set up separate monitoring
and logging profiles for internal and external traffic to track performance and
security incidents.
The solution should be scalable enough to support future growth in traffic
d
and applications.
44 Support
Application load balance with functionality of Application delivery features ,
Antivirus, IP Reputation, IPS, WAF Security, Credential Stuffing Defense,
Zero day prevention , DLP , Analytics ,Bot protection ,logs, High Availability
and reporting from day 1. OEM should be present in India from at least 5
years and Proposed solution should support 24x7x365 OEM TAC support
and advance Next Business Day Hardware replacement. The proposed
a
equipments must come with 5 year warranty and onsite support. Installation,
basic configuration (at least 2 domains), and six days of training on essential
aspects of the WAF/ADC for the IT team of the High Court of M.P., Jabalpur.
The WAF/ADC should support to store all log of minimum 8months period
on external storage such as NAS/SAN. The required external storage
(Hitachi VSP E590H through) will be provided by High Court of M.P.

“Specification – C”
Network Monitoring System
The proposed solution should be able to monitor the availability,
health and performance of physical servers, virtual servers, web
S. service (Apache), database service (MySQL & PGSQL), Network Compliance
No. devices like routers, switches, end point devices like desktop, Yes / No
Kiosks, display boards, URL monitoring, other snmp enabled
devices like UPS and AC from single dash board.
Discovery
The solution should be able to do a complete discovery of IT
environment across distributed (i.e., physical, virtual, network,
application, middleware, storage, databases) and heterogeneous
environment and provide a clear and visual mapping of IT infrastructure
1 to business services. This should be aided by 5000+ asset type
discovery signatures to detect the DC comprehensively. System should
have option for multiple options for discovery including IP address based
discovery, IP address range discovery, CSV based discovery for bulk
discovery.
Seal and Signature of the Bidder Page 43
 The solution should automatically group servers that work closely
2
together based on analysis of communication between them
Discovery has to work intelligently by identifying the device in the
3 network by the given IP range and categorize into network devices and
servers with vendor and model details.
The solution should automatically build visualizations that shows
dependency between switches, routers, physical/virtual host,
Containers, storages, cluster software, business applications and other
4
entities. It should also have the capability to detect applications that
span from Datacenter and end in a public or a private cloud with
interconnects between them.
The discovery data should be fully auditable as to where it came from
5
and what the method to retrieve that data was.
The solution should show exactly how the discovery data is obtained
6 (i.e., Audit trail and mechanism to validate the quality of data
discovered)
The Discovery solution should come with real-time dashboards that
collate and present data that allows organizations to make decision on
7
consolidation, re-use of infrastructure, detecting infrastructure that has
never been used etc.
The solution should be able to automatically detect software’s that are
end of support, end of extended support and end of life. With respect to
OS , it should detect End of support and End of life as well. On Security
, It should be able to find the patches installed on servers along with
8
reports on vulnerable ports. . Lastly, it should integrate with a
vulnerability management solution to detect blind spots in security of
nodes missed out in vulnerability management that are found to be
active in discovery.
The discovery solution should have the ability to capture and report on
9
infrastructure drift in datacenter.
The solution should be able to do Virtual systems discovery (including
Microsoft Hyper-V, vmware, etc.) Furthermore, it should support
10 discovery of modern day DevOps platforms such as containers such as
Docker, Runc, AIX WPARs and management solutions such as
Kubernetes, Docker Swarm, Cloud Foundry and Open Shift.
Discovers in-depth configuration data for storage systems, pools,
11
volumes, disks drives, LUNS, File Systems
It should be possible to initiate complete discovery of an application and
connected components from anywhere in the tree. Therefore it should
12
support top down, bottom up and start anywhere discovery from any
node of the application.
The report of inventory of discovered devices should be available to
13
export in .csv format.
Automatically learn IP Networks and their segments, LANs, hosts,
14 switches, routers, firewalls etc. and to establish the connections and to
correlate
15 Provides provision to draw & map user specific network diagram

Seal and Signature of the Bidder Page 44

16 Integration and Development
Solution offers multiple integration methods which can be used by
customers for integrating their own systems. Integration should provide
the option in both north as well as south bound integration using multiple
17
options like RestAPI, XML, SOAP, etc. on each module level. Any fault
details should be able to send to third party CRM, Customer Portal,
UNMS or even EMS if needed using the Trap, XML
18 Application monitoring
The solution should automatically provide real-time view of processes
19 running in systems and in-depth application performance statistics after
discovery/configuration of applications
The solution should automatically provide real-time view of windows
20
event logs including the level of the event logs, event ID, and source.
The solution should be able to put together important parameters of an
application, into one single monitoring template that can be uniformly
applied to applications on different servers, including
21 - Microsoft servers (e.g. Active Directory, Exchange, SharePoint, and
Office Communications Server)
- Databases (e.g. Microsoft SQL Server, PGSQL, MySQL etc.)
- Major application (e.g. ERP, CRM, etc.)
The solution should support monitoring various attributes(at least 50+) in
22
Tomcat, Web Sphere MQ, Apache HTTP, IIS, and WAS
The solution should support receiving events from Web Methods, IBM
23
HTTP server, Apache Active MQ
The solution should have capability to monitor HTTP service, HTTPS
24 service, FTP server statistics, POP/SMTP services, ICMP services or
any customer specific port based systems
25 Network Monitoring
The solution should have network monitoring data available in the same
26
console where every other information is available.
27 The solution should be able to capture network log errors
28 The solution should be able to do flow analysis
The solution should be able to track connectivity between network
29
endpoints and display the delay between nodes
The solution should allow query of network events and performance
30
data
31 The solution should provide network path monitoring
32 The solution should provide live network topology view
The solution should also provide configuration management on network
33
devices
34 Servers/System Monitoring
The solution should allow monitoring of Server Status and Availability,
CPU Utilization, Memory Utilization, Process Monitoring, File System
35
Monitoring, Disk Utilization of RHEL/Centos, SUSE, Ubuntu
servers/Windows 2008, 2012,2016,2019,2022.
The solution should support extensive monitoring capabilities from an
36
OS (Linux, Windows)/ platform standpoint and should provide

Seal and Signature of the Bidder Page 45

 capabilities for customer to develop, deploy customized monitoring
requirements
The solution should do performance monitoring of Redhat Open Shift
37 VM/containers and VMware environments, including VMware ESX/ESXi,
vSphere, vCenter Server.
The solution should be able to monitor database from different aspects
of the system including SQL Statements (memory, I/O , CPU intensive),
38 wait types, server resources, storage I/O`s, virtualization layer, default
users status , table spaces status and threshold utilization , raise
warning or critical alerts where applicable.
The solution should be able to report on hardware details (like CPU,
39 memory, fan state, power etc.) of servers from multi vendors like IBM,
HP, Cisco, Dell and also VMware Hosts.
40 The solution should be able to gather capacity data from vCenter, HMC,
Physical servers, etc. Generate report and provide recommendation.
The solution should be able to monitor disk elements like RAID
41 controllers, hard disks, RAIDs, failure prediction, availability of the
volumes.
The solution should be able to monitor environment metrics like
42
temperature, internal voltages, power supplies, fans.
43 The solution should be able to monitor critical hardware components like
processors, memory modules, ECC errors, failure prediction.
44 Storage Monitoring
45 The solution should be able to monitor performance and capacity of
physical and virtual storage infrastructure
The solution should be able to provide real-time, in-depth performance
statistics after discovery/configuration of devices, including but not
limited to:
46 - Array performance
- Controller Performance
- LUN performance
- Disk performance

47 The solution should provide hardware health information for the storage
array.
48 The solution should show statistics like Total IO/sec, service time, IO
response time, queue length etc.
49 The solution should show storage growth rates and project when the
storage capacity will be reached
The solution should be able to analyze the data coming from Dell EMC
and Hitachi disk arrays, including:
- Storage units, Extent pools, Ranks, Storage volume.
- File Systems: Available and consumed capacity, list of CIFS shared,
list of NFS exports, number of operations, data traffic, and so on.
- Physical Disks: Disk time utilization, number of operations, presence,
50
traffic, response time, status, and so on.
- Storage Pools: Subscribed and consumed capacity, over subscription
operation, number of operations, data traffic, and so on.
- Storage Systems: Available and subscribed capacity, number of
operations, number of ports, number of operations, data traffic, status,
and so on.

Seal and Signature of the Bidder Page 46

 - Volumes: Consumed capacity, disk time utilization, list of hosts, host
visible capacity, number of operations, paths, number of operations,
data traffic, response times, status, time since last activity, and so on.
- Hardware components: fans, power supplies.
The solution should automatically map VMs and logical connections to
51
physical storage environment to enable root-cause analysis
The solution should be able to monitor and manage multi-vendor
52 storage systems with the same tool to detect performance issues and
take proactive actions,
53 Logging/Reporting/Alert/threshold
The proposed solution should support to store all log of minimum 6
months period on external storage such as NAS/SAN. The required
54
external storage (Hitachi VSP E590H through) will be provided by High
Court of M.P.
Ensure logs are retained for at least six months with options for longer
55
retention
The system should allow for customizable reports on performance,
56
security events, and compliance.
Capability to schedule automated report generation and distribution via
57
email or other channels.
Provide real-time analysis and reporting dashboards for immediate
58
insights.
Enable real-time alerts for critical events, with customizable thresholds
59
and conditions.
60 Support for alerts via email, SMS, or other communication channels.
Include options for escalating alerts based on severity and response
61
time.
System should support global threshold and it should have option to
62
define individual resource/interface statistics level threshold
Detect & highlight faults (abnormal situations) in near real-time occurring
63
anywhere within the monitored IT Infrastructure
Provides Filtering, De-duplication, Holding, Suppression and Correlation
64 capability to let user focus on the critical event that affects the business
and business processes
Provides multi-level (preferably six-level) Severity definition, will handle
65 events automatically and inform the designated person as per
operational requirement
System should support separate Rule Engine based alarms apart from
the generic threshold.
a. Should have capability to configure Device Group based, Node
Based, Resources/Interface based, and Aggregation link based.
b. On Selection of Nodes/Resources/Aggregation links it have flexibility
66
to filter based on fields available in node information
c. Rules should have option to apply configuration on top of
performance value or based on configured threshold alarms
d. Rules should have option configure the breach based on min, max
and average values.

Seal and Signature of the Bidder Page 47

 e. Should have option to configure rules n repeat counters
f. Should have options to select custom alarm and clear alarm
messages for individual configured rules
g. Should have option to send severity levels like error, warning and
information
h. Notifications support based on configured rules
Provides alarm suppression with hold time and aid in prevention of
67
flooding
Supports instant diagnosis of the node status through Ping, Telnet and
68
SNMPwalk
69 Other Features
Cover geographically distributed networks through multi-level scalable
70
distributed deployment architecture.
The tool should have option to be deployed in HA mode (High
71
Availability) for redundancy purpose.
Capacity Reservations: tool should allow management of resource
allocations and reservations (for services, applications or other needs),
72
identify resource shortages and provide information for further analysis
or procurement
Event Record & Classification: possible to generate event for all the
monitoring devices, tool be used to define thresholds to generate
73 events, collect from 3rd party using REST API , on regular interval
Polling API and collect events from 3rd party system, classify them ,
assign different levels of severity to events
Configurations: create rules that automatically assign deadlines to
events based on their impact on services or on end-users, create rules
that perform automated assignment of events to the corresponding
74 teams, create rules that control automated notification of interested
stakeholders about events , automatically handling duplicate events,
provide event correlation capabilities to combine a set of different events
into one major event
Monitors all traffic from all the interfaces of the network device. Provides
traffic Utilization based on individual interface level, nodes level or
75 based on the group by location, branch, departments etc. as an Avg,
Min and Max bandwidth, utilization, throughput or any custom
monitoring parameters.
System should have capability to configure business, non-business
76 hours or custom time polling. This configuration should be available for
every device as well as every component in the device.
77 Provision to disable and enable the polling of specific type of devices
System should have capability to configure the maintenance period for
78 any device. When device is in maintenance period there is no polling
done and the SLA clock on the device is stopped.
Provide a notification mechanism that allows administrator to define
79 what notification channel to be used in different time of days, and able to
trigger multiple notifications to alert multiple person and actions

Seal and Signature of the Bidder Page 48

 System should provide many different types of topology representation.
To perform the following:
1. Display physical connections of the different devices being monitored
80 in the system.
2. Display flat maps of the entire network or networks in a single view
3. Display customer maps based on user configurations
4. Display maps based on geo locations
81 Licensing
Specify a base license for monitoring a minimum of 500 devices
/application (Any kind of). Ensure the license is scalable up to
82
3,000 devices or applications without requiring a complete
reinstallation or new licenses
Define costs for incremental license additions (per 100
83
devices/application(any kind))
The bidder must provide all necessary hardware or compute resources
required to manage and operate the monitoring system effectively,
84
including servers, storage, and networking components, as per the
specified scale of monitoring up to 3,000 devices or applications.
Ensure the software includes a robust license management tool to track
85
and manage licenses as the environment grows.
Consider options for transferring licenses between devices or
86
reallocating licenses as needs change.
The bidder must provide all necessary hardware or compute resources
required to manage and operate the proposed monitoring system
87 effectively, including servers, storage, and networking components, as
per the specified scale of monitoring up to 3,000 devices /application
(any kind) with required warranty /support.
The licenses should be perpetual with 05 years support /updates
88
/upgrade.

Note:-
1. The specifications mentioned in tender document are minimum and the vendor can
quote higher specifications items.
2. All the network points’ connectivity shall be provided by respective High Court / offices;
however the vendor has to cooperate for completion of the said task / project.
3. All the pages of the bids and Annexure’s are to be sealed and signed by the authorized
officers of the company / vendor.
4. The bidder has to quote only 01 product of single make / brand at a time and not
multiple brands for same item.
5. The Original equipment manufacturer may authorize more than one partner for
participation in the bid.
6. Back-to-Back support letter is to be submitted by OEM regarding support of the
quoted products for the period of five years on their letter head duly sealed and
signed by authorized representative.
Seal and Signature of the Bidder Page 49
 Section – VIII

Detail Break up of Cost*

Name of the Bidder:
Rate contract of Hardware items

Sales /
Service Total Unit
Tax Price (All
Unit GST (Rs.) inclusive) Total
S. Make Number of
Item Description Price Applicable as with 05 onsite Cost
No. and items
(Rs.) (Rs.) applicable warranty for (Rs.)
Model
any other items
duties / (Rs.)
taxes
09 =
01 02 03 04 05 06 07 08
08x07
Firewall Technical
01 Specifications 02
Specification – A
Web Application
Firewall with
02 Server Load 02
Balancer
Specification – B
Network
Monitoring System Lump
03
sum
Specification – C

Total Rs. in Words ________________________

Note:- The financial bids are to be submitted online and no hard sheet/ copy is to be submitted along
with the bid. The items may be considered on line item basis.

Seal and Signature of the Bidder Page 50

 Form: PQ-1
Techno-commercial Bid
S. No. Description Indicate also
page number
where clearly the
document
attached
1. Name, address & telephone number of the
agency/firm
2. Name, designation, address & telephone number
of authorized person
3. Please specify as to whether Tenderer is sole
Proprietor/Partnership Firm/Private or Limited
Company.
4. Name, address & telephone number of
Directors/Partners, Fax No., e-mail address.
5. Copy of PAN Card, Copy of previous 03 Financial
Year’s Income tax return (ITR) Year 2021-2022,
2022-2023 & 2023-2024.
6. Valid ISO 9001 Certificate of products (Please
attach copy)
7. GST Registration No. (Please attach copy).
8. Latest GST Return (Please attach copy of latest
month GST return certificate).
9. Experience Certificates / details of last 05 years in
providing services / supply of firewall, WAF, NMS
tool and similar IT equipments in Central
Government/State Government /Public Sector
Undertakings /Autonomous Bodies /Reputed
Private organizations. (Please attach copy)
10. Online Bid Security/Earnest Money Deposit:
a) Amount: Rs………………
b) Reference No. :
c) Date of issue:
11. Online Tender Fees details
a) Amount: ……………
b) Reference No. :
c) Date of issue:

Seal and Signature of the Bidder Page 51

 Form: PQ-2
BIDDER’S ANNUAL TURNOVER

__________ (Location)
__________ (Date)

From (Name & Address of the Auditor)

____________________________ To
____________________________ The Registrar General,
____________________________ High Court of Madhya Pradesh,
____________________________ Jabalpur

Ref.: ________________

Dear Sir/Madam,

We hereby certify that the average annual turnover of M/s. _________________

(name of the bidder) is not less than Rs. 05 Crore during the last three financial
years.

S. Year 2021-2022 Year 2022-2023 Year 2023-2024

Firm
No. Amount Amount Amount
1.

Yours Sincerely,

(Signature of Authorized Auditor)

Name of the Authorized Auditor:
Seal:

Seal and Signature of the Bidder Page 52

 Form: PQ-3
SIMILAR WORK EXPERIENCE

__________ (Location)
__________ (Date)

From (Name & Address of the Bidder)

____________________________ To,
____________________________ The Registrar General,
____________________________ High Court of Madhya Pradesh,
____________________________ Jabalpur.

Subject: Supply, Installation, Commissioning, Maintenance of Firewall, WAF

with Server Load Balancer and Network Monitoring System for the
High Court of Madhya Pradesh.
Ref.: ________________

1. We hereby declare and confirm that we, ____________ (Name of the

Bidder), having registered office at _______________ (address) have
successfully executed following projects. We are providing the details
below: (Note: add rows as required).
Whether the copies of
Purchase the purchase orders /
Order contracts from the
Name of the Brief
S. (P.O) No. Project client as required, is
client Scope
No. & Date of Value attached?
organization of Work
issue of Pg. No. on
P.O. Yes/No the
Proposal

Yours Sincerely,
(Signature of Authorized Signatory)
Name and Designation of the Authorized Signatory:
Name and address of the Bidder Company:
Seal:

Note:-Please clearly indicate the page numbers with documents.

Seal and Signature of the Bidder Page 53

 Annexure - 1

Clause by Clause compliance statement on the technical specification as

prescribed in the section VII of this document.

Sl.
Clause no. Complied / Not complied
No.

Seal and Signature of the Bidder Page 54

 Annexure - 2
DEVIATION STATEMENT FORMAT

The Bidder is required to provide the details of the deviations of the tender
clauses (in any section of the tender) in the following format.

Sl. No. Section Clause Clause Non Compliance/ Remarks

No. No Description Partial Compliance

Seal and Signature of the Bidder Page 55

 Annexure - 3

FORMAT FOR BIDDERS TO SUBMIT PRE-BID QUERY

The Bidder has to submit their queries (in any section of the tender/ technical
speculations) in the following format only.

S. No. Section No. / Content of RFP Query of the bidder /

Clause Requiring remarks of the bidder, if
No / Clarification any
Specification/
Page No.
1.
2.
cont..
n….

Note: - Submit the pre-bid query as mentioned in the above format till
12.09.2024 through e-mail: regithcjbp@mp.gov.in. The pre-bid
query received after dated 12.09.2024 may not be considered.

Seal and Signature of the Bidder Page 56

 PART – I

BID FORM (1 sheet)

Tender No. : Date:

To,

The Registrar General

High Court of M.P.,
Jabalpur (M.P.)

Respected Sir,

1. Having examined the conditions of contract and specifications in the

tender document and annexure, the receipt of which is hereby duly
acknowledged, we, undersigned, offer to Supply, Installation,
Commissioning, Maintenance of Firewall, WAF with Server Load
Balancer and Network Monitoring System for the High Court of
Madhya Pradesh for the sum shown in the schedule of prices
attached herewith and made part of this Bid.
2. We undertake, if our Bid is accepted, to complete delivery of all the
items specified in the contract within the delivery schedule specified
in the tender.
3. If our Bid is accepted, we will obtain the unconditional performance
guarantees of a Nationalized/Scheduled Bank for a sum 05% of the
purchase / contract value.
4. We agree to abide by this Bid for a period of 180 days from the date
fixed for Bid opening and it shall remain binding upon us and may be
accepted at any time before the expiration of that period.
5. Until a formal Purchase Order of Contract is prepared and a contract
is executed accordingly, this Bid together with your written
acceptance thereof in your notification of award shall constitute a

Seal and Signature of the Bidder Page 57

 contract binding on us, subject to terms and conditions mentioned in
the tender document.
6. Bid submitted by us is properly sealed and prepared so as to prevent
any subsequent alteration and replacement.
7. We understand that you are not bound to accept the lowest or any
bid, you may receive and you may reject any bid without assigning
reason therefore and you may vary, amend or alter any terms and
conditions of the Tender Document at the time of execution of the
Contract.

Dated this .............................. day of ........................ 2024

Name and Signature ..............................................

In the capacity of ..............................................

Duly authorized to sign the bid

for and on behalf of ..............................................

Witness .........................................

Address ......................................... Signature

Seal and Signature of the Bidder Page 58

 CERTIFICATES

WE CERTIFY THAT:-
1. We will not LEAK / DISCLOSE any information of High Court of Madhya
Pradesh to any other institutions/organizations, bodies and also in the
market on the rates less than the prices quoted by us to the High Court.
2. The rate of TAXES / DUTIES mentioned in the tender is in accordance
with the provisions of the rules in all respects and the same is payable to
the Authorities.
3. The material / items and software offered shall be of the best quality
strictly in accordance with the specifications and particulars as detailed in
the tender.
4. The information furnished by us in the tender are true and correct to the
best of our knowledge and belief.
5. We have read and understood the rules, regulations, terms and conditions
of tender as applicable from time to time and agree to abide by them.
6. We will meet 100% Confidentiality and Integrity of High Court Database
and software.

Authorized Signatory
(Seal of the Company)

Seal and Signature of the Bidder Page 59

 HIGH COURT OF MADHYA PRADESH: JABALPUR

// CLARIFICATION //

No. Reg(IT)(SA)/2024/ 1455 Jabalpur, Dated: 03.10.2024

Sub:- Clarifications /reply of pre-bid meeting dated: 12th

September, 2024 regarding the “Supply,
Installation, Commissioning, Maintenance of
Firewall, WAF with Server Load Balancer and
Network Monitoring System for the High Court of
Madhya Pradesh” with reference to tender no.
Reg(IT)(SA)/2024/1263, dated: 22.08.2024.
Ref:- Pre-Bid Meeting dated: 12th September, 2024.

Reply / clarification to the pre-bid queries

On the basis of queries submitted by the bidders, the detailed
reply /clarifications are prepared and the same is enumerated as
per details given below for all prospective bidders:-

Query RFP Content of RFP Query of the bidders / Remarks of Reply /

No. Reference Requiring the bidders clarifications to
(Section Clarifications the query
No. /Page /Remarks by the
No.) High Court.
1. M/s Atishay
1 Section No. Experience in Bidder /OEM Experience in Supply, No change.
2.15.2 (ii) Supply, Installation, commissioning,
Page No. Installation, Maintenance of firewall, WAF, NMS
10 commissioning, tool and similar IT equipments during
Maintenance of last 05 years ending last day of
firewall, WAF, month previous to the month of
NMS tool and publication of this tender, should be
similar IT either of the following :-
equipments (a) Three similar completed work
during last 05 costing not less than the amount
year sending last equal to 40% of the estimated cost.
day of month OR
previous to the (b) Two similar completed work
month of costing not less than the amount
publication of equal to 50% of the estimated cost.
Page 1 of 174
 this OR
tender, should (c) One similar completed work
be either of the costing not less than the amount
following :- equal to 80% of the estimated cost.
Similar works means: Supply,
(a) Three similar installation and System Integration of
completed work firewall, WAF, NMS tool and similar
costing not less IT equipments.
than the amount Justification: The revised clause
equal to 40% of broadens the scope to include all
the estimated relevant suppliers and integrators
cost. who have demonstrated expertise in
OR the supply and installation of key IT
(b) Two similar systems such as servers, computers,
completed work printers, and UPS systems, thereby
costing not less promoting a fairer and more
than the amount competitive tendering process.
equal to 50% of
the estimated
cost.
OR
(c) One similar
completed work
costing not less
than the amount
equal to 80% of
the estimated
cost.

Similar works
means: Supply,
installation and
System
Integration of
firewall, WAF,
NMS tool and
similar IT
equipments. .
2. M/s Check Point Software Technologies(I) Pvt. Ltd.
1 Section – 6 X 10G Please change to: "8 X 1G Please refer the
VII/Specific Copper/RJ45 Copper/RJ45 Day 1". revised
ations – Day 1 Justification: We support 1G specifications
A/3- Copper/RJ45 ports as is the industry given below.
Interface norm. 10G RJ45 ports are rarely used
and & in this context point to a specific
Connectivity OEM.
Requiremen
t /Page-32
2 Section – 8 X 1/10G Please change to: "4 X 1/10G Please refer the
VII/Specific SFP/SFP+ Day SFP/SFP+ Day 1 with 10G LR/SM revised
ations – 1 with LR/SM transceivers and 8x3m patch cords." specifications
Page 2 of 174
 A/3- transceivers and Justification: Our appliance given below.
Interface 8x3m patch supports 4 Fiber ports which should
and cords. be sufficient for the customer needs
Connectivity for present & future & hence should
Requiremen be allowed for wider participation
t/Page-32
3 Section – 4X 10/25Gig Please change to: "2X 40/100G Please refer the
VII/Specific SFP28 Ports QSFP28 Ports with 2 nos. of LR revised
ations – with 4 nos. of LR transceivers and 4x3m patch cords specifications
A/3- transceivers and from Day one" given below.
Interface 4x3m patch Justification: As discussed in pre bid
and cords from Day meeting its better to invest in
Connectivity one 40G/100G ports from a future
Requiremen scalability perspective rather than
t/Page-32 25G. As 10G porsa are already
provide above, need to change this
clause into 40G/100G port.
4 Section – Minimum 2 x Please change to: "Minimum 1 x 1G Please refer the
VII/Specific 10G HA port in RJ45 HA port in addition to requested revised
ations – addition to data ports, Dedicated 1 X specifications
A/3- requested data 10/100/1000 RJ45 Management Port" given below.
Interface ports, Dedicated Justification: 1 HA port is required
and 1 X 10/100/1000 for this purpose-2nd port is
Connectivity RJ45 redundant. Hence please allow the
Requiremen Management change required for wider
t/Page-32 Port Participation.
5 Section – Should have Justification: Please remove this Yes removed.
VII/Specific support clause as 40G/100G ports can be
ations – 2x40/100G for provided against 10/25G ports as
A/3- future use. mentioned above. While our
Interface appliance supports 2x40/100G, one
and set of 10/25 card needs to be
Connectivity replaced. This future requirement
Requiremen blocks our participation & hence
t/Page-32 request to allow changes.
6 Section – The firewall Please change to "The firewall Please refer the
VII/Specific should have should have integrated redundant fan revised
ations – integrated and dual redundant power supply to specifications
A/4- redundant fan remove any single point of failure in given below.
Hardware and dual the solution".
Architecture redundant hot Justification: Hot swap feature not
/Page-32 swappable available on this category of Firewalls
power supply to in our portfolio. Please remove for
remove any participation
single point of
failure in the
solution
7 Section – The NGFW Please change to "The NGFW No change.
VII/Specific throughput of the throughput of the firewall should be a
ations – firewall should minimum 30 Gbps with application
A/5- be a minimum identification and firewalling enabled
Page 3 of 174
 Performan 20 Gbps with with real world/enterprise/ production
ce& application traffic with logging enabled. The
Scalability identification and Threat Prevention/NGIPS throughput
/Page-32 firewalling after enabling IPS, AVC, antimalware,
enabled with real sandboxing with logging enabled
world/enterprise/ should be 11 Gbps."
production traffic Justification: Higher no of NGFW
with logging throughout is must to ensure higher
enabled. The IPS performance whereas minor
Threat change is needed in Threat
Prevention/NGIP Prevention throughput for wider
S throughput participation.
after enabling
IPS, AVC,
antimalware,
sandboxing with
logging enabled
should be 12
Gbps.
8 Section –VII NGFW Firewall Please change to: "NGFW Firewall No change.
/Specificatio should support should support at least 1,400,000
ns – A /5- at least Layer 7 Concurrent sessions
Performan 1400,000 Layer /connections"
ce& 7 Concurrent Justification: Checkpoint Firewalls
Scalability sessions are tested for performance in terms of
/Page-32 the number of concurrent connections
which are accessing instead of the
sessions. Request to include both
sessions/connections to allow
participation.
9 Section – Firewall should Please change to: "Firewall should Please refer the
VII/Specific support creating support creating security policies with revised
ations – security policies source/destination zones, network specifications
A/6-Next with source subnets/ranges, geo location objects, given below.
Gen /destination ports/protocols, applications, user
Firewall zones, network /group attributes, URL/URL
Features/Pa subnets/ranges, categories and actions on traffic. The
ge-33 and relocation actions on the traffic should be to
objects, ports accept, drop, ask, inform, reject, user
/protocols, auth, client auth. The firewall should
applications, provide time based polices with
user /group options for recurring schedule or one
attributes, URL time schedule."
/URL categories Justification: What are relocation
and actions on objects? It seems to be an OEM
traffic. The specific term- Can we change it to
actions on the geo location objects? Also, for
traffic should be actions, we support accept, drop, ask,
to allow, alert, inform, reject, user auth and client
block, block and auth options which provide the same
continue, reset. functionality but have different
Page 4 of 174
 The firewall terminology. Please allow both set of
should provide terms for wider participation
time based
polices with
options for
recurring
schedule or one
time schedule.
10 Section – The firewall Please change to: "The firewall Please refer the
VII should supports should supports NAT's like source revised
/Specificatio NAT's like NAT, destination NAT , U-Turn specifications
ns – A /6- source NAT, /Hairpin/Loopback NAT. Firewall given below.
Next Gen destination NAT, should support Nat66, Nat 64 or
Firewall U-Turn NAT. Nat46 functionality".
Features Firewall should Justification: Please note that U-
/Page-33 support Nat66, Turn NAT is an OEM specific
Nat 64 or Nat46 terminology, which is also known as
functionality Hairpin NAT and Loopback NAT used
by other OEMs, providing same
functionality. Request to change to U-
Turn/Hairpin/Loopback to allow
participation.
11 Section –VII Should support Please change to: "Should support Please refer the
/Specificatio capability to capability to create multiple virtual revised
ns – A /6- create multiple context/instances" specifications
Next Gen virtual context Justification: In providing strict given below.
Firewall /instances with hardware resource reservations, it is
Features strict hardware not a recommended architecture.
/Page-33 resource (CPU, Instead, system architecture should
Memory & be flexible enough to manage any
Storage) increase or decrease in load and
reservation and efficiently utilize hardware resources.
ensure traffic Hence request to change the specs
isolation as suggested.
between virtual
context /instance
12 Section –VII The solution Please change to: "The solution Please refer the
/Specificatio should be able should be able to provide contextual revised
ns – A /6- to provide information about the hosts and the specifications
Next Gen contextual network subnets present such that given below.
Firewall information the admins are able to capture all the
Features/Pa about the hosts required information and build the
ge-33 and the network security profiles based on the details
subnets present shown on the solution. The details
such that the captured should consist of the
admins are able following: IOC’s, IP address,
to capture all the Applications, Ports & protocols,
required vulnerabilities etc."
information and Justification: While the solution
build the security provides detailed information about
profiles based the hosts and network subnets,
Page 5 of 174
 on the details capturing IOC's, IP address,
shown on the applications, ports and protocols,
solution. The vulnerabilities, it is not recommended
details captured to capture MAC addresses as it is a
should consist of legacy way of managing security.
the following: Request to remove the same.
IOC’s, MAC
addresses, IP
address,
Applications,
Ports &
protocols,
vulnerabilities
etc.
13 Section – Should support Please change to: "Should support Please refer the
VII/Specific more than more than 15,000 (excluding custom revised
ations – 19,000 signatures) IPS signatures or more. specifications
A/6-Next (excluding Solution should be able to passively given below.
Gen custom detect endpoints and infrastructure
Firewall signatures) IPS for threat correlation and Indicators of
Features/Pa signatures or Compromise (IoC) intelligence. The
ge-33 more. Solution signatures should also have
should be able categorization based on MITRE
to passively TTP's.
detect endpoints Justification: Checkpoint supports
and more than 15000 IPS signatures
infrastructure for which is more than enough to combat
threat correlation known threats.
and Indicators of
Compromise
(IoC)
intelligence. The
signatures
should also have
categorization
based on MITRE
TTP's.
14 Section – The Please change to: "The solution
solution Optional.
VII/Specific should provide should provide traffic hit count, and
ations – traffic hit count,
policy warning for streamlining
A/6-Next Rule Conflict
firewall policies."
Gen Detection Justification: Rule Conflict Detection
Firewall (Redundant &
(Redundant & Shadowed) can
Features/Pa Shadowed) and currently be achieved through an
ge-34 policy warning
external dedicated solution like
for streamlining
alogsec. For Check Point this feature
firewall policies.
is in roadmap and expected as part of
R82 release.
15 Section – Should support Please change to "Should support Please refer the
VII/Specific the capability of the capability of providing network- revised
ations – providing based detection of malware by specifications
Page 6 of 174
 A/8-Anti- network-based checking the disposition of unknown given below.
APT / detection of files using SHA-256 file-hash or
Malware malware by signature as they transit the network
Features/Pa checking the and capability to do dynamic
ge-35 disposition of analysis."
unknown files Justification: While we support this
using SHA-256 feature, putting a no on the timelines
file-hash or may not always hold true as it may
signature vary on the file size, bandwidth etc.,
(update to be hence request to retain the feature
provided in 300 without time constraint
seconds) as they
transit the
network and
capability to do
dynamic
analysis.
16 Section – The Solution Please change to: "The Solution Please refer the
VII/Specific should support should support DNS security. revised
ations – DNS security in Necessary licenses to be included specifications
A/11-DNS line mode and from day 1. given below.
Security/Pa not proxy mode. Justification: DNS security inline
ge-36 Necessary mode is specific to a particular OEM.
licenses to be Request to remove to allow
included from participation.
day 1.
17 Section – The solution Please change to "The solution Yes changed.
VII/Specific should have should have capabilities to neutralize
ations – capabilities to DNS tunneling".
A/11-DNS neutralize DNS Justification: What is the meaning of
Security/Pa tunneling and it blocking the parent domain for all
ge-37 should customers? The second part is not
automatically technically clear. Hence either
stop with the elaborate the use case or remove the
combination of second part for participation
policy on the
next-generation
firewall and
blocking the
parent domain
for all
customers.
18 Section – Integrated Traffic Please change to "Integrated Traffic Please refer the
VII/Specific Shaping Shaping functionality for outbound revised
ations – functionality for traffic" specifications
A/12- both inbound Justification: We do outbound, not given below.
SD_WAN/P and outbound inbound currently-hence needed for
age-37 traffic. participation
3. M/s DRS IT Consultancy Private Limited
1 Web Traffic Ports Traffic Ports support: As per the Please refer the
Application support: 4x10 present data centre/It infra revised
Page 7 of 174
 Firewall GE Fiber, 4x1G requirement standard, 10G ports are specifications
with Server GE Fiber and recommended over 1G, As 10G is given below.
Load 4x1G Copper backward-compatible with 1G where
Balancer/Po Port from day-1. as vies-versa is not possible. And for
int 2/Page Additionally ADC/WAF/SLB deployment 8 x 10G
no.39 should have 8 x is more than sufficient because asked
1GE Fiber for throughput is 40G.please amending
future use this clause.
(Break-Out Layer 4 connections per second:
should not be Considering the asked Concurrent
used). All Connections and Layer 4 connections
transceivers per second requirement is lower side.
(SM) from day1. Please amend this clause.
Device L4 Layer 7 requests per second:
Throughput: 20 Considering the asked Concurrent
Gbps and Connections and Layer 7 requests
scalable upto 40 per second requirement is lower side.
Gbps Layer 7 Please amend this clause.
requests per It is suggested to amend the clause
second: as :
1300,000 Layer Traffic Ports support: 8 x 10 GE
4 connection per SFP+ from day-1 Device L4
second: 500,000 Throughput: 20 Gbps and scalable up
Concurrent to 40 Gbps
Connection: 38 Layer 7 requests per second: 5
Million RSA CPS million
(2K Key): 20,000 Layer 4 connections per second: 3
ECC CPS (EC- Million SA CPS (2K Key): 20,000
P256): 12,000 ECC CPS (EC-P256): 12,000 with
with TLS1.3 TLS1.3 Support Processor: Intel 12-
Support core CPU or equivalent or better
Processor: Intel Concurrent Connections: 40 Million
12-core CPU, Processor - Intel 12-core CPU, 64GB
64GB RAM, RAM, minimum 480GB SSD Disk and
minimum 480GB dual power supply.
SSD Disk and The appliance should have 1 x
dual power 1G RJ45 Management Port and
supply. The 1G RJ45 Console port.
appliance
should have 1 x
1G RJ45
Management
Port and 1G
RJ45 Console
port.
2 Web The proposed ap Different OEM has different Please refer the
Application pliance should s terminology and technique to achieve revised
Firewall upport the below similar function. We would like to specifications
with Server metrics: request the honorable tendering given below.
Load committee to use vendor agnostic
Balancer/Po — Minimum terminology for wider participation.
Page 8 of 174
 int 6/Page Misses, — Minimum Misses,
no.40 — Hash, — Hash,
— Persistent — Persistent Hash,
Hash, — Tunable Hash/Equivalent
— Tunable — Weighted Hash/Equivalent
Hash, — Least Connections,
— Weighted — Least Connections Per Service,
Hash, — Round-Robin,
— Least — Response Time,
Connections, — Bandwidth, etc
— Least
Connections Per
Service,
— Round-Robin,
— Response
Time,
— Bandwidth,
etc
3 Web Following Load Virtual Matrix Architecture feature is Please refer the
Application Balancing specific to one ADC OEM. Kindly revised
Firewall Topologies remove this clause for wider specifications
with Server should be participation and for other points given below.
Load supported: please allow similar or equivalent
Balancer/Po • Virtual Matrix feature metrics for broader
int 7/Page Architecture participation.
no.40 • Client Network Following Load Balancing Topologies
Address should be supported:
Translation • Client Network Address Translation
(Proxy IP) (Proxy IP) /Equivalent
• Mapping Ports • Mapping Ports /Equivalent
• Direct Server • Direct Server Return /Equivalent
Return • One Arm Topology Application
• One Arm /Equivalent
Topology • Direct Access Mode /Equivalent
Application • Assigning Multiple IP Addresses
• Direct Access /Equivalent
Mode • Immediate and Delayed Binding
• Assigning /Equivalent
Multiple IP
Addresses
• Immediate and
Delayed Binding
4 Web The proposed For wider participation, We would like Please refer the
Application appliance/softwa to request the honorable tendering revised
Firewall re should be committee to amend the clause as specifications
with Server EAL2 certified. requested. given below.
Load "The proposed appliance/software
Balancer/Po should be EAL2 certified/Make in
int 31/Page India"
no.43
5 Web Capable of In order to switch over the Please refer the
Page 9 of 174
 Application handling applications traffic like web app, email revised
Firewall complete Full app etc. the GSLB solution must specifications
with Server DNS bind understand all types of DNS records given below.
Load records including and not just A or AAAA. Kindly add
Balancer/Po A, AAAA, etc. for following functionality for complete
int 34/Page IPv4/IPv6 Solution. It is suggested to amend
no.43 this clause as :-
The Proposed Solution must have
Global Server Load Balancing and
should be able to host SRV Records,
AAAA Records, A , PTR , MX ,TXT
,SOA, NS, Dname, Dmarc Records
and should also support DNSSEC.
6 Web Application load IPS is completely different technology Please refer the
Application balance with even deployment is different. Kindly revised
Firewall functionality of remove the IPS feature in the specifications
with Server Application specifications s for the wider given below.
Load delivery features participations of OEM. It is suggested
Balancer/Po , to amend the clause as "Application
int 44 Antivirus, IP load balance with functionality of
a/Page Reputation, IPS, Application delivery features,
no.44 WAF Security, Antivirus, IP Reputation, WAF
Credential Security, Credential Stuffing Defense,
Stuffing Zero day prevention, DLP, Analytics,
Defense, Bot protection, logs, High Availability
Zero day and reporting from day 1. OEM
prevention , DLP should be present in India from at
, Analytics, Bot least 5 years and Proposed solution
protection ,logs, should support 24x7x365 OEM TAC
High Availability support and advance Next Business
and reporting Day Hardware replacement. The
from day 1. OEM proposed equipments must come
should be with 5 year warranty and onsite
present in India support. Installation, basic
from at least 5 configuration (at least 2 domains),
years and and six days of training on essential
Proposed aspects of the WAF/ADC for the IT
solution should team of the High Court of M.P.,
support Jabalpur. The WAF/ADC should
24x7x365 OEM support to store all log of minimum
TAC support 8months period on external storage
and advance such as NAS/SAN. The required
Next Business external storage (Hitachi VSP E590H
Day Hardware through) will be provided by High
replacement. Court of M.P"
The proposed
equipments
must come with
5 year warranty
and onsite
support.
Page 10 of 174
 Installation,
basic
configuration (at
least 2
domains), and
six days of
training on
essential
aspects of the
WAF/ADC for
the IT team of
the High Court of
M.P., Jabalpur.
The WAF/ADC
should support
to store all log of
minimum 8
months period
on external
storage such as
NAS/SAN. The
required external
storage (Hitachi
VSP E590H
through) will be
provided by High
Court of M.P.
4. M/s Everest IMS Technologies Private Limited
1 Section –VII The solution Request you to modify the OEM Please refer the
Clause No- should specific clause as: revised
7. Technical automatically The solution should automatically specifications
Specificatio group servers /Manually group servers that work given below.
ns s that work closely closely together based on analysis of
Specificatio together based communication between them
ns – C” on analysis of
Network communication
Monitoring between them
System
Page No.-
44
2 Section –VII The solution The required features is not the Please refer the
Clause No- should standard ask of EMS module and to revised
7. Technical automatically achieve this solution dedicated APM specifications
Specificatio build tool will be required so we request given below.
ns s visualizations you to remove this clause for wider
Specificatio that show participate
ns – C” dependency
Network between
Monitoring switches,
System routers,
Page No.- physical/virtual
Page 11 of 174
 44 host, Containers,
storages, cluster
software,
business
applications and
other entities. It
should also have
the capability to
detect
applications that
span from
Datacenter and
end in a public
or a private
cloud with
interconnects
between them.
3 Section –VII The solution Request you to modify the specific Please refer the
Clause No- should be able clause as: revised
7. Technical to automatically The solution should be able to specifications
Specificatio detect software’s automatically /manually detect given below.
ns s that are end of software’s that are end of support,
Specificatio support, end of end of extended support and end of
ns – C” extended life. With respect to OS, it should
Network support and end detect End of support and End of life
Monitoring of life. With as well. On Security, It should be able
System respect to OS, it to find the patches installed on
Page No.- should detect servers along with reports on
44 End of support vulnerable ports. .Lastly, it should
and End of life integrate with a vulnerability
as well. On management solution to detect blind
Security, It spots in security of nodes missed out
should be able in vulnerability management that are
to find the found to be active in discovery.
patches installed
on servers along As multiple software does not provide
with reports on the required data on any standard
vulnerable ports. protocol so please modify the clause
.Lastly, it should as suggested
integrate with a
vulnerability
management
solution to detect
blind spots in
security of nodes
missed out in
vulnerability
management
that are found to
be active in
discovery.
Page 12 of 174
4 Section –VII Solution offers Request you to provide more details Please refer the
Clause No- multiple on the software/application from revised
7. Technical integration which EMS application need to specifications
Specificatio methods which integrate given below.
ns s can be used by
Specificatio customers for
ns – C” integrating their
Network own systems.
Monitoring Integration
System should provide
Page No.- the option in
45 both north as
well as south
bound
integration using
multiple options
like RestAPI,
XML, SOAP, etc.
on each module
level. Any fault
details should be
able to send to
third party CRM,
Customer Portal,
UNMS or even
EMS if needed
using the Trap,
XML
5 Section –VII The solution As per our understanding here need Please refer the
Clause No- should be able to monitor the latency of all the nodes revised
7. Technical to track from application server, please clarify specifications
Specificatio connectivity given below.
ns s between network
Specificatio endpoints and
ns – C” display the delay
Network between nodes
Monitoring
System
Page No.-
45
6 Section –VII Configurations: The required features is not the Please refer the
Clause No- create rules that standard ask of NMS solution and revised
7. Technical automatically can be achieved via ITSM solution, specifications
Specificatio assign deadlines so please confirm here whether new given below.
ns s to events based ITSM need to propose here or NMS
Specificatio on their impact will be integrated with existing
ns – C” on services or running ITSM solution.
Network on end-users, If Existing please provide OEM and
Monitoring create rules that version details of the ITSM solution.
System perform
Page No.- automated
Page 13 of 174
 48 assignment of
events to the
corresponding
teams, create
rules that control
automated
notification of
interested
stakeholders
about events ,
automatically
handling
duplicate events,
provide event
correlation
capabilities to
combine a set of
different events
into one major
event
7 Section –VII It should be The required features is not the Please refer the
Clause No- possible to standard ask of EMS module and to revised
7. Technical initiate complete achieve this solution dedicated APM specifications
Specificatio discovery of an tool will be required so we request given below.
ns s application and you to remove this clause for wider
Specificatio connected participate.
ns – C” components
Network from anywhere
Monitoring in the tree.
System Therefore it
Page No.- should support
44 top down,
bottom up and
start anywhere
discovery from
any
node of the
application.
8 Additional Request you to please provide the Please refer the
required details of the IT revised
Infrastructure which will be monitored specifications
in NMS solution given below.
1) No. of servers:
i) Physical Server ii) VMs
iii) Physical server on which
virtualization platform running.
2) No. & Make Of Network devices
i) Router/Switches /Firewall
ii) Wireless Controller /Wi-Fi AP
iii) Storage
3) No. & Name Of Applications
Page 14 of 174
 4) No. Of containers.
Or any other IP devices
5. M/s F5 Networks
1 “Specificatio 2. Traffic Ports Server load Balancer and WAF will
ns – B” support: 4 x 10 deploy for Application Security.
Web GE Fiber, 4 x 1G Application resides on Servers which
Application GE Fiber and 4 x are connected on 10gig fiber ports
Firewall 1G Copper Port with Server Farm switch. Asking 1gig
with Server from day-1. ports in Server load balancer is
Load Additionally creating a bottleneck in high speed
Balancer should have 8 x server farm connectivity. In today’s
Page no.39 1GE Fiber for deployments no data center is using
future use and connecting on 1gig copper or
(Break-Out fiber connectivity. Kindly consider
should not be 10gig or 25gig connectivity for using
used). All proposed solution for next 5-7 years.
transceivers Kindly modify clause as" Traffic Ports
(SM) from day1. support: 4 x 10 GE/25Gig Fiber and 4
x 1G/10gig Copper Port from day-1.
All transceivers (multimode) from
day1. 10gig interface should upgrade
to 25Gig speed by changing
transceivers only in future."
2 “Specificatio 6. The proposed Kindly allow Equivalent feature for Please refer the
ns – B” appliance should other reputed OEM's to participate. revised
Web support the specifications
Application below metrics: Kindly modify clause as" 6. The given below.
Firewall — Minimum proposed appliance should support
with Server Misses, the below metrics:
Load — Hash, — Minimum Misses,
Balancer — Persistent — Hash,
Page no.39 Hash, — Persistent Hash or Equivalent,
— Tunable — Tunable Hash or Equivalent,
Hash, — Weighted Hash or Equivalent,
— Weighted — Least Connections,
Hash, — Least Connections Per Service,
— Least — Round-Robin,
Connections, — Response Time,
— Least — Bandwidth, etc"
Connections Per
Service, —
Round-Robin,
— Response
Time, —
Bandwidth, etc
3 “Specificatio 7. Following Kindly allow Equivalent feature for Please refer the
ns – B” Load Balancing other reputed OEM's to participate. revised
Web Topologies Kindly modify clause as" 7. Following specifications
Application should be Load Balancing Topologies should be given below.
Firewall supported: supported:
with Server • Virtual Matrix • Virtual Matrix Architecture or
Page 15 of 174
 Load Architecture Equivalent
Balancer • Client Network • Client Network Address Translation
Page no.39 Address (Proxy IP)
Translation • Mapping Ports or Equivalent
(Proxy IP) • • Direct Server Return
Mapping Ports • One Arm Topology Application
• Direct Server • Direct Access Mode
Return • Assigning Multiple IP Addresses
• One Arm • Immediate and Delayed Binding"
Topology
Application
• Direct Access
Mode
• Assigning
Multiple IP
Addresses
• Immediate and
Delayed Binding
4 “Specificatio 8. The proposed Appliance asked with 64GB RAMS. If Please refer the
ns – B” device should we create 4 x virtualized environment revised
Web have Hypervisor with minimum 16GB RAM only 4 specifications
Application (should not use virtual tenants can be created. given below.
Firewall Open Source)
with Server Based Kindly modify the clause, so reputed
Load Virtualization OEM's can participate" 8. The
Balancer feature (NO proposed device should have
Page no.40 Multi-Tenancy) Hypervisor (should not use Open
that virtualizes Source) Based Virtualization feature
the Device or Multi-Tenancy that virtualizes the
resources— Device resources—including CPU,
including CPU, memory, network, and acceleration
memory, resources. It should NOT use Open
network, and Source/3rd party Network Functions.
acceleration The proposed appliance should have
resources. It capability to run in Virtualized as well
should NOT use as Standalone mode (Bidder may be
Open Source asked to demonstrate this feature
/3rd party during Technical Evaluation). Should
Network be high performance purpose built
Functions. The next generation multi-tenant (min. 2
proposed virtual instances from Day 1 and
appliance should scalable upto 4 Virtual Instances)
have capability hardware. Platform must have
to run in multiple functions including Advance
Virtualized as application load balancing and global
well as server load balancing, Network
Standalone security functionality and complete
mode (Bidder application protection functionality.
may be asked to Each Virtual Instance contains a
demonstrate this complete and separated environment
feature during of the Following:
Page 16 of 174
 Technical a) Resources, b) Configurations, c)
Evaluation). Management, d) Operating System"
Should be high
performance
purpose built
next generation
multi-tenant
(min. 5 virtual
instances from
Day 1 and
scalable upto 10
Virtual
Instances)
hardware.
Platform must
have multiple
functions
including
Advance
application load
balancing and
global server
load balancing,
Network security
functionality and
complete
application
protection
functionality.
Each Virtual
Instance
contains a
complete and
separated
environment of
the Following:
a) Resources, b)
Configurations,
c) Management,
d) Operating
System
5 “Specificatio 18. The "As far as we know, ICSA Labs is Please refer the
ns –B” Web proposed out of business. Few OEM's might revised
Application Solution should have older reports, but they likely specifications
Firewall have ICSA won’t be able to renew it. given below.
with Server Certified and Also Wikipedia mentions it:
Load PCI Compliant https://en.wikipedia.org/wiki/Internatio
Balancer WAF on the nal_Computer_Security_Association
Page no.41 same Hardware “ICSA Labs ceased operation in
from the same 2022, following closure by its parent
OEM. It must be company Verizon”.
Page 17 of 174
 able to handle Also their website is down:
OWASP Top 10 https://www.icsalabs.com/"" ""Kindly
attacks and remove the ICSA certified as it no
WASC Web longer applies on new products."
Security Attack Kindly modify clause as “18. The
Classification. proposed Solution should be
mentioned in Secure IQ
/Koppengiercole report for WAF
Solution and PCI Compliant WAF on
the same Hardware from the same
OEM. It must be able to handle
OWASP Top 10 attacks with OWASP
Dashboard and WASC Web Security
Attack Classification."
6 “Specificatio 25. Auto Policy Kindly allow Equivalent feature for Please refer the
ns –B” Web Optimization other reputed OEM's to participate. revised
Application • Known Types Kindly modify clause as" 25. Auto specifications
Firewall of Attack Policy Optimization given below.
with Server Protection - • Known Types of Attack Protection -
Load Rapid Mode Rapid Mode or Equivalent
Balancer • Zero Day • Zero Day Attack Blocking -
Page no.41 Attack Blocking - Extended Mode or Equivalent
Extended Mode • Working in Learn Mode
• Working in • Auto Discovery"
Learn Mode
• Auto Discovery
7 “Specificatio 31 The proposed "EAL2 is now known as network Please refer the
ns –B” Web appliance/softwa device collaborative protection profile. revised
Application re should be A collaborative Protection Profile specifications
Firewall EAL2 certified. (cPP), developed and maintained in given below.
with Server accordance with CCRA Annex K, with
Load assurance activities selected from
Balancer Evaluation Assurance Levels up to
Page no.42 and including level 4 and ALC_FLR,
developed through an International
Technical Community endorsed by
the Management Committee;
https://commoncriteriaportal.org/prod
ucts/index.cfm
Kindly modify clause as"" 31. The
proposed appliance/software should
be EAL2/NDPP certified."
8 “Specificatio 33 Global loads Kindly modify clause to include DNS Please refer the
ns –B” Web balancing should /GSLB license from day one as" 33 revised
Application support advance Global load balancing should support specifications
Firewall functions advance functions Authoritative name given below.
with Server Authoritative sever, DNS proxy, DNS NAT, full
Load name sever, DNS server with DNS Sec, DNS
Balancer DNS proxy/DNS DDOS, application load balancing
Page no.42 NAT/ full DNS from day one with relevant Licenses.
server with
Page 18 of 174
 DNSSec /DNS
DDOS/applicatio
n load balancing
from day one
with relevant
Licenses.
9 “Specificatio 34 Capable of Kindly include major DNS record Please refer the
ns –B” Web handling types for full function of DNS and revised
Application complete Full GSLB feature. specifications
Firewall DNS bind Kindly modify clause as" 34 Capable given below.
with Server records including of handling complete Full DNS bind
Load A, AAAA, etc. records including A, AAAA, CNAME,
Balancer for IPv4/IPv6 DNAME, HINFO, KEY, MX, NS, NXT,
Page no.42 PTR, SIG, SOA, SRV, TXR etc. etc.
for IPv4/IPv6
10 “Specificatio 35 Should have Kindly allow Equivalent feature for Please refer the
ns – B” a Web other reputed OEM's to participate. revised
Web Vulnerability specifications
Application Scanner feature Kindly modify clause as" 35 Should given below.
Firewall to detect existing have a integration with third party
with Server vulnerabilities Web Vulnerability Scanner to detect
Load like SQL existing vulnerabilities like SQL
Balancer Injection, Cross Injection, Cross Site Scripting, Source
Page no.42 Site Scripting, code disclosure, OS Commanding in
Source code the web applications."
disclosure, OS
Commanding in
the web
applications.
11 “Specificatio 44 Support WAF and SLB solution will provide Please refer the
ns – B” a Application certain features but not IPS, DLP and revised
Web load balance antivirus. specifications
Application with functionality Kindly modify clause as" 44 Support given below.
Firewall of Application a Application load balance with
with Server delivery features functionality of Application delivery
Load , Antivirus, IP features , Antivirus, IP Reputation,
Balancer Reputation, IPS, IPS, WAF Security, Credential
Page no.43 WAF Security, Stuffing Defense, Zero day
Credential prevention , DLP , Analytics, Bot
Stuffing protection ,logs, High Availability and
Defense, Zero reporting from day 1. OEM should be
day prevention , present in India from at least 5 years
DLP , Analytics and Proposed solution should support
,Bot protection 24x7x365 OEM TAC support and
,logs, High advance Next Business Day
Availability and Hardware replacement. The
reporting from proposed equipments must come
day 1. OEM with 5 year warranty and onsite
should be support. Installation, basic
present in India configuration (at least 2 domains),
from at least 5 and six days of training on essential
Page 19 of 174
 years and aspects of the WAF/ADC for the IT
Proposed team of the High Court of M.P.,
solution should Jabalpur. The WAF/ADC should
support support to store all log of minimum
24x7x365 OEM 8months period on external storage
TAC support and such as NAS/SAN. The required
advance Next external storage (Hitachi VSP E590H
Business Day through) will be provided by High
Hardware Court of M.P. "
replacement.
The proposed
equipments
must come with
5 year warranty
and onsite
support.
Installation,
basic
configuration (at
least 2
domains), and
six days of
training on
essential
aspects of the
WAF/ADC for
the IT team of
the High Court of
M.P., Jabalpur.
The WAF/ADC
should support
to store all log of
minimum
8months period
on external
storage such as
NAS/SAN. The
required external
storage (Hitachi
VSP E590H
through) will be
provided by High
Court of M.P.
12 “Specificatio Add Clause as The proposed solution should have Yes accepted.
ns – B” Key Web server stress based L7 Behavioral Please refer the
Web Application DOS detection and mitigation revised
Application Firewall L7 including the ability to create real time specifications
Firewall DDOS features L7 DOS signatures. given below.
with Server are missing.
Load Kindly
Balancer incorporate.
Page 20 of 174
 Page no.43
13 “Specificatio Add Clause as The proposed solution should provide Please refer the
ns – B” Key Web behavioral DoS (BADoS) which revised
Web Application provides automatic protection against specifications
Application Firewall L7 DDoS attacks by analyzing traffic given below.
Firewall DDOS features behavior using machine learning and
with Server are missing. data analysis.
Load Kindly
Balancer incorporate.
Page no.43
14 “Specificatio Add Clause as The proposed solution must support The vendor can
ns – B” Key Web Single Sign-On functionality on the quote higher side
Web Application same appliance running on the same /proposed better
Application Firewall L7 OS version from the same OEM in solution.
Firewall DDOS features the future. The solution must protect
with Server are missing. against FTP, SMTP, HTTP, HTTPS,
Load Kindly and Application layer Dos and DDOS
Balancer incorporate. attacks including stress based DOS
Page no.43 and Heavy URL attacks.
15 “Specificatio Add Clause as The proposed solution should have The vendor can
ns – B” Key Web the capability of BOT detection and quote higher side
Web Application Protection beyond signatures and /proposed better
Application Firewall features reputation to accurately detect solution.
Firewall are missing. malicious and benign bots using
with Server Kindly client behavioral analysis, server
Load incorporate. performance monitoring, and
Balancer escalating JavaScript and CAPTCHA
Page no.43 challenges.
16 “Specificatio Add Clause as The proposed WAF should support of The vendor can
ns – B” Key Web prevention of theft as well as the quote higher side
Web Application mitigation of attacks that uses /proposed better
Application Firewall features previously stolen credentials. solution.
Firewall are missing.
with Server Kindly
Load incorporate.
Balancer
Page no.43
6. M/s iValue InfoSolutions Pvt. Ltd.
1 Device L4 Due to license capping the OEMs Please refer the
Throughput: have the advantage to quote higher revised
20 Gbps for the incremental license which is specifications
and not cost effective to customer. Hence given below.
scalable request you to amend the point as
upto 40 "The ADC+WAF should be fully
Gbps populated with the license throughput
of 40 Gbps from Day-1."
2 Processor: To derive the performance number Please refer the
Intel 12- from the specific compute numbers revised
core CPU, does not decide performance of the specifications
64GB RAM, device at all due to Different given below.
minimum architecture, ASICS, FTGA cards
Page 21 of 174
 480GB SSD etchave different hardware
Disk and requirement which cannot be
dual power generalized for performance. Request
supply. you to change the required Processor
to Intel Xeon 8-core or higher.
7. M/s SonicWall
1 Hardware The proposed The proposed vendor must be Please refer the
Architecture vendor must be present in the Network Firewalls revised
in the Leader’s Gartner Magic Quadrant for latest specifications
or challenger year report. given below.
quadrant of the Required changes for Participate.
Network
Firewalls
Gartner Magic
Quadrant for
latest year
report.
2 Performanc High Availability: High Availability: Active/Active, Please refer the
e & Active/Active Active/Passive and should support revised
Scalability and session state synchronization among specifications
Active/Passive firewalls from day. given below.
and should Required changes for Participate.
support session
state
synchronization
among firewalls
from day 1
3 Performanc Should support Should support capability to create Please refer the
e & capability to multiple virtual context/instance with revised
Scalability create multiple strict hardware resource (CPU, specifications
virtual Memory & Storage) reservation and given below.
context/instance ensure traffic isolation between virtual
with strict context / instance.
hardware Make this point Optional - Required
resource (CPU, to participate
Memory &
Storage)
reservation and
ensure traffic
isolation
between virtual
context/instance
4 Next Gen Should support Should support more than 2000+ Please refer the
Firewall more than (excluding custom application revised
Features 4000+ signatures) distinct application specifications
(excluding signature as application detection given below.
custom mechanism to optimize security
application effectiveness and should be able to
signatures) create 40 or more application
distinct categories for operational efficiency.
application Required changes for Participate.
Page 22 of 174
 signature as
application
detection
mechanism to
optimize security
effectiveness
and should be
able to create 40
or more
application
categories for
operational
efficiency
5 Next Gen Should support Should support more than 10,000 IPS 15000
Firewall more than signatures or more.
Features 19,000 Request to Start with Minimum.
(excluding
custom
signatures) IPS
signatures or
more.
6 DNS Should take Should take inputs from at least 25 The vendor can
Security inputs from at third-party sources of threat quote equivalent
least 25 third- intelligence. or better solution.
party sources of Make this point Optional – Required
threat to Participate
intelligence.
7 Interface 6 X 10G Minimum 4 X 10G Copper/RJ45 Day Please refer the
and Copper/RJ45 1 or more. 6 X 1/10G SFP/SFP+ Day revised
Connectivity Day 1 1 with LR/SM transceivers and 8x3m specifications
Requiremen 8 X 1/10G patch cords. 4 X 10/25Gig SFP28 given below.
t SFP/SFP+ Day Ports with 4 nos. of LR transceivers
1 with LR/SM and 4x3m patch cords from Day one.
transceivers and Minimum 2 x 1G/10G HA port in
8x3m patch addition to requested data ports,
cords. Dedicated 1 X 10/100/1000 RJ45
4 X 10/25Gig Management Port.
SFP28 Ports Required changes for Participate.
with 4 nos. of LR
transceivers and
4x3m patch
cords from Day
one.
Minimum 2 x
10G HA port in
addition to
requested data
ports, Dedicated
1 X 10/100/1000
RJ45
Management
Page 23 of 174
 Port.
8 Next Gen The solution The solution should provide Change Optional.
Firewall should provide Management capability for the
Features Change organizations needs to implement
Management more formal processes for
capability for the configuration changes, including audit
organizations tracking and official approval before
needs to changes are deployed.
implement more Make this point Optional.
formal
processes for
configuration
changes,
including audit
tracking and
official approval
before changes
are deployed.
9 Next Gen The solution The solution must provide IP No Change.
Firewall must provide IP reputation feed that comprised of
Features reputation feed several regularly updated collections
that comprised of poor reparation of IP addresses
of several determined by the proposed security
regularly vendor. The solution should have the
updated capability to detect MD5, SHA256
collections of and SHA512 traffic hashes to detect
poor reparation any malicious traffic pattern.
of IP addresses We do have our own Capture threat
determined by labs – intel from here is used as of
the proposed now to trap zero day & ransomware.
security vendor.
Solution must
support IP
reputation
intelligence
feeds from third
party and
custom lists of IP
addresses
including a
global blacklist.
The solution
should have the
capability to
detect MD5,
SHA256 and
SHA512 traffic
hashes to detect
any malicious
traffic pattern
10 Next Gen The solution It should also provide configuration Please refer the
Page 24 of 174
 Firewall should provide rollback capacity to the last good revised
Features Configuration configuration running on the firewall. specifications
Deployment Audit logs show the changes history given below.
History, with success/failed details.
Pending Requested to edit this clause as
Changes and Pending changes is feasible via
Policy Compare centralized management solution
capability before NSM.
the
security policies
are deployed on
the firewall. It
should also
provide
configuration
rollback capacity
to the last good
configuration
running on the
firewall.
11 URL Should must Should support URL threat No change.
Filtering support URL intelligence feeds to protect against
Features threat threats.
intelligence Make this point optional
feeds to protect
against threats
12 Logs & Solution should Solution should offer Centralized No Change.
Reporting offer NOC/SOC Visibility for the Attack
Centralized Surface.
NOC/SOC Remove this point or make it optional
Visibility for the as it seems to be OEM specific.
Attack Surface
8. XtraNet Technologies Private Limited
1 Page no.22 The successful We request the Department to amend No change.
4.8 TIME bidder shall the clause as below:
SCHEDULE complete the The successful bidder shall complete
TO assignment the assignment within 120 days from
COMPLET within 60 days the date of issue of Letter of
E THE from the date of Acceptance / Letter of Intent.
CONTRAC issue of Letter of
T:- Acceptance /
Point no. Letter of Intent.
4.8.1
2 Page no. 30 Details : We request the Department to amend No change.
WARRANT (i) Within 48 the clause as below:
Y SERVICE working Hours Details :
LEVEL from the call (i) Within 48 working Hours from the
REQUIREM logging time – call logging time – for all High
ENTS – for all High Severity events
SLA Severity events (ii) Within 72 working hours from the
6.7.4 The (ii) Within 72 time of attending the problem for all
Page 25 of 174
 various working hours Low severity events.
Service from the time of Penalties per day of delay / per
Level attending the fault / per occasion
Requiremen problem for all (i) For High Severity events,
ts and
Low Rs.1000/-.
related severity events (ii) For Low Severity events, Rs.500/-
Penalties
penalties for per Delay will be counted in steps of 1
default day of delay / day.
per fault / per
occasion
(i) For High
Severity events,
Rs.1000/-.
(ii) For Low
Severity events,
Rs.500/-
Delay will be
counted in steps
of one hour.
3 Page No. 8 The proposal We request the department to allow No change.
2.5 should be the EMD in the form Bank Guarantee.
EARNEST submitted along
MONEY with only online
DEPOSIT application fee of
(EMD): Rs.5,000/- (Rs.
Five Thousand
only) and
Earnest Money
Deposit(EMD) of
Rs.03 Lakh
(Rupees Three
Lakh only) in the
form of online
mode through e-
procurement
4 Page no. 1 The sealed We request the department Remove No change.
Hardcopy tender complete hard copy submission of tender.
Submission in all respect
of tender addressed to
“Registrar
General, High
Court of Madhya
Pradesh,
Jabalpur” must
be submitted
before 05:00
P.M. on 15th
October, 2024
(mandatory).
5 Technical We request to consider our Quote as per
Query recommendation for dedicated tender.
Page 26 of 174
 purpose built NIPS appliance.
Reason "Whenever throughput
increases, by default the box capacity
will decrease as it is working with all
the modules of FW, NIPS & Anti-APT
or in worst case NGFW will bypass
the NIPS & Anti-APT & will offer basic
Firewall functionality only"
6 Firewall - The SolutionWe request the department to Quote as per
Technical should support generalize these points for wider and tender and
Specificatio DNS security in more competitive participation as it clarifications
ns line mode and seems OEM Specific. published.
not proxy mode.
Necessary
licenses to be
included from
day 1.
9. AKS Information Technology Services Pvt. Ltd
PQC Queries
1 2.5.1 or EMD worth 3 Kindly provide exemption to MSME No change.
3.13 page lakh INR /NSIC Bidders.
no. 08 OR The firms
registered under
NSIC and
MSME (The
vendor to be
registered with
both NSIC and
MSME for
claiming
exemption of
tender fees) are
exempted for
submission of
tender fees only.
But they have to
submit valid
EMD as per the
tender
requirement.
2 2.15.2 page Three similar Relaxation in the % No change.
no. 12 completed work
costing not less
than the amount
equal to 40% of
the estimated
cost.
OR
Two similar
completed work
costing not less
Page 27 of 174
 than the amount
equal to 50% of
the estimated
cost.
OR
One similar
completed work
costing not less
than the amount
equal to 80% of
the estimated
cost.
3 Phase 3 The Commercial Evaluation Type Evaluation will be
page no. 13 Proposal done on line item
Evaluation will basis.
be based on the
“individual cost”,
which would be
the total payouts
including all
taxes, duties and
levies for the
supply,
installation,
commissioning,
system
integration of
equipments and
Maintenance
cost.
4 2.20.3 page Successful Exemption for MP No change.
no.14 bidder must
ensure his
establishment in
India and in the
State of Madhya
Pradesh for
post-installation
services and
support of the
supplied
equipments.
5 2.22 page The Government Exemption in Firewall Category Quote as per
no. 15 of India had tender document.
amended the
General
Financial Rules
2017 to enable
the imposition of
restrictions
under Rule
Page 28 of 174
 144(xi) on
bidders from
countries which
share a land
border with India
on grounds of
defense of India,
or matters
directly or
indirectly related
thereto including
national security.
The bidder has
to submit proper
documents in
this regards as
per the policy.
As per the
Public
Procurement
(Preference to
Make in India),
Order 2017, the
Class-I local
suppliers shall
get preference in
procurement of
goods, services
or works. In
furtherance of
the Revised
PPP-MII Order
dated
04.06.2020, the
Ministry of
Electronics &
Information
Technology
(MEIT) has
notified the
mechanism for
calculation of
local content for
the 13 electronic
products vide
Notification no.
43/4/2019IPHW-
MeitY dated
07.09.2020.
NMS Queries
6 Specificatio The solution Requesting authority to amend the Please refer the
Page 29 of 174
 ns – C, should clause as follows: The solution should revised
Network automatically automatically group servers that work specifications
Monitoring group servers closely together based on an analysis given below.
System, that work closely of communication analysis or
Page No. together based grouping criteria such as tags and
44 on analysis of types between them.
communication
between them.
7 Specificatio The solution Requesting authority to kindly revise Please refer the
ns – C, should the clause as this is OEM Specific revised
Network automatically and restrictive for other OEM to specifications
Monitoring build participate in this tender, suggested given below.
System, visualizations revised clause: "The solution should
Page No. that show automatically build visualizations that
44 dependency shows dependency between
between switches, routers, physical/virtual
switches, host, Containers, storages, cluster
routers, software, business applications and
physical/virtual other entities"
host, Containers,
storages, cluster
software,
business
applications and
other entities. It
should also
have the
capability to
detect
applications
that span from
Datacenter and
end in a public
or a private
cloud with
interconnects
between them.
8 Specificatio The solution Kindly amend the clause as follows: Please refer the
ns – C, should support The solution should support extensive revised
Network extensive monitoring capabilities from an OS specifications
Monitoring monitoring (Linux, Windows) and platform given below.
System, capabilities from standpoint, and should provide
Page No. an OS (Linux, options to deploy customized
45-46 Windows)/ monitoring requirements.
platform
standpoint and
should provide
capabilities for
customer to
develop, deploy
customized
Page 30 of 174
 monitoring
requirements
9 Specificatio Configurations: This clause is restrictive to our Yes Removed.
ns – C, create rules that participation. We kindly request
Network automatically authority to remove it.
Monitoring assign deadlines
System, to events based
Page No. on their impact
48 on services or
on end-users,
create rules that
perform
automated
assignment of
events to the
corresponding
teams, create
rules that control
automated
notification of
interested
stakeholders
about events ,
automatically
handling
duplicate events,
provide event
correlation
capabilities to
combine a set of
different events
into one major
event
10 Specificatio Consider optionsWe understand that the license used Yes.
ns – C, for transferringfor a network device should also be
Network licenses applicable to a server device when
Monitoring between devices needed, provided the network device
System, or reallocating
is removed from monitoring and
Page No. licenses as
provisioning on the server. This would
49 needs change. allow the same license to be used for
monitoring the server device. Could
you please confirm if our
understanding is correct?
11 Specificatio Suggestion to The proposed NMS solution should No.
ns – C, additional clause be aligned with ITIL framework
Network principles, certified with ITIL4 for
Monitoring Monitoring & Event Management and
System, Capacity & Performance
Page No. Management processes, and must
49 include comprehensive
documentation demonstrating
Page 31 of 174
 compliance with these standards to
ensure best practices in service
management and operational
excellence
12 Specificatio Suggestion to The proposed NMS solution must Yes changed in
ns – C, additional clause comply with recognized security the specifications
Network standards, including ISO 27001:2013/ s given below.
Monitoring ISO 27034, and CIS (Center for
System, Internet Security) certifications, to
Page No. ensure robust security management,
49 secure software development, and
adherence to best practices in
information security.
WAF Queries
13 Section – The proposed As Haltdos is a Made in India firm, it Please refer the
VII Page Solution should does not qualify for ICSA revised
41, Point-18 have ICSA accreditation. Instead, it will provide specifications
Certified and an STQC certification. given below.
PCI Compliant Justification: Since Haltdos is a
WAF on the well-known Made in India (MII)
same Hardware company, we are not applicable for
from the same certifications like Gartner and ICSA.
OEM. It must be Instead, Haltdos will provide
able to handle certifications like EAL2+ and STQC.
OWASP Top 10
attacks and
WASC Web
Security Attack
Classification.
10. M/s Palo Alto Networks
1 “Specificatio Minimum 800GB Since these are hardware appliances, Please refer the
ns – A” SSD it comes with a fixed storage size, revised
Firewall different vendor models would have specifications
Technical different size of storage based on the given below.
Specificatio models. Also since the RFP is also
ns s asking for Management server which
15. Device would have more storage space to
Storage store the logs and configs a regular
Page 38 storage size SSD is adequate on the
firewall, it is recommended to change
the clause as below:
Minimum 400 GB SSD.
2 “Specificatio The Proposed These are the features generally part Please refer the
ns – A” system shall of the Security Automation tool such revised
Firewall support as SOAR and the Firewall specifications
Technical automation management could provide an insight given below.
Specificatio response based for the below events and alert the
ns s on following analysts. Please remove the section
14. events: or modify as below:
Automation Compromised Monitor and send email alerts for
& Incident Hosts detected below events:
Page 32 of 174
 Response Configuration System
Page 37 Change Threats
Event Log Zero day / unknown malware
High CPU traffic logs
License Expiry
Email Alert
IP Ban
3 “Specificatio The NGFW Considering the current requirement No change.
ns – A” throughput of the and future scalability for MP High
Firewall firewall should Court, it is recommended to increase
Technical be a minimum the throughput of NGFW ad Threat
Specificatio 20 Gbps with Prevention. It would also take care of
ns s application the periodical spike in the traffic and
5. identification and higher throughput requirement for the
Performanc firewalling contract period as well. Request MP
e & enabled with real High Court to modify / amend the
Scalability world/enterprise/ clause as below:
Page 32 production traffic The NGFW throughput of the firewall
with logging should be a minimum 28 Gbps with
enabled. The 64 KB including application
Threat identification and firewalling enabled
Prevention/NGIP with real world/enterprise/ production
S throughput traffic with logging enabled. The
after enabling Threat Prevention/NGIPS throughput
IPS, AVC, after enabling IPS, AVC, antimalware,
antimalware, antispyware, sandboxing, user
sandboxing with identification, file blocking, DNS
logging enabled security and logging enabled should
should be 12 be 15 Gbps considering 64 KB HTTP
Gbps. transaction size.
4 “Specificatio NGFW Firewall For better throughput and No change.
ns – A” should support performance and to be in line with the
Firewall at least throughput, please amend the clause
Technical 1400,000 Layer as below:
Specificatio 7 Concurrent NGFW Firewall should support at
ns s sessions least 2.5 Million Layer 7 Concurrent
5. sessions measured utilizing HTTP
Performanc transactions or 20 Million Layer 3 / 4
e & concurrent sessions.
Scalability
Page 32
5 “Specificatio NGFW Firewall For better throughput and No change.
ns – A” should support performance and to be in line with the
Firewall at least 150,000 throughput, we recommend
Technical connections per amending the clause as below:
Specificatio second L3/L4 or NGFW Firewall should support at
ns s New Layer 7 least 2 Million connections per
5. connections per second L3/L4 or New Layer 7
Performanc second – Min connections per second – Min 225K
e & 90,000 measured with application override,
Scalability utilizing 1 byte HTTP transactions.
Page 33 of 174
 Page 32
6 “Specificatio OEM should be For a better visibility of the various No Change.
ns – A” present in India licenses to be proposed / quoted,
Firewall from at least 5 please amend the clause as below:
Technical years and
Specificatio Proposed OEM should be present in India from
ns s solution should at least 5 years and should be
10.Support support proposed with 5 Years OEM support
Page 36 24x7x365 OEM bundle with 24x7x365 days TAC
TAC support and support, RMA (There should be at
advance Next least 4 RMA dept and one TAC for
Business Day support in India), software updates
Hardware and subscription update support. The
replacement. NGFW should be proposed with 5
The NGFW years subscription licenses for
should be NGFW, NGIPS, Anti-Virus , Anti
proposed with 5 Spyware, Threat Protection, APT
years onsite Protection (Zero Day Protection with
support and integrated Sandboxing), URL Filtering
subscription and DNS Security from day 1. The
license for solution shall support bidirectional
NGFW, NGIPS, control over the unauthorized transfer
Anti Virus, Anti of file types and Social Security
Spyware, URL numbers, credit card numbers, and
Filtering, DNS, custom data patterns for future use.
VPN and
Antibotnet
11. M/s Newgen It Technologies Limited
1 Page no:10 Experience in We kindly request the inclusion of Quote as per
& point no: Supply, experience in IT equipment, Data tender document.
2.15.2 Installation, Centers, and related infrastructure.
commissioning,
Maintenance of
firewall, WAF,
NMS tool and
similar IT
equipment’s
during last 05
years
2 Page No:15 Successful We propose allowing bidders to Yes changed.
& Point no: bidder must establish their office after the award
2.20.3 ensure his of the tender. To demonstrate
establishment in commitment, bidders can submit a
India and in the letter of undertaking to open an office
State of Madhya in Madhya Pradesh post award. This
Pradesh for flexibility will enable a wider range of
post-installation qualified bidders to participate without
services and compromising on service quality.
support of the
supplied
equipment’s
Page 34 of 174
3 Page No: Technical Tender specifications currently Please refer the
33 Specifications support a single OEM. We request a revised
relaxation of this restriction to specifications
accommodate multiple brands. This given below.
change will enhance competition,
potentially reduce costs, and provide
more options for high-quality
equipment and services.
12. M/s Sophos
1 3rd party The proposed Please remove. Please refer the
Test firewall vendor NSS Labs already closed and already revised
Certification must have over irrelevant since we are unable to get specifications
Page No. 97% of Exploit succeeding certification from them. given below.
32 Block rate in
latest NGFW
NSS Lab Test
report.
2 3rd party The proposed The proposed vendor must be in the Please refer the
Test vendor must be Gartner's Magic quadrant for the revised
Certification in the Leader’s network firewalls as per the latest specifications
Page No. or challenger report . given below.
32 quadrant of the OR
Network The proposed vendor should be
Firewalls qualified as a class 1 Make In India
Gartner Magic vendor as per DPIT guideline.
Quadrant for As per DPIT notification DPIIT
latest year Notification File No- P-45021/2/2017-
report. PP(BE-II) dated 16-09-2020 from the
Ministry of India , Make In India
product should be given privilege and
Gartner/ or any other 3rd party
international certificate are not
considered.
3 Interface 6 X 10G 6 X 10G Copper/ 10 G fiber with Please refer the
and Copper/RJ45 RJ45 Transreciever from Day 1. revised
Connectivity Day 1 Every OEM has it's standard specifications
Requiremen architecture, kindly make it more given below.
t Page No. generic feature to participate more
32 number of OEM in this bid.
4 Interface 4X 10/25Gig 4X 10/25/40 Gig SFP28/QSFP Ports Please refer the
and SFP28 Ports with 4 nos. of LR transceivers and revised
Connectivity with 4 nos. of LR 4x3m patch cords from Day one. specifications
Requiremen transceivers and Sir, your backend network ports are given below.
t Page No. 4x3m patch standard on 10G/ 40G/ 100G QSFP.
32 cords from Day Whereas, you have asked for
one 10G/25G which does not make sense
because your entire network is on
10G and after link aggregation on
your SD-WAN your capacity will
increase from 10G. Hence, You
should ask for "Minimum 40G of
Page 35 of 174
 SFP28 Ports with 4 nos. of LR
transceivers and 4x3m patch cords
from Day one."
Today this will not increase your price
rather will make it standard for
everyone and you will get the best
product otherwise everybody will
quote 10G product only.
5 Next Gen Should support Should support capability to create Please refer the
Firewall capability to multiple virtual context/instance revised
Features create multiple /virtual zones with physical interfaces, specifications
Page No. virtual ensure traffic isolation between virtual given below.
33 context/instance context/instance /Virtual Zones.
with strict Every OEM has it's standard
hardware architecture, and parlance we request
resource (CPU, you to make it generic by putting
Memory & “Should support capability to create
Storage) multiple virtual context/instance
reservation and /virtual zones with physical interfaces,
ensure traffic ensure traffic isolation between virtual
isolation context/instance/Virtual Zones". Keep
between virtual it more generic because the definition
context/instance becomes very OEM specific.
6 Next Gen The solution The solution should provide Please refer the
Firewall should provide Configuration Deployment History revised
Features Configuration and Web Policy Compare/test specifications
Page No. Deployment capability before the policies are given below.
34 History, Pending deployed on the firewall. It should
Changes and also provide configuration rollback
Policy Compare capacity to the last good configuration
capability before running on the firewall. Every OEM
the security has its standard architecture, Sir; It is
policies are difficult to show what comparison
deployed on the means between different policies it is
firewall. It should always better to have web policy
also provide comparison /Testing capability. Kindly
configuration make it more generic feature to
rollback capacity participate more number of OEM in
to the last good this bid.
configuration
running on the
firewall.
7 Manageme The The management platform must be No change.
nt Page No. management capable of integrating third party
35 platform must be security information into data lake &
capable of correlate them to provide contextual
integrating third information & accelerated threat
party discovery and response.
vulnerability Every OEM has it's standard
information into architecture and feature set. In
threat policy today's highly evolved threat
Page 36 of 174
 adjustment environment, security management
routines and console should have 3rd party
automated security product & logs integration
tuning workflows facility. In collaboration with 3rd party
security logs, threat can be
discovered quickly and response can
be more faster across all estates.
8 Logs & Bidder has to Bidder has to propose on premise No change.
Reporting propose on dedicated logging, analytics & Quote as per
Page No. premise reporting solution from (Virtual tender document.
38 dedicated /Physical Appliance/India Cloud) from
logging, day1, the logging solution to be
analytics & deployed at Data Center only.
reporting In Case of Virtual Appliance, bidder to
solution from consider Required computing /
same OEM hardware resource for the VM. The
(Virtual /Physical firewall should support to store all log
Appliance) from of minimum 8months period on
day1, the external storage such as NAS/SAN.
logging solution The required external storage (Hitachi
to be deployed VSP E590H through) will be provided
at Data Center by High Court of M.P.
only. Required Features:
In Case of Should Deliver single-pane visibility,
Virtual also have reporting facility to
Appliance, generate reports on virus detected
bidder to over different protocols, top sources
consider for viruses, destination for viruses,
Required top viruses etc. Should have options
computing / to generate Predefined or customized
hardware Advance reports in different formats.
resource for the The solution should have
VM. The firewall configurable options to schedule the
should support report generation. Log retention
to store all log of customization by category. Solution
minimum should offer Centralized NOC/SOC
8months period Visibility for the Attack Surface.
on external Bidder has to include any additional
storage such as license for analytics /event correlation
NAS/SAN. The from day1. The solution should
required external machine learning capability to detect
storage (Hitachi the exploit and not depend on the
VSP E590H vulnerabilities with trained models
through) will be and traffic classifiers. The same
provided by High should be available on public website
Court of M.P. to validate the capabilities.
Required Every OEM has its standard
Features: architecture, kindly make it more
Should Deliver generic feature to participate more
single-pane number of OEM in this bid. As per
visibility, also latest guideline by Cert-IN data
Page 37 of 174
have reporting should be reside within geographical
facility to border of India. Hence requesting ,
generate reports reports can be stored in India DC
on virus which is SOC2 certified and
detected over empanelled with MeitY for better and
different efficient management, feature rich
protocols, top SIEM like details reporting, flexibility
sources for in storage increment at any point of
viruses, time and saving more energy to
destination for encourage Go-Green policy.
viruses, top
viruses etc.
Should have
options to
generate
Predefined or
customized
Advance reports
in different
formats. The
solution should
have
configurable
options to
schedule the
report
generation. Log
retention
customization by
category.
Solution should
offer Centralized
NOC/SOC
Visibility for the
Attack Surface.
Bidder has to
include any
additional
license for
analytics /event
corelation from
day1. The
solution should
machine
learning
capability to
detect the exploit
and not depend
on the
vulnerabilities
with trained
Page 38 of 174
 models and
traffic classifiers.
The same
should be
available on
public website to
validate the
capabilities.
13. M/s Microworld Infosol Pvt. Ltd., M/s Computer Bazar & M/s Veltronics India Pvt. Ltd.
FirewallTechnicalSpecifications
1 4-Hardware The appliance Security appliance should be Please refer the
Architecture hardware should evaluated based on their security revised
be multi core effectiveness, features, and specifications
CPU functionality, rather than their given below.
architecture and architecture. The current clause
should not be seems to favor PC-based
proprietary ASIC architecture, potentially excluding
based in nature ASIC OEMs from the tender. We
& should be would like to emphasize that ASIC
open technology is no longer proprietary,
architecture as many leading OEMs are adopting
based on multi- it for its superior performance. Please
core cpu's to refer to the URL below, which
protect & scale highlights that ASIC is not exclusive
against dynamic to Fortieth. Therefore, we request the
latest security removal of this clause and suggest
threats. The that MP High court to consider
appliance architectures based on their
hardware should performance and security
have a hardened effectiveness.
operating https://community.cisco.com/t5/netwo
system from the rking-blogs/the-new-era-of-wan-an-
OEM and should asic-innovation- story/ba-p/4175243
support https://www.paloaltonetworks.com/net
minimum of work- security/hardware-firewall-
64GB of RAM to innovations
make sure all https://blog.checkpoint.com/security/c
the security heck- point-software-introduces-the-
capabilities are worlds-fastest-firewall-delivering-20-
provided without times-better-price-performance-to-
degradation from the-worlds-most-demanding-
day one. datacenters/
The firewall The appliance hardware should be
should have multi core CPU architecture or should
integrated be proprietary ASIC based in nature
redundant fan & should be open architecture based
and dual on multi-core cpu's to protect & scale
redundant hot against dynamic latest security
swappable threats. The appliance hardware
power supply to should have a hardened operating
remove any system from the OEM.
Page 39 of 174
 single point of The firewall should have integrated
failure in the redundant fan and dual redundant hot
solution swappable power supply to remove
any single point of failure in the
solution.
2 4-Hardware OEM and should OEM and should support minimum of Please refer the
Architecture support 64GB of RAM to make sure all the revised
minimum of security capabilities are provided specifications
64GB of RAM to without degradation from day one or given below.
make sure all should be proprietary ASIC based in
the security nature to make sure all the security
capabilities are capabilities are provided without
provided without degradation from day one.
degradation from
day one.
3 5 The NGFW Reason for change Every OEM has Please refer the
Performanc throughput of the different ways to measure the revised
e& firewall should throughput values. We request to specifications
Scalability be a minimum changes so all major OEM matches given below.
20 Gbps with this and can participate.
application The NGFW throughput of the firewall
identification and should be a minimum 15 (enterprise
firewalling mix /Real world with logging enabled)
enabled with real OR Application throughput measured
World with 64K http minimum 20Gbps.
/enterprise Threat prevention throughput
/production minimum 10Gbps (Enterprise Mix /
traffic with Real World with logging enabled)
logging enabled.
The Threat
Prevention
/NGIPS
throughput after
enabling IPS,
AVC,
antimalware,
sandboxing with
logging enabled
should be
12Gbps.
4 It is highly Minimum 10Gbps of SSL inspection No change.
recommended to throughput and 500K SSL inspection
ask SSL concurrent session support
inspection
throughput. This
is important
parameters to
size the right
box. Because
lower SSL
inspection
Page 40 of 174
 throughput can
degrade the
performance
while
Complete
inspection of the
packet is
enabled.
5 NGFW Firewall Most of the OEM is publish the Please refer the
should support connection per second and revised
at least concurrent session in TCP. It's highly specifications
1400,000 Layer recommended on the basis of the given below.
7 Concurrent ports count that the connections
sessions requirement must be higher so device
not becomes bottle neck. Asking the
lower connections is favoring specific
OEM model.

6 6-Next Gen NGFW Firewall Min 500K Connection per Second No change.
Firewall should support and 5M concurrent connections.
Features at least 150,000
connections per
second L3/L4 or
New Layer 7
connections per
second –
Min 90000
7 6-Next Gen Should support Favoring to specific OEM signature Yes changed TO
Firewall more than count. 15000.
Features 19,000 Request to make changes and allow
(excluding min 10000 Signatures.
custom
signatures) IPS
signatures or
more. Solution
should be able
to passively
detect endpoints
and
infrastructure for
threat correlation
and Indicators of
Compromise
(IoC)
intelligence. The
signatures
should also have
categorization
based on MITRE
TTP's
8 Should support Every OEM has different counts and Yes changed.
Page 41 of 174
 Reputation- and categories. This is favoring to specific
category- based OEM nos.
URL filtering Request to remove this clause
offering
comprehensive
alerting and
control over
suspect web
traffic and
enforces policies
on more than
250 million of
URLs in more
than 75+
categories from
day1.
9 11-DNS The Solution Favoring to Specific OEM. Please refer the
Security should support The Solution should support DNS revised
DNS security in security in line mode/proxy mode. specifications
line mode and Necessary licenses to be included given below.
not proxy mode. from day 1.
Necessary
licenses to be
included from
day 1.
10 DNS security Every OEM has different counts in Please refer the
should block threat intelligence asking specific revised
known bad favoring to specific OEM. specifications
domains and Request to remove 10M malicious given below.
predict with domain.
advanced
machine
learning
technology and
should have
global threat
intelligence of at
least 10 million
malicious
domains.
11 The solution Favoring to Specific OEM: Should The vendor can
should integrate have OEM human-driven adversary quote equivalent
and correlate to tracking and malware reverse or better solution.
provide effective engineering, including insight from
prevention globally deployed honey pots. Should
against. New C2 take inputs from at least 25 third-party
domains, file sources of threat intelligence.
download source Request to remove this clause.
domains, and
domains in
malicious email
Page 42 of 174
 links.
Integrate with
URL Filtering to
continuously
crawl newfound
or uncategorized
sites for threat
indicators.
Should have
OEM human-
driven adversary
tracking and
malware reverse
Engineering,
including insight
from globally
deployed honey
pots. Should
take inputs from
at least 25 third-
party sources of
threat
intelligence.
Load Balancer + WAF
12 Clause No. Traffic Ports Every OEM has its own architecture. Please refer the
2 support: 4 x 10 Scalability ask within same appliance revised
GE Fiber, 4 x 1G is favoring specific OEM architecture. specifications
GE Fiber and 4 x We request MP high court specific given below.
1G Copper Port the required throughput values
from day-1. including scalability requirement and
Additionally it is highly recommended to Layer 7
should have 8 x throughput of the appliance now a
1GE Fiber for day's most off the applications are
future use HTTP and HTTPS. Ask parameters
(Break-Out are favoring specific OEM model and
should not be designed such a way to make
used). All competition model higher. For fair
transceivers participation we request relaxation in
(SM) from day1. parameters. ASIC technology does
Device L4 not required higher memory and
Throughput: 20 throughput to match the desired
Gbps and performance. So Request the
scalable upto 40 processor and memory clause. Also
Gbps Layer 7 request to relax ports here. Ask ports
requests per counts are favoring specific OEM
second: model.
1300,000 Layer Traffic Ports support: 4 x 10 GE
4 connection per Fiber, 4 x 1G GE Fiber and 4 x 1G
second: 500,000 From day 1 Device L7 Throughput:
Concurrent Minimum 20 Gbps Layer 7 CPS :
Connection: 38 Minimum: 200K Concurrent
Page 43 of 174
 Million RSA CPS Connection : Minimum 25 Million SSL
(2K Key): 20,000 CPS : minimum 20,000 ECC CPS
ECC CPS (EC- (EC-P256): 12,000 with TLS1.3
P256): 12,000 Support OR SSL Bulk encryption
with TLS1.3 throughput min 10Gbps.
Support
Processor: Intel
12-core CPU,
64GB RAM,
minimum 480GB
SSD Disk and
dual power
supply. The
appliance should
have 1 x 1G
RJ45
Management
Port and 1G
RJ45 Console
port.
13 Clause No. Following Load Some of the topologies favoring to Please refer the
7 Balancing specific OEM architecture Suggest revised
Topologies relaxing this clause. specifications
should be Following Load Balancing Topologies given below.
supported: should be supported: Router Mode,
•Virtual Matrix One-Arm Mode, and Direct Server
Architecture Return Mode deployments, Direct
•Mapping Ports access Mode, Mapping Ports, Client
•Direct Server Network Address Translation (Proxy
Return IP), Assigning Multiple IP Addresses.
•One Arm
Topology
Application
•Direct Access
Mode
•Assigning
Multiple IP
Addresses
•Immediate and
Delayed Binding
14 Clause No. The proposed Hardware appliance also supports Please refer the
8 device should virtual context / domains. Request to revised
have Hypervisor allow the same. specifications
(should not use The proposed device should have given below.
Open Source) Hypervisor (should not use Open
Based Source) Based Virtualization feature
Virtualization (NO Multi-Tenancy) OR inbuilt
feature (NO support of virtual domain that
Multi-Tenancy) virtualizes the Device resources—
that virtualizes including CPU, memory, network, and
the Device acceleration resources. It should NOT
Page 44 of 174
resources— use Open Source/3rd party Network
including CPU, Functions. The proposed appliance
memory, should have capability to run in
network, and Virtualized as well as Standalone
acceleration mode (Bidder may be asked to
resources. It demonstrate this feature during
should NOT use Technical Evaluation). Should be high
Open performance purpose built next
Source/3rd party generation multi-tenant (min. 5 virtual
Network instances from Day 1 and scalable
Functions. The upto 10 Virtual Instances) hardware.
proposed Platform must have multiple functions
appliance should including Advance application load
have capability balancing and global server load
to run in balancing, Network security
Virtualized as functionality and complete application
well as protection functionality.
Standalone
mode (Bidder Each Virtual Instance contains a
may be asked to complete and separated environment
demonstrate this of the Following:
feature during a) Resources, b) Configurations, c)
Technical Management, d) Operating System.
Evaluation).
Should be high
performance
purpose built
next generation
multi-tenant
(min. 5 virtual
instances from
Day 1 and
scalable upto 10
Virtual
Instances)
hardware.
Platform must
have multiple
functions
including
Advance
application load
balancing and
global server
load balancing,
Network security
functionality and
complete
application
protection
functionality.
Page 45 of 174
 Each Virtual
Instance
contains a
complete and
separated
environment of
the Following:
a)Resources,
b)Configurations
c)Management,
d)Operating
System
15 Clause WAF should Favoring to specific OEM Yes changed /
No.19 have the Request to remove - Out of Path removed.
flexibility to be (OOP)
deployed in the
following modes:
Reverse proxy
Out of Path
(OOP)
16 2.15 Bidders meeting Our Request: As the Original No change.
Eligibility ALL of the Equipment Manufacturer (OEM) is
/Pre- following pre- responsible for the maintenance and
Qualificatio qualification installation of the firewall, and we
n Criteria: criteria are coordinate directly with the OEM, we
eligible to apply: kindly request that you consider our
(i) Experience: experience in supplying IT equipment
Experience in as sufficient qualification.
the supply,
installation,
commissioning,
and
maintenance of
firewall, WAF,
NMS tools, and
similar IT
equipment
during the last 5
years, ending on
the last day of
the month
preceding the
publication of
this tender,
should meet
either of the
following:
[Details as per
your document.
14. M/s VSN International Pvt. Ltd.
1 Section – IV 4.2.1 The As the warranty asked in the bid is for Yes changed.
Page 46 of 174
 4 Successful 5 years onsite, We would request to The Successful
GENERAL Bidder will be ask for Performance bank Guarantee Bidder will
CONDITIO required to for 5 years only at the time of release required to
NS OF THE furnish of purchase order this will bind bidder furnish
CONTRAC performance for warranty obligation and service performance
T (GCC):- guarantee in the support till the end of warranty period. guarantee in the
4.2 form of form of
PERFORM unconditional unconditional
ANCE Bank Guarantee Bank Guarantee
GUARANT issued by a issued by a
EE:- Nationalized / Nationalized /
Scheduled Bank Scheduled Bank
in India valid for a period
equivalent to of 60 months
05% of the within 30 days
Contract Value from the date of
initially valid for issue of Letter of
a period of 36 Award /
months within 30 acceptance.
days from the
date of issue of
Letter of Award /
acceptance. For
remaining 24
months Bidder
will submit fresh
BG before expiry
of the initial BG.
2 Section – I Estimated As per the clause the Budget The budget is
NOTICE project cost (In Projection mentioned in the NIT is revised to
INVITING Lakh Rs.): 1.50 very low as per the solution required approximately Rs.
TENDER Crore in the RFP. As per the requirement 05 Crore.
we assume that the budget for the
RFP should be at least 6-7 Cr. to
execute the Order properly.
We kindly request you to kindly revise
the budget projection as requested to
meet the tender requirement.
3 “Specificatio The appliance Justification:-Security appliance Please refer the
ns – A” hardware should should be evaluated based on their revised
Firewall be a multicore security effectiveness, features, and specifications
Technical CPU functionality, rather than their given below.
Specificatio architecture architecture. The current clause
ns s, Page and should not seems to favor PC-based
No.32, be proprietary architecture, potentially excluding
S.No.04- ASIC based in ASIC OEMs from the tender. We
Hardware nature & should would like to emphasize that ASIC
Architecture be technology is no longer proprietary,
open as many leading OEMs are adopting
architecture it for its superior performance. Please
based on multi- refer to the URL below, which
Page 47 of 174
 core cpu's to highlights that ASIC is not exclusive
protect & scale to Fortinet. Therefore, we request the
against dynamic removal of this clause and suggest
latest security that MP High court to consider
threats. The architectures based on their
appliance performance and security
hardware should effectiveness.
have a hardened https://community.cisco.com/t5/netwo
operating rking-blogs/the-new-era-of-wan-an-
system from the asic-innovation-story/ba-p/4175243
OEM and should https://www.paloaltonetworks.com/net
support work-security/hardware-firewall-
minimum of innovations
64GB of RAM to https://blog.checkpoint.com/security/c
make sure all heck-point-software-introduces-the-
the security worlds-fastest-firewall-delivering-20-
capabilities are times-better-price-performance-to-
provided without the-worlds-most-demanding-
degradation from datacenters/
day one. Request for change:- The appliance
hardware should be a multicore CPU
architecture or can be ASIC based in
nature & should be open architecture
based on multi-core cpu's to protect &
scale against dynamic latest security
threats. The appliance hardware
should have a hardened operating
system from the OEM.
4 “Specificatio The appliance Justification:- ASCI solution do not Please refer the
ns – hardware should require higher memory and CPU to revised
A”Firewall be a multicore deliver the desire functionality. Only specifications
Technical CPU PC based architecture require high given below.
Specificatio architectureand memory. We suggest removing this
ns s, Page should not be clause as it is favoring single OEM
No.32, proprietary ASIC devices. We emphasize MP High
S.No.04- based in nature court team to evaluate the Firewall
Hardware & should beopen solution based on the performance
Architecture architecture parameters Not memory and CPU
based on multi- We would request to amend the
core cpu's to clause to "OEM and should support
protect & minimum of 64GB of RAM to make
scaleagainst sure all the security capabilities are
dynamic latest provided without degradation from
security threats. day one or or should be proprietary
The appliance ASIC based in nature to make sure
hardwareshould all the security capabilities are
have a hardened provided without degradation from
operating day one."
system from the
OEM andshould
support
Page 48 of 174
 minimum of
64GB of RAM to
make sure all
thesecurity
capabilities are
provided without
degradation from
dayone
5 “Specificatio The NGFW Justification:- Every OEM have Please refer the
ns – A” throughput of the different ways to measured the revised
Firewall firewall should throughput values. We request for specifications
Technical be a minimum changes so all major OEM match this given below.
Specificatio 20 and can participate in the bid.
ns s, Page Gbps with We would request to amend the
No.32, application clause to" The NGFW throughput of
S.No.05- identification and the firewall should be a minimum 15
Performanc firewalling (enterprise mix /Real world with
e & enabled with logging enabled) OR Application
Scalability real throughput measured with 64K http
world/enterprise/ minimum 20Gbps. Threat prevention
production traffic throughput minimum 10Gbps
with logging (Enterprise Mix / Real World with
enabled. The logging enabled)".
Threat
Prevention/NGIP
S throughput
after enabling
IPS, AVC,
antimalware,
sandboxing with
logging enabled
should be 12
Gbps.
6 “Specificatio Additional Point It is highly recommended to ask SSL No change.
ns – A” inspection throughput. This is
Firewall important parameters to size the right
Technical box. Because lower SSL inspection
Specificatio throughput can degrade the
ns s, Page performance while complete
No.32, inspection of the packet is enabled.
S.No.05- We would request to add new clause
Performanc as "Minimum 10Gbps of SSL
e & inspection throughput and 500K SSL
Scalability inspection concurrent session
support."
7 “Specificatio NGFW Firewall Most of the OEM is publish the No change.
ns – A” should support connection per second and
Firewall at least 150,000 concurrent session in TCP. It's highly
Technical connections per recommended on the basis of the
Specificatio second L3/L4 or ports count that the connections
ns s, Page New Layer 7 requirement must be higher so device
Page 49 of 174
 No.32, connections per not becomes bottle neck. Asking the
S.No.05- second – Min lower connections is favoring specific
Performanc 90,000 OEM model.
e & We would request to amend the
Scalability clause to "NGFW Firewall should
support at least Min 500K Connection
per Second and 5M concurrent
connections."
8 “Specificatio Should support This clause is favoring to specific Please refer the
ns – A” more than OEM signature count so, we would revised
Firewall 19,000 request to make changes and allow specifications
Technical (excluding min 10000 Signatures. given below.
Specificatio custom
ns s, Page signatures)
No.32, IPS signatures
S.No.06- or more.
Next Gen Solution should
Firewall be able to
Features passively detect
endpoints and
infrastructure for
threat correlation
and Indicators of
Compromise
(IoC)
intelligence. The
signatures
should also have
categorization
based on MITRE
TTP's
9 “Specificatio Should support Every OEM has different counts and Please refer the
ns – Reputation- and categories. This is favoring to specific revised
A”Firewall category-based OEM nos. Hence, We would request specifications
Technical URL filtering to kindly remove this clause. given below.
Specificatio offering
ns s, Page comprehensive
No.32, alerting and
S.No.07- control over
URLFilterin suspect web
g Features traffic and
enforces policies
on more than
250 million of
URLs in more
than 75+
categories from
day1.
10 “Specificatio The Solution This clause is favoring to Specific Please refer the
ns – A” should support OEM. Hence, we would request to revised
Firewall DNS security in amend the clause to "The Solution specifications
Page 50 of 174
 Technical line mode and should support DNS security in line given below.
Specificatio not mode/proxy mode. Necessary
ns s, Page proxy mode. licenses to be included from day 1."
No.36, Necessary
S.No.11- licenses to be
DNS included from
Security day 1.
11 “Specificatio DNS security Every OEM has different counts in Please refer the
ns – A” should block threat intelligence asking specific revised
Firewall known Bad favoring to specific OEM. specifications
Technical domains and We would request to remove 10M given below.
Specificatio predict with malicious domain from the
ns s, Page advanced specifications .
No.36, machine
S.No.11- learning
DNS technology and
Security should have
global
threat
intelligence of at
least 10 million
malicious
domains.
12 “Specificatio The solution This clause is Favoring to Specific The vendor can
ns – A” should integrate OEM: Should have OEM human- quote equivalent
Firewall and correlate to driven adversary tracking and or better solution.
Technical provide effective malware reverse engineering,
Specificatio prevention including insight from globally
ns s, Page against. deployed honey pots.
No.36, New C2 Should take inputs from at least 25
S.No.11- domains, file third-party sources of threat
DNS download source intelligence
Security domains, and
domains in Hence, we would request to remove
malicious email this clause from the specifications s.
links.
Integrate with
URL Filtering to
continuously
crawl newfound
or
uncategorized
sites for threat
indicators.
Should have
OEM human-
driven adversary
tracking and
malware
reverse
engineering,
Page 51 of 174
 including insight
from globally
deployed honey
pots.
Should take
inputs from at
least 25 third-
party sources of
threat
intelligence.
13 “Specificatio The proposed NSS Labs already closed and already Please refer the
ns – A” firewall vendor irrelevant since we are unable to get revised
Firewall must have over succeeding certification from them. specifications
Technical 97% of Exploit Hence, we would request to kindly given below.
Specificatio Block rate in remove this clause.
ns s, Page latest NGFW
No.32, NSS Lab Test
S.No.02- report.
3rd party
Test
Certification

14 “Specificatio The proposed

As per DPIT notification DPIIT Please refer the
ns – A” vendor must be
Notification File No- P-45021/2/2017- revised
Firewall in the Leader’s
PP(BE-II) dated 16-09-2020 from the specifications
Technical or challenger
Ministry of India , Make In India given below.
Specificatio quadrant of the
product should be given privilege and
ns s, Page Network Gartner/ or any other 3rd party
No.32, Firewalls international certificate are not
S.No.02- Gartner Magic
considered.
3rd party Quadrant Request for change:-
for
Test latest year
The proposed vendor must be in the
Certification report. Gartner's Magic quadrant for the
network firewalls as per the latest
report.
OR
The proposed vendor should be
qualified as a class 1 Make In India
vendor as per DPIT guideline.
15 “Specificatio 6 X 10G Every OEM has its standard Please refer the
ns – A” Copper/RJ45 architecture, kindly make it more revised
Firewall Day 1 generic feature to participate more specifications
Technical number of OEM in this bid. given below.
Specificatio We would request to amend the
ns s, Page clause to "6 X 10G Copper/ 10 G
No.32, fiber with RJ45 Trans-receiver from
S.No.03- Day 1"
Interface
and
Connectivity
Requiremen
Page 52 of 174
 t
16 “Specificatio 4X 10/25Gig Sir, your backend network ports are Please refer the
ns – SFP28 Ports standard on 10G/ 40G/ 100G QSFP. revised
A”Firewall with 4 nos. of LR Whereas, you have asked for specifications
Technical transceivers and 10G/25G which does not make sense given below.
Specificatio 4x3m patch because your entire network is on
ns s, Page cords from Day 10G and after link aggregation on
No.32, one your SD-WAN your capacity will
S.No.03- increase from 10G. Hence, You
Interfacean should ask for "Minimum 40G of
d SFP28 Ports with 4 nos. of LR
Connectivity transceivers and 4x3m patch cords
Requiremen from Day one." Today this will not
t increase your price rather will make it
standard for everyone and you will
get the best product otherwise
everybody will quote 10G product
only.
17 “Specificatio Should support Every OEM has its standard Please refer the
ns – A” capability to architecture, and parlances we revised
Firewall create multiple request you to make it generic by specifications
Technical virtual context putting “Should support capability to given below.
Specificatio /instance with create multiple virtual
ns s, Page strict hardware context/instance /virtual zones with
No.33, resource (CPU, physical interfaces, ensure traffic
S.No.06- Memory & isolation between virtual
Next Gen Storage) context/instance/Virtual Zones". Keep
Firewall reservation and it more generic because the definition
Features ensure traffic becomes very OEM specific
isolation Hence, we would request to kindly
between virtual amend the clause to "Should support
context/instance capability to create multiple virtual
context/instance /virtual zones with
physical interfaces, ensure traffic
isolation between virtual context
/instance/Virtual Zones"
18 “Specificatio The solution Every OEM has its standard Please refer the
ns – A” should provide architecture, Sir; It is difficult to show revised
Firewall Configuration what comparison means between specifications
Technical Deployment different policies it is always better to given below.
Specificatio History, Pending have web policy comparison/Testing
ns s, Page Changes and capability. Kindly make it more
No.34, Policy Compare generic feature to participate more
S.No.06- capability before number of OEM in this bid. Hence,
Next Gen the security we would request to kindly amend the
Firewall policies are clause to The solution should provide
Features deployed on the Configuration Deployment History
firewall. It should and Web Policy Compare/test
also provide capability before the policies are
configuration deployed on the firewall. It should
rollback capacity also provide configuration rollback
Page 53 of 174
 to the last good capacity to the last good configuration
configuration running on the firewall.
running on the
firewall.
19 “Specificatio Bidder has to Every OEM has its standard Quote as per
ns – A” propose on architecture, kindly make it more tender.
Firewall premise generic feature to participate more
Technical dedicated number of OEM in this bid. As per
Specificatio logging, latest guideline by Cert-IN data
ns s, Page analytics & should be reside within geographical
No.38, reporting border of India. Hence requesting ,
S.No.16 - solution from reports can be stored in India DC
Logs & same OEM which is SOC2 certified and
Reporting (Virtual /Physical empanelled with MeitY for better and
Appliance) from efficient management, feature rich
day1, the SIEM like details reporting, flexibility
logging solution in storage increment at any point of
to be deployed time and saving more energy to
at Data Center encourage Go-Green policy.
only. Request for change:-Bidder has to
In Case of propose on premise dedicated
Virtual logging, analytics & reporting solution
Appliance, from (Virtual /Physical
bidder to Appliance/India Cloud) from day1, the
consider logging solution to be deployed at
Required Data Center only.
computing / In Case of Virtual Appliance, bidder to
hardware consider Required computing /
resource for the hardware resource for the VM. The
VM. The firewall firewall should support to store all log
should support of minimum 8months period on
to store all log of external storage such as NAS/SAN.
minimum The required external storage (Hitachi
8months period VSP E590H through) will be provided
on external by High Court of M.P.
storage such as
NAS/SAN. The
required external
storage (Hitachi
VSP E590H
through) will be
provided by High
Court of M.P.
Required Required Features:Should Deliver Quote as per
Features:Should single-pane visibility, also have tender.
Deliver single- reporting facility to generate reports
pane visibility, on virus detected over different
also have protocols, top sources for viruses,
reporting facility destination for viruses, top viruses
to generate etc. Should have options to generate
reports on virus Predefined or customized Advance
Page 54 of 174
detected over reports in different formats. The
different solution should have configurable
protocols, top options to schedule the report
sources for generation. Log retention
viruses, customization by category. Solution
destination for should offer Centralized NOC/SOC
viruses, top Visibility for the Attack Surface.
viruses etc. Bidder has to include any additional
Should have license for analytics /event correlation
options to from day1. The solution should
generate machine learning capability to detect
Predefined or the exploit and not depend on the
customized vulnerabilities with trained models
Advance reports and traffic classifiers. The same
in different should be available on public website
formats. The to validate the capabilities.Request
solution should for Change: - Traffic Ports support: 4
have x 10 GE Fiber, 4 x 1G GE Fiber and 4
configurable x 1G From day 1Device L7
options to Throughput: Minimum 20 GbpsLayer
schedule the 7 CPS : Minimum: 200K Concurrent
report Connection : Minimum 25 MillionSSL
generation. Log CPS : minimum 20,000ECC CPS
retention (EC-P256): 12,000 with TLS1.3
customization by Support OR SSL Bulk encryption
category. throughput min 10Gbps
Solution should
offer Centralized
NOC/SOC
Visibility for the
Attack Surface.
Bidder has to
include any
additional
license for
analytics /event
correlation from
day1. The
solution should
machine
learning
capability to
detect the exploit
and not depend
on the
vulnerabilities
with trained
models and
traffic classifiers.
The same
should be
Page 55 of 174
 available on
public website to
validate the
capabilities.
20 “Specificatio Additional Query In the specifications you have asked Top 10 brands /
ns – B” for Gartner report. We would like to OEM as per latest
Web inform you that Gartner has stop IDC reports /
Application publishing report post 2018 for ADC. Industry
Firewall We would request to remove Gartner Standards.
with Server report and ask for IDC report for
Load ADC.
Balancer,
21 “Specificatio Traffic Ports Every OEM has its own architecture. Please refer the
ns – B” support: 4 x 10 Scalability ask within same appliance revised
Web GE Fiber, 4 x 1G is favoring specific OEM architecture. specifications
Application GE Fiber and 4 x We request MP high court specify the given below.
Firewall 1G Copper Port required throughput values including
with Server from day-1. scalability requirement and it is highly
Load Additionally recommended to Layer 7 throughput
Balancer, should have 8 x of the appliance now a day's most off
Page no.39, 1GE Fiber for the applications are HTTP and
S.No.02 future use HTTPS . Ask parameters are favoring
(Break-Out specific OEM model and designed
should not be such a way to make competition
used). All model higher. For fair participation we
transceivers request relaxation in parameters.
(SM) from day1. ASIC technologies do not required
Device L4 higher memory and throughput to
Throughput: 20 match the desired performance. So
Gbps and Request the processor and memory
scalable upto 40 clause. Also request to relax ports
Gbps Layer 7 here. Ask ports counts are favoring
requests per specific OEM model.
second:
1300,000
Layer 4
connection per
second: 500,000
Concurrent
Connection: 38
Million RSA CPS
(2K Key): 20,000
ECC CPS (EC-
P256): 12,000
with TLS1.3
Support
Processor: Intel
12-core CPU,
64GB RAM,
minimum 480GB
SSD Disk and
Page 56 of 174
 dual power
supply.
The appliance
should have 1 x
1G RJ45
Management
Port and 1G
RJ45
Console port.
22 “Specificatio Following Load Some of the topologies favoring to Please refer the
ns – B” Balancing specific OEM architecture Suggest revised
Web Topologies relaxing this clause. specifications
Application should be Request for change:- given below.
Firewall supported: Following Load Balancing Topologies
with Server • Virtual Matrix should be supported: Router Mode,
Load Architecture One-Arm Mode, and Direct Server
Balancer, • Client Network Return Mode deployments , Direct
Page no.39, Address access Mode, Mapping Ports, Client
S.No.07 Translation Network Address Translation (Proxy
(Proxy IP) IP) , Assigning Multiple IP Addresses
• Mapping Ports
• Direct Server
Return
• One Arm
Topology
Application
• Direct Access
Mode
• Assigning
Multiple IP
Addresses
• Immediate and
Delayed Binding
23 “Specificatio The proposed Hardware appliance also supports Please refer the
ns – device should virtual context / domains. Request to revised
B”Web have Hypervisor allow the same. specifications
Application (should not use Request for change:- The proposed given below.
Firewall Open Source) device should have Hypervisor
with Server Based (should not use Open Source) Based
Load Virtualization Virtualization feature (NO Multi-
Balancer, feature (NO Tenancy) OR inbuilt support of virtual
Page no.40, Multi-Tenancy) domain that virtualizes the Device
S.No.08 that virtualizes resources—including CPU, memory,
the Device network, and acceleration resources.
resources— It should NOT use Open Source/3rd
including CPU, party Network Functions. The
memory, proposed appliance should have
network, and capability to run in Virtualized as well
acceleration as Standalone mode (Bidder may be
resources. It asked to demonstrate this feature
should NOT use during Technical Evaluation). Should
Page 57 of 174
Open Source be high performance purpose built
/3rd party next generation multi-tenant (min. 5
Network virtual instances from Day 1 and
Functions. The scalable upto 10 Virtual Instances)
proposed hardware. Platform must have
appliance should multiple functions including Advance
have capability application load balancing and global
to run in server load balancing, Network
Virtualized as security functionality and complete
well as application protection functionality.
Standalone Each Virtual Instance contains a
mode (Bidder complete and separated environment
may be asked to of the Following: a) Resources, b)
demonstrate this Configurations, c) Management, d)
feature during Operating System
Technical
Evaluation).
Should be high
performance
purpose built
next generation
multi-tenant
(min. 5 virtual
instances from
Day 1 and
scalable upto 10
Virtual
Instances)
hardware.
Platform must
have multiple
functions
including
Advance
application load
balancing and
global server
load balancing,
Network security
functionality and
complete
application
protectionfunctio
nality. Each
Virtual Instance
contains a
complete and
separated
environment of
the Following:a)
Resources, b)
Page 58 of 174
 Configurations,
c) Management,
d) Operating
System
24 “Specificatio WAF should This clause is Favoring to specific Yes removed.
ns – B” have the OEM. Hence, we would request to
Web flexibility to be kindly remove Out of Path (OOP).
Application deployed in the
Firewall following modes:
with Server Reverse proxy
Load Out of Path
Balancer, (OOP)
Page no.41,
S.No.19
25 “Specificatio Traffic Ports Traffic Ports support: As per the Please refer the
ns – B” support: 4 x present data center /IT infra revised
Web 10 GE Fiber, 4 requirement standard, 10G ports are specifications
Application x 1G GE Fiber recommended over 1G, As 10G is given below.
Firewall and 4 x 1G backward-compatible with 1G where
with Server Copper Port as vies-versa is not possible. And for
Load from day-1. ADC/WAF/SLB deployment 8 x 10G
Balancer, Additionally is more than sufficient because asked
Page no.39, should have 8 x throughput is 40G.please amending
S.No.02 1GE Fiber for this clause.
future use Layer 4 connections per second:
(Break-Out Considering the asked Concurrent
should not be Connections and Layer 4 connections
used). All per second requirement is lower side.
transceivers Please amend this clause.
(SM) from day1. Layer 7 requests per second:
Device L4 Considering the asked Concurrent
Throughput: 20 Connections and Layer 7 requests
Gbps and per second requirement is lower side.
scalable upto 40 Please amend this clause.
Gbps It is suggested to amend the clause
Layer 7 requests as :-
per second: Traffic Ports support: 8 x 10 GE
1300,000 SFP+ from day-1
Layer 4 Device L4 Throughput: 20 Gbps and
connection per scalable up to 40 Gbps, Layer 7
second: 500,000 requests per second : 5 million
Concurrent Layer 4 connections per second: 3
Connection: 38 Million RSA CPS(2K Key): 20,000,
Million ECC CPS (EC-P256): 12,000 with
RSA CPS (2K TLS1.3 Support, Processor: Intel 12-
Key): 20,000 core CPU or equivalent or better,
ECC CPS (EC- Concurrent Connections: 40 Million,
P256): 12,000 Processor - Intel 12-core CPU, 64GB
with TLS1.3 RAM, minimum 480GB SSD Disk and
Support dual power supply.
Processor: Intel The appliance should have 1 x
Page 59 of 174
 12-core CPU, 1G RJ45 Management Port and
64GB RAM, 1G RJ45 Console port.
minimum 480GB
SSD Disk and
dual power
supply.
The appliance
should have 1
x 1G RJ45
Management
Port and 1G
RJ45 Console
port.
26 “Specificatio The proposed We would like to request the Please refer the
ns –B” Web appliance/softwa honorable tendering committee to revised
Application re should be amend the clause for wider specifications
Firewall EAL2 certified. participation in the bid as "The given below.
with Server proposed appliance /software should
Load be EAL2 certified/ Applied for EAL2.
Balancer, Before the supply of the product the
Page no.42, OEM should provide the EAL2
S.No.31 certification.
27 “Specificatio Capable of In order to switch over the Please refer the
ns – handling applications traffic like web app, email revised
B”Web complete Full app etc. the GSLB solution must specifications
Application DNS bind understand all types of DNS records given below.
Firewall records including and not just A or AAAA. Kindly add
with Server A, AAAA, etc.for following functionality for complete
Load IPv4/IPv6 Solution. It is suggested to amend
Balancer, this clause as: - The Proposed
Page no.42, Solution must have Global Server
S.No.34 Load Balancing and should be able to
host SRV Records, AAAA Records, A
, PTR , MX ,TXT ,SOA, NS, Dname,
Dmarc Records and should also
support DNSSEC.
28 “Specificatio Application load IPS is completely different technology Please refer the
ns – B” balance with even deployment is different. IPS revised
Web functionality of does not come in ADC and comes in specifications
Application Application network security. Kindly remove the given below.
Firewall delivery features IPS feature in the specifications s for
with Server , Antivirus, IP the wider participations of OEM. It is
Load Reputation, IPS, suggested to amend the clause as
Balancer, WAF Security, "Application load balance with
Page no.44, Credential functionality of Application delivery
S.No.44 Stuffing features , Antivirus, IP Reputation,
Defense, Zero WAF Security, Credential Stuffing
day prevention , Defense, Zero day prevention , DLP ,
DLP , Analytics Analytics ,Bot protection ,logs, High
,Bot protection Availability and reporting from day 1.
,logs, High OEM should be present in India from
Page 60 of 174
 Availability and at least 5 years and Proposed
reporting from solution should support 24x7x365
day 1. OEM OEM TAC support and advance Next
should be Business Day Hardware replacement.
present in India The proposed equipments must come
from at least 5 with 5 year warranty and onsite
years and support. Installation, basic
Proposed configuration (at least 2 domains),
solution should and six days of training on essential
support aspects of the WAF/ADC for the IT
24x7x365 OEM team of the High Court of M.P.,
TAC support and Jabalpur. The WAF/ADC should
advance Next support to store all log of minimum
Business Day 8months period on external storage
Hardware such as NAS/SAN. The required
replacement. external storage (Hitachi VSP E590H
The proposed through) will be provided by High
equipments Court of M.P"
must come with
5 year warranty
and onsite
support.
Installation,
basic
configuration (at
least 2
domains), and
six days of
training on
essential
aspects of the
WAF/ADC for
the IT team of
the High Court of
M.P., Jabalpur.
The WAF/ADC
should support
to store all log of
minimum
8months period
on external
storage such as
NAS/SAN. The
required external
storage (Hitachi
VSP E590H
through) will be
provided by High
Court of M.P.
29 “Specificatio The proposed DDoS protection should be provided The vendor may
ns – B” appliance should with the help of stateless appliance provide DDoS
Page 61 of 174
 Web be a dedicated as it doesn't maintain any session Protection with
Application ADC/WAF/SLB table, this is first and foremost criteria the help of any
Firewall appliance having to choose DDoS protection appliance. devices /software
with Server DDoS ADC/WAF/SLB is state full appliance; if the DDoS
Load protection, SSL hence DDoS should not be part of protection not
Balancer, inspection, and ADC/WAF/SLB. available in
Page no.39, real-time threat Request for change: The proposed dedicated
S.No.01 intelligence. It appliance should be a dedicated ADC/WAF/SLB
should not be ADC/WAF/SLB appliance having SSL appliance.
part of any inspection, and real-time threat
Firewall or UTM. intelligence. it should not be part of
any Firewall or UTM.
30 “Specificatio Traffic Ports Layer-7 RPS is not in line with the Please refer the
ns – support: 4 x 10 requirement of Layer-4 CPS, both revised
B”Web GE Fiber, 4 x 1G should be in line with the requirement specifications
Application GE Fiber and 4 x asked. As these appliances are given below.
Firewall 1G Copper Port purpose built appliance, asking the
with Server from day-1. unnecessary RAM and Hard disk will
Load Additionally not help for anything, it will
Balancer, should have 8 x unnecessarily increase the overall
Page no.39, 1GE Fiber for cost without any requirement.
S.No.02 future use Request for change:-Traffic Ports
(Break-Out support: 4 x 10 GE Fiber, 4 x 1G GE
should not be Fiber and 4 x 1G Copper Port from
used). All day-1. Additionally should have 8 x
transceivers 1GE Fiber for future use (Break-Out
(SM) from should not be used). All transceivers
day1.Device L4 (SM) from day1.Device L4
Throughput: 20 Throughput: 20 Gbps and scalable
Gbps and upto 40 Gbps Layer 7 requests per
scalable upto 40 second: 900,000Layer 4 connection
Gbps Layer 7 per second: 500,000Concurrent
requests per Connection: 38 MillionRSA CPS (2K
second: Key): 20,000 ECC CPS (EC-P256):
1300,000 Layer 12,000 with TLS1.3
4 connection per SupportProcessor: Intel 12-core CPU,
second: 32GB RAM, minimum 100GB SSD
500,000Concurr Disk and dual power supply.The
ent Connection: appliance should have 1 x 1G RJ45
38 MillionRSA Management Port and 1G RJ45
CPS (2K Key): Console port.
20,000 ECC
CPS (EC-P256):
12,000 with
TLS1.3 Support
Processor: Intel
12-core CPU,
64GB RAM,
minimum 480GB
SSD Disk and
dual power
Page 62 of 174
 supply.The
appliance should
have 1 x 1G
RJ45
Management
Port and 1G
RJ45 Console
port.
31 “Specificatio The proposed ICSA certification is no longer Please refer the
ns – B” Solution should available, it is discontinued now. revised
Web have ICSA Request for change:- specifications
Application Certified and The proposed solution should be PCI given below.
Firewall PCI Compliant Compliant WAF on the same
with Server WAF on the Hardware from the same OEM. It
Load same Hardware must be able to handle OWASP Top
Balancer, from the same 10 attacks and WASC Web Security
Page no.41, OEM. It must be Attack Classification.
S.No.18 able to handle
OWASP Top 10
attacks and
WASC Web
Security Attack
Classification.
32 “Specificatio Application load Signature protection, Anti-Virus Please refer the
ns – B” balance with should be part of dedicated solution; revised
Web functionality of it can’t be added on top of ADC. specifications
Application Application Request for change:- given below.
Firewall delivery Application load balance with
with Server features, functionality of Application delivery
Load Antivirus, IP features, IP Reputation, WAF
Balancer, Reputation, IPS, Security, Credential Stuffing Defense,
Page no.43, WAF Security, Zero day prevention, DLP, Analytics,
S.No.44 a Credential Bot protection, logs, High Availability
Stuffing and reporting from day 1. OEM
Defense, Zero should be present in India from at
day prevention, least 5 years and Proposed solution
DLP, Analytics, should support 24x7x365 OEM TAC
Bot protection, support and advance Next Business
logs, High Day Hardware replacement. The
Availability and proposed equipments must come
reporting from with 5 year warranty and onsite
day 1. OEM support. Installation, basic
should be configuration (at least 2 domains),
present in India and six days of training on essential
from at least 5 aspects of the WAF/ADC for the IT
years and team of the High Court of M.P.,
Proposed Jabalpur. The WAF/ADC should
solution should support to store all log of minimum
support 8months period on external storage
24x7x365 OEM such as NAS/SAN. The required
TAC support and external storage (Hitachi VSP E590H
Page 63 of 174
 advance Next through) will be provided by High
Business Day Court of M.P.
Hardware
replacement.
The proposed
equipments
must come with
5 year warranty
and onsite
support.
Installation,
basic
configuration (at
least 2
domains), and
six days of
training on
essential
aspects of the
WAF/ADC for
the IT team of
the High Court of
M.P., Jabalpur.
The WAF/ADC
should support
to store all log of
minimum
8months period
on external
storage such as
NAS/SAN. The
required external
storage (Hitachi
VSP E590H
through) will be
provided by High
Court of M.P.
33 Section – The solution Requesting authority to amend the Please refer the
VII should clause as follows: The solution should revised
7. Technical automatically automatically group servers that work specifications
Specificatio group servers closely together based on an analysis given below.
ns s:- that work closely of communication analysis or
Network together based grouping criteria such as tags and
Monitoring on analysis of types between them.
System, communication
Page No. between them.
44, S.No.02
34 Section – The solution Requesting authority to kindly revise Please refer the
VII7. should the clause as this is OEM Specific revised
Technical automatically and restrictive for other OEM to specifications
Specificatio build participate in this tender, suggested given below.
Page 64 of 174
 ns s:- visualizations revised clause: " The solution should
"Specificatio that show automatically build visualizations that
ns – C", dependency shows dependency between
Network between switches, routers, physical/virtual
Monitoring switches, host, Containers, storages, cluster
System, routers, software, business applications and
Page No. physical/virtual other entities"
44, S.No.04 host, Containers,
storages, cluster
software,
business
applications and
other entities. It
should also have
the capability to
detect
applications that
span from
Datacenter and
end in a public
or a private
cloud with
interconnects
between them.
35 Section – The solution Kindly amend the clause as follows: Please refer the
VII should support The solution should support extensive revised
7. Technical extensive monitoring capabilities from an OS specifications
Specificatio monitoring (Linux, Windows) and platform given below.
ns s:- capabilities from standpoint, and should provide
"Specificatio an OS (Linux, options to deploy customized
ns – C", Windows)/ monitoring requirements.
Network platform
Monitoring standpoint and
System, should provide
Page No. capabilities for
45-46, customer to
S.No.36 develop, deploy
customized
monitoring
requirements
36 Section – Configurations: This clause is restrictive other eligible Yes removed.
VII create rules that bidders to participate in the bid.
7. Technical automatically Hence, we would request to kindly
Specificatio assign deadlines remove this clause.
ns s:- to events based
"Specificatio on their impact
ns – C", on services or
Network on end-users,
Monitoring create rules that
System, perform
Page No. automated
Page 65 of 174
 48, S.No.74 assignment of
events to the
corresponding
teams, create
rules that control
automated
notification of
interested
stakeholders
about events ,
automatically
handling
duplicate events,
provide event
correlation
capabilities to
combine a set of
different events
into one major
event
37 Section – Consider options We understand that the license used Yes it refer the
VII for transferring for a network device should also be same meaning
7. Technical licenses applicable to a server device when
Specificatio between devices needed, provided the network device
ns s:- or reallocating is removed from monitoring and
"Specificatio licenses as provisioning on the server. This would
ns – C", needs change. allow the same license to be used for
Network monitoring the server device. Could
Monitoring you please confirm if our
System, understanding is correct?
Page No.
49, S.No.86
38 Section – Suggestion to The proposed NMS solution should No change.
VII additional clause be aligned with ITIL framework
7. Technical principles, certified with ITIL4 for
Specificatio Monitoring & Event Management and
ns s:- Capacity & Performance
"Specificatio Management processes, and must
ns – C", include comprehensive
Network documentation demonstrating
Monitoring compliance with these standards to
System, ensure best practices in service
Page No. management and operational
49 excellence
39 Section – Suggestion to The proposed NMS solution must Please refer the
VII additional clause comply with recognized security revised
7. Technical standards, including ISO 27001:2013/ specifications
Specificatio ISO 27034, and CIS (Center for given below.
ns s:- Internet Security) certifications, to
"Specificatio ensure robust security management,
ns – C", secure software development, and
Page 66 of 174
 Network adherence to best practices in
Monitoring information security.
System,
Page No.
49
40 Section – The solution Request you to modify the OEM Please refer the
VII Clause should specific clause as:The solution should revised
No- 7. automatically automatically/Manually group servers specifications
Technical group servers that work closely together based on given below.
Specificatio that work closely analysis of communication between
ns s together based them
Specificatio on analysis of
ns – C” communication
Network between them
Monitoring
System
Page No.-
44
41 Section – The solution The required features is not the Please refer the
VII should standard ask of EMS module and to revised
Clause No- automatically achieve this solution dedicated APM specifications
7. Technical build tool will be required so we request given below.
Specificatio visualizations you to remove this clause for wider
ns s that show participate
Specificatio dependency
ns – C” between
Network switches,
Monitoring routers,
System physical/virtual
Page No.- host, Containers,
44 storages, cluster
software,
business
applications and
other entities. It
should also have
the capability to
detect
applications that
span from
Datacenter and
end in a public
or a private
cloud with
interconnects
between them.
42 Section – The solution Request you to modify the specific Please refer the
VII should be able clause as: revised
Clause No- to automatically The solution should be able to specifications
7. Technical detect software’s automatically/manually detect given below.
Specificatio that are end of software’s that are end of support,
Page 67 of 174
 ns s support, end of end of extended support and end of
Specificatio extended life. With respect to OS, it should
ns – C” support and end detect End of support and End of life
Network of life. With as well. On Security, It should be able
Monitoring respect to OS, it to find the patches installed on
System should detect servers along with reports on
Page No.- End of support vulnerable ports. .Lastly, it should
44 and End of life integrate with a vulnerability
as well. On management solution to detect blind
Security, It spots in security of nodes missed out
should be able in vulnerability management that are
to find the found to be active in discovery.
patches installed
on servers along As multiple software does not provide
with reports on the required data on any standard
vulnerable ports. protocol so please modify the clause
.Lastly, it should as suggested
integrate with a
vulnerability
management
solution to detect
blind spots in
security of nodes
missed out in
vulnerability
management
that are found to
be active in
discovery.
43 Section – Solution offers Request you to provide more details The bidder is
VII multiple on the software/application from requested to visit
Clause No- integration which EMS application need to the High Court of
7. Technical methods which integrate M.P., Jabalpur for
Specificatio can be used by getting the real
ns s customers for time details of
Specificatio integrating their same before the
ns – C” own systems. submission of bid
Network Integration document.
Monitoring should provide
System the option in
Page No.- both north as
45 well as south
bound
integration using
multiple options
like RestAPI,
XML, SOAP, etc.
on each module
level. Any fault
details should be
able to send to
Page 68 of 174
 third party CRM,
Customer Portal,
UNMS or even
EMS if needed
using the Trap,
XML
44 Section – The solution As per our understanding here need Quote as per
VII should be able to monitor the latency of all the nodes tender document.
Clause No- to track from application server, please clarify
7. Technical connectivity
Specificatio between network
ns s endpoints and
Specificatio display the delay
ns – C” between nodes
Network
Monitoring
System
Page No.-
45
45 Section –Configurations: The required features is not the Please refer the
VII Clause create rules that standard ask of NMS solution and revised
No- 7.automatically can be achieved via ITSM solution, specifications
Technical assign deadlines so please confirm here whether new given below.
Specificatio to events based ITSM need to propose here or NMS
ns son their impact will be integrated with existing
Specificatio on services or running ITSM solution.If Existing
ns – C” on end-users, please provide OEM and version
Network create rules that details of the ITSM solution.
Monitoring perform
System automated
Page No.- assignment of
48 events to the
corresponding
teams, create
rules that control
automated
notification of
interested
stakeholders
about events ,
automatically
handling
duplicate events,
provide event
correlation
capabilities to
combine a set of
different events
into one major
event
46 Section – It should be The required features is not the No change.
Page 69 of 174
 VII possible to standard ask of EMS module and to
Clause No- initiate complete achieve this solution dedicated APM
7. Technical discovery of an tool will be required so we request
Specificatio application and you to remove this clause for wider
ns s connected participate
Specificatio components
ns – C” from anywhere
Network in the tree.
Monitoring Therefore it
System should support
Page No.- top down,
44 bottom up and
start anywhere
discovery from
any node of the
application.
47 Additional Request you to please provide the The bidder is
required details of the IT requested to visit
Infrastructure which will be monitored the High Court of
in NMS solution M.P., Jabalpur for
1) No. Of servers: getting the real
i) Physical Server ii) VMs time details of
iii) Physical server on which same before the
virtualization platform running. submission of bid
2) No. & Make Of Network devices document.
i) Router/Switches/Firewall
ii) Wireless Controller /Wifi AP
iii) Storage
3) No. & Name Of Applications
4) No. Of containers. Or any other IP
devices
15. Business Automation (I) Pvt. Ltd.
1 Pre- The bidder must Certification must be current and Quote as per
Qualificatio be a certified applicable to the services/products tender document.
n Terms company with provided. Bidders are required to
the following ISO submit valid certification documents
certifications: as part of their pre-qualification
o ISO 9001 : submission.
Quality
Management
Systems
o ISO14001
: Environment
al
Management
Systems
o ISO 2000: IT
Service
Management
(or equivalent,
such as ISO
Page 70 of 174
 27001 for
Information
Security
Management)
o ISO 27001
: Information
Security
Management
Systems
2 Certification The ISO certifications should be valid Quote as per
Validity at the time of bid submission and tender document.
must remain valid throughout the
contract period.
3 Certification Certifications must be issued by Quote as per
Bodies accredited and recognized tender document.
certification bodies.
4 Non-Compliance Failure to provide the required Quote as per
certifications or documentation may tender document.
result in disqualification from the
bidding process.
16. Echelon Edge Pvt. Ltd.
1 Specificatio The solution The term "automatically build Please refer the
ns – C, should visualizations" interprets that the revised
Clause No automatically proposed solution platform should be specifications
4, Page 44. build capable to provide visualizations that given below.
visualizations shows dependency between
that show switches, routers, physical/virtual host
dependency Containers, storages, cluster
between software, business applications and
switches, other entities. It should also have
routers, the capability to detect applications
physical/virtual that span from Datacenter and end
host, Containers, in a public or a private cloud with
storages, cluster interconnects between them.
software, Please confirm whether our
business understanding is correct.
applications and
other entities. It
should also
have the
capability to
detect
applications that
span from
Datacenter and
end in a public
or a private
cloud with
interconnects
between them.
2 Specificatio The Discovery We understand that the proposed Yes
Page 71 of 174
 ns – C, solution should solution platform should support
Clause No come with real- organizations to make correct &
7, Page 44. time optimize decisions by providing real-
dashboards that time dashboards that collate and
collate and present data.
present data that Could you please confirm if our
allows understanding is correct?
organizations to
make decision
on consolidation,
re-use of
infrastructure,
detecting
infrastructure
that has never
been used etc.
3 Specificatio The solution Since the clause already specifies Please refer the
ns – C, should be able that the "EMS/NMS platform must be revised
Clause No to automatically integrated with a vulnerability specifications
8, Page 44. detect software’s management solution to identify blind given below.
that are end of spots in node security that may be
support, end of overlooked by the vulnerability
extended management system," we request
support and end that the scope of vulnerability
of life. With detection be removed from the
respect to OS, it EMS/NMS requirements. Instead, we
should detect propose making it a separate clause
End of support to facilitate broader participation in
and End of life the EMS/NMS scope.
as well. On
Security, It
should be able
to find the
patches installed
on servers
along with
reports on
vulnerable
ports. Lastly, it
should integrate
with a
vulnerability
management
solution to
detect blind
spots in
security of
nodes missed
out in
vulnerability
management
Page 72 of 174
 that are found
to be active in
discovery.
4 Specificatio The solution Please confirm if any DevOps Please refer the
ns – C, should be able platforms are currently in use. If not, revised
Clause No to do Virtual we kindly request that the clause be specifications
10, Page systems amended as follows: given below.
44. discovery "The solution should be capable of
(including discovering and monitoring virtual
Microsoft systems (including Microsoft Hyper-V,
Hyper-V, VMware, etc.) and management
vmware, etc.) solutions such as Kubernetes, Docker
Furthermore, it Swarm, and Cloud Foundry."
should support
discovery of
modern day
DevOps
platforms such
as containers
such as Docker,
Runc, AIX
WPARs and
management
solutions such
as Kubernetes,
Docker Swarm,
Cloud Foundry
and Open Shift.
5 Specificatio Solution offers Please confirm whether protocols Please refer the
ns – C, multiple such as XML, SOAP, or SNMP Trap revised
Clause No integration are currently in use. Additionally, let specifications
17, Page methods which us know if there is an existing UNMS given below.
45. can be used that needs to be integrated. If neither
by customers for is applicable, we kindly request
integrating their amending the clause to:
own systems. "The solution should offer multiple
Integration integration methods for customers to
should provide integrate their own systems.
the option in Integration should support both
both north as northbound and southbound
well as south communication using various options,
bound like REST API."
integration using
multiple options
like RestAPI,
XML, SOAP, etc.
on each module
level. Any fault
details should
be able to
send to third
Page 73 of 174
 party CRM,
Customer
Portal, UNMS or
even EMS if
needed using
the Trap, XML
6 Specificatio System should To encourage wider participation, we Please refer the
ns – C, support separate request amending the clause as revised
Clause No Rule Engine follows: specifications
66, Page based alarms given below.
47. apart from the "The system should have built-in
generic functionality to define rules for alarms
threshold. and monitoring, including real-time
a. Should have network flow, traffic utilization, and
capability to protocol distribution. It should support
configure Device threshold-based alarms and
Group based, monitoring for the following
Node Based, components:
Resources/Interf a) Disk utilization
ace based, and b) Bandwidth utilization
Aggregation link c) CPU utilization
based. d) Interface utilization"
b. On Selection
of
Nodes/Resource
s/Aggregation
links it have
flexibility to filter
based on fields
available in node
information
c. Rules should
have option to
apply
configuration on
top of
performance
value or based
on configured
threshold alarms
d. Rules should
have option
configure the
breach based on
min, max and
average values.
e. Should have
option to
configure rules n
repeat counters
f. Should have
Page 74 of 174
 options to select
custom alarm
and clear alarm
messages for
individual
configured rules
g. Should have
option to send
severity levels
like error,
warning and
information
h. Notifications
support based
on configured
rules
7 Specificatio Configurations: The term "automatically assign Yes removed.
ns – C, create rules deadlines to events" relates to SLA
Clause No that and escalation management, which
74, Page automatically typically requires an ITSM (IT Service
48. assign Management) platform. Could you
deadlines to please confirm if our understanding is
events based on correct?
their impact on
services or on
end-users,
create rules that
perform
automated
assignment of
events to the
corresponding
teams, create
rules that
control
automated
notification of
interested
stakeholders
about events,
automatically
handling
duplicate
events, provide
event correlation
capabilities to
combine a set of
different events
into one major
event
8 Specificatio Specify a base Could you please confirm that a total Quote as per
Page 75 of 174
 ns – C, license for of 3,000 device licenses should be tender document.
Clause No monitoring a considered from day one for Initially there is
82, Page minimum of preparing optimized hardware sizing requirement of
49. 500 devices and commercial proposals? 500 licenses and
/application If this is correct, could you please the system
(Any kind of). provide a breakdown of the device should be
Ensure the types and counts for additional device scalable up to
license is considerations? 3,000 devices
scalable up to or applications
3,000 devices without requiring
or applications a complete
without reinstallation or
requiring a new licenses.
complete
reinstallation or
new licenses
17. M/s Orbit Techsol India Pvt. Ltd.
1 Specificatio Device L4 Due to license capping the OEMs Please refer the
ns B, Page Throughput: 20 have the advantage to quote higher revised
no. 39, Gbps and for the incremental license which is specifications
Point no.2 scalable upto 40 not cost effective to customer. Hence given below.
Gbps request you to amend the point as
"The ADC+WAF should be fully
populated with the license throughput
of 40 Gbps from Day-1."
2 Specificatio Processor: Intel To derive the performance number Please refer the
ns B, Page 12-core CPU, from the specific compute numbers revised
no. 39, 64GB RAM, does not decide performance of the specifications
Point no.2 minimum 480GB device at all due to Different given below.
SSD Disk and architecture, ASICS, FTGA cards etc
dual power have different hardware requirement
supply. which cannot be generalized for
performance. Request you to change
the required Processor to Intel Xeon
8-core or higher.
18. M/s MDP Infra (India) Pvt. Ltd.
1 Specificatio The appliance Reason for change: - Security Please refer the
ns – A - hardware should appliance should be evaluated based revised
Firewall be a multicore on their security effectiveness, specifications
Technical CPU features, and functionality, rather than given below.
Specificatio architecture and their architecture. The current clause
ns s/ should not be seems to favor PC-based
4-Hardware proprietary ASIC architecture, potentially excluding
Architecture based in nature ASIC OEMs from the tender. We
& should be would like to emphasize that ASIC
open technology is no longer proprietary,
architecture as many leading OEMs are adopting
based on multi- it for its superior performance. Please
core cpu's to refer to the URL below, which
protect & scale highlights that ASIC is not exclusive
against dynamic to Fortinet. Therefore, we request the
Page 76 of 174
 latest security removal of this clause and suggest
threats. The that MP High court to consider
appliance architectures based on their
hardware should performance and security
have a hardened effectiveness.
operating https://community.cisco.com/t5/netwo
system from the rking-blogs/the-new-era-of-wan-an-
OEM and should asic-innovation-story/ba-p/4175243
support https://www.paloaltonetworks.com/net
minimum of work-security/hardware-firewall-
64GB of RAM to innovations
make sure all https://blog.checkpoint.com/security/c
the security heck-point-software-introduces-the-
capabilities are worlds-fastest-firewall-delivering-20-
provided without times-better-price-performance-to-
degradation from the-worlds-most-demanding-
day one. datacenters/
Request for Change (NEW CLAUSE):
The firewall - The appliance hardware should be a
should have multicore CPU architecture or should
integrated be proprietary ASIC based in nature
redundant fan & should be open architecture based
and dual on multi-core cpu's to protect & scale
redundant hot against dynamic latest security
swappable threats. The appliance hardware
power supply to should have a hardened operating
remove any system from the OEM. The firewall
single point of should have integrated redundant fan
failure in the and dual redundant hot swappable
solution power supply to remove any single
point of failure in the solution
2 Specificatio OEM and should Reason for change: - ASCI solution Please refer the
ns – A - support does not require higher memory and revised
Firewall minimum of CPU to deliver the desire specifications
Technical 64GB of RAM to functionality. Only PC based given below.
Specificatio make sure all architecture require high memory. We
ns s/ the security suggest removing this clause as it is
4-Hardware capabilities are favoring single OEM devices. We
Architecture provided without empesize MP High court team to
degradation from evaluate the Firewall solution based
day one. on the performance parameters Not
memory and cPU
Request for Change (NEW CLAUSE):
- OEM and should support minimum
of 64GB of RAM to make sure all the
security capabilities are provided
without degradation from day one or
or should be proprietary ASIC based
in nature to make sure all the security
capabilities are provided without
degradation from day one.
Page 77 of 174
3 Specificatio The NGFW Reason for change: - Every OEM has Please refer the
ns – A - throughput of the different ways to measure the revised
Firewall firewall should throughput values. We request to specifications
Technical be a minimum changes so all major OEM match this given below.
Specificatio 20 Gbps with and can participate
ns s/5 application Request for Change (NEW CLAUSE):
Performanc identification and - The NGFW throughput of the
e firewalling firewall should be a minimum 15
& Scalabilityenabled with real (enterprise mix /Real world with
world/enterprise/ logging enabled ) OR Application
production traffic throughput measured with 64K http
with logging minimum 20Gbps. Threat prevention
enabled. The throughput minimum 10Gbps
Threat (Enterprise Mix / Real World with
Prevention/NGIP logging enabled)
S throughput
after enabling
IPS, AVC,
antimalware,
sandboxing with
logging enabled
should be 12
Gbps.
4 It is highly Request for Change (NEW CLAUSE): Please refer the
recommended to - Minimum 10Gbps of SSL inspection revised
ask SSL throughput and 500K SSL inspection specifications
inspection concurrent session support given below.
throughput. This
is important
parameters to
size the right
box. Because
lower SSL
inspection
throughput can
degrade the
performance
while complete
inspection of the
packet is
enabled.
5 NGFW Firewall Reason for change: - Most of the Please refer the
should support OEM is publish the connection per revised
at least second and concurrent session in specifications
1400,000 Layer TCP. It's highly recommended on the given below.
7 Concurrent basis of the ports count that the
sessions connections requirement must be
6 Specificatio NGFW Firewall higher so devices not become bottle Please refer the
ns – A - should support neck. Asking the lower connections is revised
Firewall at least 150,000 favoring specific OEM model. specifications
Technical connections per Request for Change (NEW CLAUSE): given below.
Page 78 of 174
 Specificatio second L3/L4 or - Min 500K Connection per Second
ns s/6 -Next New Layer 7 and 5M concurrent connections
Gen connections per
Firewall second – Min
Features 90000
7 Should support Reason for change: - favoring to Please refer the
more than specific OEM signature count. revised
19,000 Request for Change (NEW CLAUSE): specifications
(excluding Request to make changes and allow given below.
custom min 10000 Signatures.
signatures) IPS
signatures or
more. Solution
should be able
to passively
detect endpoints
and
infrastructure for
threat correlation
and Indicators of
Compromise
(IoC)
intelligence. The
signatures
should also have
categorization
based on MITRE
TTP's
8 Should Reason for change: - Every Please refer the
support OEM has different counts and revised
specifications
Reputation- categories. This is favoring to
given below.
and category- specific OEM nos.
based URL Request for Change (NEW
filtering CLAUSE): - Request to remove
offering this clause
comprehensiv
e alerting and
control over
suspect web
traffic and
enforces
policies on
more than 250
million of
URLs in more
than 75+
categories

Page 79 of 174
 from day1.
9 Specificatio The Solution Reason for change: - Favouring to Please refer the
ns – A - should support Specific OEM. revised
Firewall DNS security in Request for Change (NEW CLAUSE): specifications
Technical line mode and - The Solution should support DNS given below.
Specificatio not proxy mode. security in line mode/proxy mode.
ns s/11- Necessary Necessary licenses to be included
DNS licenses to be from day 1.
Security included from
day 1.
10 DNS security Reason for change: - Every OEM has Please refer the
should block different counts in threat intelligence revised
known bad asking specific favoring to specific specifications
domains and OEM. given below.
predict with Request for Change (NEW CLAUSE):
advanced - Request to remove 10M malicious
machine domain
learning
technology and
should have
global threat
intelligence of at
least 10 million
malicious
domains.
11 The solution Reason for change: - Favoring to Please refer the
should integrate Specific OEM: Should have OEM revised
and correlate to human-driven adversary tracking and specifications
provide effective malware reverse engineering, given below.
prevention including insight from globally
against. New C2 deployed honey pots.
domains, file Should take inputs from at least 25
download source third-party sources of threat
domains, and intelligence
domains in Request for Change (NEW CLAUSE):
malicious email - Request to remove this clause
links.
Integrate with
URL Filtering to
continuously
crawl newfound
or uncategorized
sites for threat
indicators.
Should have
OEM human-
driven adversary
tracking and
malware reverse
engineering,
including insight
Page 80 of 174
 from globally
deployed honey
pots. Should
take inputs from
at least 25 third-
party sources of
threat
intelligence.
12 Specificatio Traffic Ports Traffic Ports support: As per the Please refer the
ns – B support: 4 x present data centre/It infra revised
Web 10 GE Fiber, 4 requirement standard, 10G ports are specifications
Application x 1G GE Fiber recommended over 1G, As 10G is given below.
Firewall and 4 x 1G backward-compatible with 1G where
with Server Copper Port as vies-versa is not possible. And for
Load from day-1. ADC/WAF/SLB deployment 8 x 10G
Balancer/Po Additionally is more than sufficient because asked
int 2/Page should have 8 x throughput is 40G.please amending
no.39 1GE Fiber for this clause.
future use Layer 4 connections per second:
(Break-Out Considering the asked Concurrent
should not be Connections and Layer 4 connections
used). All per second requirement is lower side.
transceivers Please amend this clause.
(SM) from day1. Layer 7 requests per second:
Device L4 Considering the asked Concurrent
Throughput: 20 Connections and Layer 7 requests
Gbps and per second requirement is lower side.
scalable upto 40 Please amend this clause.
Gbps It is suggested to amend the clause
Layer 7 requests as :-
per second: Traffic Ports support: 8 x 10 GE
1300,000 SFP+ from day-1
Layer 4 Device L4 Throughput: 20 Gbps and
connection per scalable up to 40 Gbps
second: 500,000 Layer 7 requests per second : 5
Concurrent million
Connection: 38 Layer 4 connections per second: 3
Million RSA CPS Million
(2K Key): 20,000 RSA CPS(2K Key): 20,000
ECC CPS (EC- ECC CPS (EC-P256): 12,000 with
P256): 12,000 TLS1.3 Support
with TLS1.3 Processor: Intel 12-core CPU or
Support equivalent or better
Processor: Intel Concurrent Connections: 40 Million
12-core CPU, Processor - Intel 12-core CPU, 64GB
64GB RAM, RAM, minimum 480GB SSD Disk and
minimum 480GB dual power supply.
SSD Disk and The appliance should have 1 x
dual power 1G RJ45 Management Port and
supply. 1G RJ45 Console port.
The appliance
Page 81 of 174
 should have 1
x 1G RJ45
Management
Port and 1G
RJ45 Console
port.
13 Specificatio The proposed ap Different OEM has different Please refer the
ns – B pliance should s terminology and technique to achieve revised
Web upport the below similar function. We would like to specifications
Application metrics: request the honorable tendering given below.
Firewall — Minimum committee to use vendor agnostic
with Server Misses, terminology for wider participation.
Load — Hash, — Minimum Misses,
Balancer/Po — Persistent — Hash,
int 6/Page Hash, — Persistent Hash,
no.40 — Tunable — Tunable Hash/Equivalent
Hash, — Weighted Hash/Equivalent
— Weighted — Least Connections,
Hash, — Least Connections Per Service,
— Least — Round-Robin,
Connections, — Response Time,
— Least — Bandwidth, etc
Connections Per
Service,
— Round-Robin,
— Response
Time,
— Bandwidth,
etc
14 Specificatio Following Load Virtual Matrix Architecture feature is Please refer the
ns – B Balancing specific to one ADC OEM. Kindly revised
Web Topologies remove this clause for wider specifications
Application should be participation and for other points given below.
Firewall supported: please allow similar or equivalent
with Server • Virtual Matrix feature metrics for broader
Load Architecture participation. Following Load
Balancer/Po • Client Network Balancing Topologies should be
int 7/Page Address supported:
no.40 Translation • Client Network Address Translation
(Proxy IP) (Proxy IP) /Equivalent
• Mapping Ports • Mapping Ports /Equivalent
• Direct Server • Direct Server Return /Equivalent
Return • One Arm Topology Application
• One Arm /Equivalent
Topology • Direct Access Mode /Equivalent
Application • Assigning Multiple IP Addresses
• Direct Access /Equivalent
Mode • Immediate and Delayed Binding
• Assigning /Equivalent
Multiple IP
Addresses
Page 82 of 174
 • Immediate and
Delayed Binding
15 Specificatio The proposed For wider participation, We would like Please refer the
ns –B Web appliance/softwa to request the honorable tendering revised
Application re should be committee to amend the clause as specifications
Firewall EAL2 certified. requested. given below.
with Server "The proposed appliance/software
Load should be EAL2 certified/Make in
Balancer/Po India"
int 31/Page
no.43
16 Specificatio Capable of In order to switch over the Please refer the
ns –B Web handling applications traffic like web app, email revised
Application complete Full app etc. the GSLB solution must specifications
Firewall DNS bind understand all types of DNS records given below.
with Server records including and not just A or AAAA. Kindly add
Load A, AAAA, etc. for following functionality for complete
Balancer/Po IPv4/IPv6 Solution. It is suggested to amend
int 34/Page this clause as :-
no.43 The Proposed Solution must have
Global Server Load Balancing and
should be able to host SRV Records,
AAAA Records, A , PTR , MX ,TXT
,SOA, NS, Dname, Dmarc Records
and should also support DNSSEC.
17 Specificatio Application load IPS is completely different technology Please refer the
ns – B balance with even deployment is different. Kindly revised
Web functionality of remove the IPS feature in the specifications
Application Application specifications s for the wider given below.
Firewall delivery participations of OEM. It is suggested
with Server features, to amend the clause as "Application
Load Antivirus, IP load balance with functionality of
Balancer/Po Reputation, IPS, Application delivery features ,
int 44 WAF Security, Antivirus, IP Reputation, WAF
a/Page Credential Security, Credential Stuffing Defense,
no.44 Stuffing Zero day prevention , DLP , Analytics,
Defense, Bot protection ,logs, High Availability
Zero day and reporting from day 1. OEM
prevention, DLP, should be present in India from at
Analytics, Bot least 5 years and Proposed solution
protection, logs, should support 24x7x365 OEM TAC
High Availability support
and reporting and advance Next Business Day
from day 1. OEM Hardware replacement. The
should be proposed equipments must come
present in India with 5 year warranty and onsite
from at least 5 support. Installation, basic
years and configuration (at least 2 domains),
Proposed and six days of training on essential
solution should aspects of the WAF/ADC for the IT
support team of the High Court of M.P.,
Page 83 of 174
 24x7x365 OEM Jabalpur.
TAC support The WAF/ADC should support to
and advance store all log of minimum 8months
Next Business period on external storage such as
Day Hardware NAS/SAN. The required external
replacement. storage (Hitachi VSP E590H through)
The proposed will be provided by High Court of
equipments M.P"
must come with
5 year warranty
and onsite
support.
Installation,
basic
configuration (at
least 2
domains), and
six days of
training on
essential
aspects of the
WAF/ADC for
the IT team of
the High Court of
M.P., Jabalpur.
The WAF/ADC
should support
to store all log of
minimum
8months period
on external
storage such as
NAS/SAN. The
required external
storage
(Hitachi VSP
E590H through)
will be provided
by High Court of
M.P.
18 Specificatio The solution Please rephrase this as “The solution Please refer the
ns – C” should be able should be able to do Virtual systems revised
Network to do Virtual discovery (including Microsoft Hyper- specifications
Monitoring systems V, vmware, etc.) Furthermore, it given below.
System discovery should support discovery of modern
(including day DevOps platforms such as
Microsoft Hyper- containers and management
V, vmware, etc.) solutions such as Kubernetes, Docker
Furthermore, it Swarm, and Open Shift."
should support
discovery of
Page 84 of 174
 modern day
DevOps
platforms such
as containers
such as Docker,
Runc, AIX
WPARs and
management
solutions such
as Kubernetes,
Docker Swarm,
Cloud Foundry
and Open Shift.
19 Specificatio Discovers in- This section is related to Storage Yes removed.
ns – C” depth Device management and it is written
Network configuration under "Network Monitoring System"
Monitoring data for storage section, hence requesting you to
System systems, pools, remove this point from Network
volumes, disks Monitoring System section and be
drives, LUNS, included in "Storage Device
File Systems requirement", where Element
Management System is embedded &
packaged by OEM, along with the
Storage devices for monitoring
physical and virtual storage
infrastructure.
20 Specificatio The solution Please rephrase this as “The solution Yes changed.
ns – C” should support should support monitoring various
Network monitoring attributes in Tomcat, Web Sphere
Monitoring various MQ, Apache HTTP, IIS, and WAS."
System attributes (at
least 50+) in
Tomcat, Web
Sphere MQ,
Apache HTTP,
IIS, and WAS.
21 Specificatio The solution The Hardware Element Manager is No change. The
ns – C” should be able embedded & packaged by OEM vendor can quote
Network to report on which is benchmarked by OS to better solution.
Monitoring hardware details capture the core elements in the
System (like CPU, event of hardware or software
memory, fan malfunctions, crashes, failures etc.
state, power Hence, requesting you to remove
etc.) of servers these points from Network Monitoring
from multi System section and be included in
vendors like "Server Hardware requirement". In
IBM, order to have single pane of glass,
HP, Cisco, Dell the meaningful events from Hardware
and also Element Manager can be integrated
VMware Hosts. into Network Monitoring System for
event consolidation purposes.
Page 85 of 174
22 Specificatio The solution Please rephrase this as "The solution Yes changed.
ns – C” should be able should be able to gather capacity
Network to gather data from vCenter, Physical servers,
Monitoring capacity data etc. Generate report and provide
System from vCenter, recommendation."
HMC,
Physical servers,
etc. Generate
report and
provide
recommendation
.
23 Specificatio The solution The Hardware Element Manager is The vendor can
ns – C” should be able embedded & packaged by OEM quote better
Network to monitor disk which is benchmarked by OS to solution / option.
Monitoring elements like capture the core elements in the
System RAID event of hardware or software
controllers, hard malfunctions, crashes, failures etc.
disks, RAIDs, Hence, requesting you to remove
failure these points from Network Monitoring
prediction, System section and be included in
availability of the "Server Hardware requirement". In
volumes. order to have single pane of glass,
the meaningful events from Hardware
Element Manager can be integrated
into Network Monitoring System for
event consolidation purposes.
24 Specificatio The solution The Hardware Element Manager is The vendor can
ns – C” should be able embedded & packaged by OEM quote better
Network to monitor which is benchmarked by OS to solution / option.
Monitoring environment capture the core elements in the
System metrics like event of hardware or software
temperature, malfunctions, crashes, voltage
internal voltages, failures etc. Hence, requesting you to
power supplies, remove these points from Network
fans. Monitoring System section and be
included in "Server Hardware
requirement". In order to have single
pane of glass, the meaningful events
from Hardware Element Manager can
be integrated into Network Monitoring
System for event consolidation
purposes.
25 Specificatio The solution The Hardware Element Manager is The vendor can
ns – C” should be able embedded & packaged by OEM quote better
Network to monitor critical which is benchmarked by OS to solution / option.
Monitoring hardware capture the core elements in the
System components like event of hardware or software
processors, malfunctions, crashes, ECC failures,
memory voltage etc. Hence, requesting you to
modules, ECC remove these points from Network
Page 86 of 174
 errors, failure Monitoring System section and be
prediction. included in "Server Hardware
requirement". In order to have single
pane of glass, the meaningful events
from Hardware Element Manager can
be integrated into Network Monitoring
System for event consolidation
purposes.
26 Specificatio Storage This section is related to Storage The vendor can
ns – C” Monitoring Device management and it is written quote better
Network under "Network Monitoring System" solution.
Monitoring section, hence requesting you to
System remove this point from Network
Monitoring System section and be
included in "Storage Device
requirement", where Element
Management System is embedded &
packaged by OEM, along with the
Storage devices for monitoring
physical and virtual storage
infrastructure.
27 Specificatio Logging/Reporti This section is related to Log No change.
ns – C” ng/Alert/threshol management and it is written under
Network d "Network Monitoring System" section,
Monitoring hence requesting you to remove
System these point from Network Monitoring
System section and be included in
"Additional Capability requirement"
28 Specificatio Capacity The Hardware Element Manager is Optional.
ns – C” Reservations: embedded & packaged by Server /
Network tool should allow Storage / Network OEM which is
Monitoring management of benchmarked by OEM to capture the
System resource core elements like Hardware alerts,
allocations and crashes, capacity reserves etc.
reservations (for Hence, requesting you to remove
services, these points from Network Monitoring
applications or System section and be included in
other needs), "Additional Capability requirement". In
identify resource order to have single pane of glass,
shortages and the meaningful events from Hardware
provide Element Manager can be integrated
information for into Network Monitoring System for
further analysis event consolidation purposes.
or procurement
29 Specificatio Suggestion: - The proposed EMS The vendor can
ns – C” solution should adhere to Micro quote better
Network services and thus be built on modern solution / higher
Monitoring container technologies, and have an side.
System options to deploy on classic mode
(non-containerized) as well as
containerized (like Docker,
Page 87 of 174
 Kubernetes) mode. The solution
should either support built-in
Kubernetes technology or Bring Your
Own Kubernetes (BYOK) platform
provided by the bidder.
+D36 Reason for Suggestion: -
Containers are a newer technology
and it run isolated from each other,
with each of them possessing its own
level of security and remaining
unharmed. Traditional applications
are not properly isolated from each
other within a VM, giving scope for a
malicious program to penetrate and
control others. As the government
has some of the most sensitive
information in the devices, services,
and other products used by them
must be at the highest level of
security at all times.
30 Specificatio Suggestion: - The proposed EMS Please refer the
ns – C” OEM must have necessary ISO revised
Network 27001, ISO 27034 certification and specifications
Monitoring FIPS 140-2 compliance to ensure given below.
System security compliances.
Reason for Suggestion: - The
proposed EMS OEM must have
necessary ISO certifications and
FIPS compliance to ensure security
compliances. FIPS 140-2 compliant,
which ensures that cryptographic-
based security systems are to be
used to provide protection for
sensitive or valuable data.
31 Specificatio Suggestion: - The proposed NMS The vendor can
ns – C” solution should provide out of the box quote higher side
Network Risk Visibility Dashboards of network /better solution.
Monitoring infrastructure. With this risk visibility
System dashboard, we see the most
offending devices in the group along
with the types of unauthorized access
attempts, and the percentage of non-
compliant devices.
Please confirm if the stated network
compliance requirement is desired as
part of NMS specifications s?
32 Specificatio Suggestion: - The proposed NMS The vendor can
ns – C” solution should have diagnostic quote higher side
Network analytics capability that able to /better solution.
Monitoring visually correlate performance and
System configuration changes of all network
Page 88 of 174
 issues. It overlays real-time network
configuration change events on
network performance graphs to
correlate and reduce troubleshooting
time. Please confirm if the stated
network diagnostics requirement is
desired as part of NMS specifications
s?
33 Specificatio Suggestion: - The proposed NMS The vendor can
ns – C” solution should be capable of quote higher side
Network managing upto 30K devices from a /better solution.
Monitoring single instance , should be able to
System have 1 mil discovered interfaces.
Please confirm if the proven network
scalability is desired as part of NMS
specifications s?
34 Specificatio Suggestion: - The solution provides The vendor can
ns – C” ready-to-use, out-of-the-box network quote higher side
Network focused orchestration content built /better solution.
Monitoring using industry standards and vendor
System best practices that can be easily
ported between dev, test and
production environments.
Please confirm if the stated network
automation requirement is desired as
part of NMS specifications s?
19. M/s Intek Micro Systems Pvt. Ltd.
1 Web Traffic Ports Traffic Ports support: As per the Please refer the
Application support: 4 x present data center /It infra revised
Firewall 10 GE Fiber, 4 requirement standard, 10G ports are specifications
with Server x 1G GE Fiber recommended over 1G, As 10G is given below.
Load and 4 x 1G backward-compatible with 1G where
Balancer/Po Copper Port as vies-versa is not possible. And for
int 2/Page from day-1. ADC/WAF/SLB deployment 8 x 10G
no.39 Additionally is more than sufficient because asked
should have 8 x throughput is 40G.please amending
1GE Fiber for this clause.
future use Layer 4 connections per second:
(Break-Out Considering the asked Concurrent
should not be Connections and Layer 4 connections
used). All per second requirement is lower side.
transceivers Please amend this clause.
(SM) from day1. Layer 7 requests per second:
Device L4 Considering the asked Concurrent
Throughput: 20 Connections and Layer 7 requests
Gbps and per second requirement is lower side.
scalable upto 40 Please amend this clause.
Gbps It is suggested to amend the clause
Layer 7 requests as :-
per second: Traffic Ports support: 8 x 10 GE
1300,000 SFP+ from day-1
Page 89 of 174
 Layer 4 Device L4 Throughput: 20 Gbps and
connection per scalable up to 40 Gbps
second: 500,000 Layer 7 requests per second : 5
Concurrent million
Connection: 38 Layer 4 connections per second: 3
Million Million
RSA CPS (2K RSA CPS(2K Key): 20,000
Key): 20,000 ECC CPS (EC-P256): 12,000 with
ECC CPS (EC- TLS1.3 Support
P256): 12,000 Processor: Intel 12-core CPU or
with TLS1.3 equivalent or better
Support Concurrent Connections: 40 Million
Processor: Intel Processor - Intel 12-core CPU, 64GB
12-core CPU, RAM, minimum 480GB SSD Disk and
64GB RAM, dual power supply.
minimum 480GB The appliance should have 1 x
SSD Disk and 1G RJ45 Management Port and
dual power 1G RJ45 Console port.
supply.
The appliance
should have 1
x 1G RJ45
Management
Port and 1G
RJ45 Console
port.
2 Web The proposed ap Different OEM has different Please refer the
Application pliance should s terminology and technique to achieve revised
Firewall upport the below similar function. We would like to specifications
with Server metrics: request the honorable tendering given below.
Load — Minimum committee to use vendor agnostic
Balancer Misses, terminology for wider participation.
/Point 6 — Hash, — Minimum Misses,
/Page no.40 — Persistent — Hash,
Hash, — Persistent Hash,
— Tunable — Tunable Hash/Equivalent
Hash, — Weighted Hash/Equivalent
— Weighted — Least Connections,
Hash, — Least Connections Per Service,
— Least — Round-Robin,
Connections, — Response Time,
— Least — Bandwidth, etc
Connections Per
Service,
— Round-Robin,
— Response
Time,
— Bandwidth,
etc
3 Web Following Load Virtual Matrix Architecture feature is Please refer the
Application Balancing specific to one ADC OEM. Kindly revised
Page 90 of 174
 Firewall Topologies remove this clause for wider specifications
with Server should be participation and for other points given below.
Load supported: please allow similar or equivalent
Balancer/Po Virtual Matrix feature metrics for broader
int 7/Page Architecture participation
no.40 • Client Network Following Load Balancing Topologies
Address should be supported:
Translation • Client Network Address Translation
(Proxy IP) (Proxy IP) /Equivalent
• Mapping Ports • Mapping Ports /Equivalent
• Direct Server • Direct Server Return /Equivalent
Return • One Arm Topology Application
• One Arm /Equivalent
Topology • Direct Access Mode /Equivalent
Application • Assigning Multiple IP Addresses
• Direct Access /Equivalent
Mode • Immediate and Delayed Binding
• Assigning /Equivalent
Multiple IP
Addresses
• Immediate and
Delayed Binding
4 Web The proposed For wider participation, We would like Please refer the
Application appliance/softwa to request the honorable tendering revised
Firewall re should be committee to amend the clause as specifications
with Server EAL2 certified. requested. given below.
Load "The proposed appliance/software
Balancer should be EAL2 certified/Make in
/Point India"
31/Page
no.43
5 Web Capable of In order to switch over the Please refer the
Application handling applications traffic like web app, email revised
Firewall complete Full app etc. the GSLB solution must specifications
with Server DNS bind understand all types of DNS records given below.
Load records including and not just A or AAAA. Kindly add
Balancer/Po A, AAAA, etc. for following functionality for complete
int 34/Page IPv4/IPv6 Solution. It is suggested to amend
no.43 this clause as :-
The Proposed Solution must have
Global Server Load Balancing and
should be able to host SRV Records,
AAAA Records, A, PTR, MX, TXT,
SOA, NS, Dname, Dmarc Records
and should also support DNSSEC.
6 Web Application load IPS is completely different technology Please refer the
Application balance with even deployment is different. Kindly revised
Firewall functionality of remove the IPS feature in the specifications
with Server Application specifications s for the wider given below.
Load delivery features participations of OEM. It is suggested
Balancer/Po , to amend the clause as "Application
Page 91 of 174
int 44 Antivirus, IP load balance with functionality of
a/Page Reputation, IPS, Application delivery features,
no.44 WAF Security, Antivirus, IP Reputation, WAF
Credential Security, Credential Stuffing Defense,
Stuffing Zero day prevention, DLP, Analytics,
Defense, Bot protection, logs, High Availability
Zero day and reporting from day 1. OEM
prevention , DLP should be present in India from at
, Analytics ,Bot least 5 years and Proposed solution
protection ,logs, should support 24x7x365 OEM TAC
High Availability support and advance Next Business
and reporting Day Hardware replacement. The
from day 1. OEM proposed equipments must come
should be with 5 year warranty and onsite
present in India support. Installation, basic
from at least 5 configuration (at least 2 domains),
years and and six days of training on essential
Proposed aspects of the WAF/ADC for the IT
solution should team of the High Court of M.P.,
support Jabalpur.
24x7x365 OEM The WAF/ADC should support to
TAC support store all log of minimum 8months
and advance period
Next Business on external storage such as
Day Hardware NAS/SAN. The required external
replacement. storage
The proposed (Hitachi VSP E590H through) will be
equipments provided by High Court of M.P"
must come with
5 year warranty
and onsite
support.
Installation,
basic
configuration (at
least 2
domains), and
six days of
training on
essential
aspects of the
WAF/ADC for
the IT team of
the High Court of
M.P., Jabalpur.
The WAF/ADC
should support
to store all log of
minimum
8months period
on external
Page 92 of 174
 storage such as
NAS/SAN. The
required external
storage
(Hitachi VSP
E590H through)
will be provided
by High Court of
M.P.
20. M/s CCS Computers Pvt Ltd.
1 Section – The solution Request you to modify the OEM Please refer the
VII should specific clause as: revised
Clause No- automatically The solution should specifications
7. Technical group servers automatically/Manually group servers given below.
Specificatio that work closely that work closely together based on
ns s together based analysis of communication between
Specificatio on analysis of them
ns – C” communication
Network between them
Monitoring
System
Page No.-
44
2 Section – The solution The required features is not the Please refer the
VII should standard ask of EMS module and to revised
Clause No- automatically achive this solution dedicated APM specifications
7. Technical build tool will be required so we request given below.
Specificatio visualizations you to remove this clause for wider
ns s that shows participate
Specificatio dependency
ns – C” between
Network switches,
Monitoring routers,
System physical/virtual
Page No.- host, Containers,
44 storages, cluster
software,
business
applications and
other entities. It
should also have
the capability to
detect
applications that
span from
Datacenter and
end in a public
or a private
cloud with
interconnects
between them.
Page 93 of 174
3 Section – The solution Request you to modify the specific Please refer the
VII should be able clause as: revised
Clause No- to automatically The solution should be able to specifications
7. Technical detect software’s automatically/manually detect given below.
Specificatio that are end of software’s that are end of support,
ns s support, end of end of extended support and end of
Specificatio extended life. With respect to OS, it should
ns – C” support and end detect End of support and End of life
Network of life. With as well. On Security, It should be able
Monitoring respect to OS, it to find the patches installed on
System should detect servers along with reports on
Page No.- End of support vulnerable ports. Lastly, it should
44 and End of life integrate with a vulnerability
as well. On management solution to detect blind
Security, It spots in security of nodes missed out
should be able in vulnerability management that are
to find the found to be active in discovery.
patches installed
on servers along As multiple software does not provide
with reports on the required data on any standard
vulnerable ports. protocol so please modify the clause
.Lastly, it should as suggested
integrate with a
vulnerability
management
solution to detect
blind spots in
security of nodes
missed out in
vulnerability
management
that are found to
be active in
discovery.
4 Section –VII Solution offers Request you to provide more details The bidder is
Clause No- multiple on the software/application from requested to visit
7. Technical integration which EMS application need to the High Court of
Specificatio methods which integrate M.P., Jabalpur for
ns s can be used by getting the real
Specificatio customers for time detail of
ns – C” integrating their same before the
Network own systems. submission of bid
Monitoring Integration document.
System should provide
Page No.- the option in
45 both north as
well as south
bound
integration using
multiple options
like RestAPI,
Page 94 of 174
 XML, SOAP, etc.
on each module
level. Any fault
details should be
able to send to
third party CRM,
Customer Portal,
UNMS or even
EMS if needed
using the Trap,
XML
5 Section – The solution As per our understanding here need Quote as per
VII should be able to monitor the latency of all the nodes tender document.
Clause No- to track from application server, please clarify
7. Technical connectivity
Specificatio between network
ns s endpoints and
Specificatio display the delay
ns – C” between nodes
Network
Monitoring
System
Page No.-
45
6 Section – Configurations: The required features is not the Removed.
VII create rules that standard ask of NMS solution and
Clause No- automatically can be achieved via ITSM solution,
7. Technical assign deadlines so please confirm here whether new
Specificatio to events based ITSM need to propose here or NMS
ns s on their impact will be integrated with existing
Specificatio on services or running ITSM solution.
ns – C” on end-users,
Network create rules that If Existing please provide OEM and
Monitoring perform version details of the ITSM solution.
System automated
Page No.- assignment of
48 events to the
corresponding
teams, create
rules that control
automated
notification of
interested
stakeholders
about events ,
automatically
handling
duplicate events,
provide event
correlation
capabilities to
Page 95 of 174
 combine a set of
different events
into one major
event
7 Section – It should be The required features is not the No change.
VII possible to standard ask of EMS module and to
Clause No- initiate complete achieve this solution dedicated APM
7. Technical discovery of an tool will be required so we request
Specificatio application and you to remove this clause for wider
ns s connected participate
Specificatio components
ns – C” from anywhere
Network in the tree.
Monitoring Therefore it
System should support
Page No.- top down,
44 bottom up and
start anywhere
discovery from
any
node of the
application.
8 Additional Request you to please provide the Already clarified
required details of the IT above.
Infrastructure which will be monitored
in NMS solution.
1) No. Of servers :
i) Physical Server
ii) VMs
iii) Physical server on which
virtualization platform running.
2) No. & Make Of Network devices
i) Router/Switches/Firewall
ii) Wireless Controller /Wi-Fi AP
iii) Storage
3) No. & Name Of Applications
4) No. Of containers.
Or any other IP devices
9 Web Traffic Ports Traffic Ports support: As per the Please refer the
Application support: 4 x present data centre/IT infra revised
Firewall 10 GE Fiber, 4 requirement standard, 10G ports are specifications
with Server x 1G GE Fiber recommended over 1G, As 10G is given below.
Load and 4 x 1G backward-compatible with 1G where
Balancer/Po Copper Port as vies-versa is not possible. And for
int 2/Page from day-1. ADC/WAF/SLB deployment 8 x 10G
no.39 Additionally is more than sufficient because asked
should have 8 x throughput is 40G.please amending
1GE Fiber for this clause.
future use Layer 4 connections per second:
(Break-Out Considering the asked Concurrent
should not be Connections and Layer 4 connections
Page 96 of 174
 used). All per second requirement is lower side.
transceivers please amend this clause.
(SM) from day1. Layer 7 requests per second:
Device L4 Considering the asked Concurrent
Throughput: 20 Connections and Layer 7 requests
Gbps and per second requirement is lower side.
scalable upto 40 Please amend this clause.
Gbps It is suggested to amend the clause
Layer 7 requests as :-
per second: Traffic Ports support: 8 x 10 GE
1300,000 SFP+ from day-1
Layer 4 Device L4 Throughput: 20 Gbps and
connection per scalable up to 40 Gbps
second: 500,000 Layer 7 requests per second : 5
Concurrent million
Connection: 38 Layer 4 connections per second: 3
Million Million
RSA CPS (2K RSA CPS(2K Key): 20,000
Key): 20,000 ECC CPS (EC-P256): 12,000 with
ECC CPS (EC- TLS1.3 Support
P256): 12,000 Processor: Intel 12-core CPU or
with TLS1.3 equivalent or better
Support Concurrent Connections: 40 Million
Processor: Intel Processor - Intel 12-core CPU, 64GB
12-core CPU, RAM, minimum 480GB SSD Disk and
64GB RAM, dual power supply.
minimum 480GB The appliance should have 1 x
SSD Disk and 1G RJ45 Management Port and
dual power 1G RJ45 Console port.
supply.
The appliance
should have 1
x 1G RJ45
Management
Port and 1G
RJ45 Console
port.
10 Web The proposed ap Different OEM has different Please refer the
Application pliance should s terminology and technique to achieve revised
Firewall upport the below similar function. We would like to specifications
with Server metrics: request the honorable tendering given below.
Load — Minimum committee to use vendor agnostic
Balancer/Po Misses, terminology for wider participation.
int 6/Page — Hash, — Minimum Misses,
no.40 — Persistent — Hash,
Hash, — Persistent Hash,
— Tunable — Tunable Hash/Equivalent
Hash, — Weighted Hash/Equivalent
— Weighted — Least Connections,
Hash, — Least Connections Per Service,
— Least — Round-Robin,
Page 97 of 174
 Connections, — Response Time,
— Least — Bandwidth, etc
Connections Per
Service,
— Round-Robin,
— Response
Time,
— Bandwidth,
etc
11 Web Following Load Virtual Matrix Architecture feature is Please refer the
Application Balancing specific to one ADC OEM. Kindly revised
Firewall Topologies remove this clause for wider specifications
with Server should be participation and for other points given below.
Load supported: please allow similar or equivalent
Balancer/Po • Virtual Matrix feature metrics for broader
int 7/Page Architecture participation.
no.40 • Client Network Following Load Balancing Topologies
Address should be supported:
Translation • Client Network Address Translation
(Proxy IP) (Proxy IP) /Equivalent
• Mapping Ports • Mapping Ports /Equivalent
• Direct Server • Direct Server Return /Equivalent
Return • One Arm Topology Application
• One Arm /Equivalent
Topology • Direct Access Mode /Equivalent
Application • Assigning Multiple IP Addresses
• Direct Access /Equivalent
Mode • Immediate and Delayed Binding
• Assigning /Equivalent
Multiple IP
Addresses
• Immediate and
Delayed Binding
12 Web The proposed For wider participation, We would like Please refer the
Application appliance/softwa to request the honorable tendering revised
Firewall re should be committee to amend the clause as specifications
with Server EAL2 certified. requested. given below.
Load "The proposed appliance/software
Balancer should be EAL2 certified/Make in
/Point 31 India"
/Page no.43
13 Capable of In order to switch over the Please refer the
Web handling applications traffic like web app, email revised
Application complete Full app etc. the GSLB solution must specifications
Firewall DNS bind understand all types of DNS records given below.
with Server records including and not just A or AAAA. Kindly add
Load A, AAAA, etc. for following functionality for complete
Balancer/Po IPv4/IPv6 Solution. It is suggested to amend
int 34/Page this clause as :-
no.43 The Proposed Solution must have
Global Server Load Balancing and
Page 98 of 174
 should be able to host SRV Records,
AAAA Records, A , PTR , MX , TXT,
SOA, NS, Dname, Dmarc Records
and should also support DNSSEC.
14 Web Application load IPS is completely different technology Please refer the
Application balance with even deployment is different. Kindly revised
Firewall functionality of remove the IPS feature in the specifications
with Server Application specifications s for the wider given below.
Load delivery features participations of OEM. It is suggested
Balancer/Po , to amend the clause as "Application
int 44 Antivirus, IP load balance with functionality of
a/Page Reputation, IPS, Application delivery features,
no.44 WAF Security, Antivirus, IP Reputation, WAF
Credential Security, Credential Stuffing Defense,
Stuffing Zero day prevention, DLP, Analytics,
Defense, Bot protection ,logs, High Availability
Zero day and reporting from day 1. OEM
prevention , DLP should be present in India from at
, Analytics ,Bot least 5 years and Proposed solution
protection ,logs, should support 24x7x365 OEM TAC
High Availability support and advance Next Business
and reporting Day Hardware replacement. The
from day 1. OEM proposed equipments must come
should be with 5 year warranty and onsite
present in India support. Installation, basic
from at least 5 configuration (at least 2 domains),
years and and six days of training on essential
Proposed aspects of the WAF/ADC for the IT
solution should team of the High Court of M.P.,
support Jabalpur.
24x7x365 OEM The WAF/ADC should support to
TAC support store all log of minimum 8months
and advance period on external storage such as
Next Business NAS/SAN. The required external
Day Hardware storage (Hitachi VSP E590H through)
replacement. will be provided by High Court of
The proposed M.P"
equipments
must come with
5 year warranty
and onsite
support.
Installation,
basic
configuration (at
least 2
domains), and
six days of
training on
essential
aspects of the
Page 99 of 174
 WAF/ADC for
the IT team of
the High Court of
M.P., Jabalpur.
The WAF/ADC
should support
to store all log of
minimum
8months period
on external
storage such as
NAS/SAN. The
required external
storage
(Hitachi VSP
E590H through)
will be provided
by High Court of
M.P.
21. M/s ITSC
1 Specificatio The proposed DDoS protection should be provided The vendor may
ns – B” appliance should with the help of stateless appliance provide DDoS
Web be a dedicated as it doesn't maintain any session Protection with
Application ADC/WAF/SLB table, this is first and foremost criteria the help of any
Firewall appliance having to choose DDoS protection appliance. devices /software
with Server DDoS ADC/WAF/SLB is state full appliance; if the DDoS
Load protection, SSL hence DDoS should not be part of protection not
Balancer inspection, and ADC/WAF/SLB. Suggested Clause: available in
Clause No real-time threat The proposed appliance should be a dedicated
1 Page 39 intelligence, it dedicated ADC/WAF/SLB appliance ADC/WAF/SLB
should not be having SSL inspection, and real-time appliance.
part of any threat intelligence. It should not be
Firewall or UTM. part of any Firewall or UTM
2 Specificatio Traffic Ports Layer-7 RPS is not in line with the Please refer the
ns – B” support: 4 x 10 requirement of Layer-4 CPS, both revised
Web GE Fiber, 4 x 1G should be in line with the requirement specifications
Application GE Fiber and 4 x asked. As these appliances are given below.
Firewall 1G Copper Port purpose-built appliance, asking the
with Server from day-1. unnecessary RAM and Hard disk will
Load Additionally, not help for anything, it will
Balancer should have 8 x unnecessarily increase the overall
Clause No 1GE Fiber for cost without any requirement.
2 Page 39 future use Suggested Clause: Traffic Ports
(Break-Out support: 4 x 10 GE Fiber, 4 x 1G GE
should not be Fiber and 4 x 1G Copper Port from
used). All day-1. Additionally, should have 8 x
transceivers 1GE Fiber for future use (Break-Out
(SM) from day1. should not be used). All transceivers
Device L4 (SM) from day1. Device L4
Throughput: 20 Throughput: 20 Gbps and scalable
Gbps and upto 40 Gbps Layer 7 requests per
Page 100 of 174
 scalable upto 40 second: 900,000 Layer 4 connection
Gbps Layer 7 per second: 500,000 Concurrent
requests per Connection: 38 Million RSA CPS (2K
second: Key): 20,000 ECC CPS (EC-P256):
1300,000 Layer 12,000 with TLS1.3 Support
4 connection per Processor: Intel 12-core CPU, 32GB
second: 500,000 RAM, minimum 100GB SSD Disk and
Concurrent dual power supply. The appliance
Connection: 38 should have 1 x 1G RJ45
Million RSA CPS Management Port and 1G RJ45
(2K Key): 20,000 Console port.
ECC CPS (EC-
P256): 12,000
with TLS1.3
Support
Processor: Intel
12-core CPU,
64GB RAM,
minimum 480GB
SSD Disk and
dual power
supply. The
appliance should
have 1 x 1G
RJ45
Management
Port and 1G
RJ45 Console
port.
3 Specificatio The proposed ICSA certification is no longer Please refer the
ns – B” Solution should available, it is discontinued now. revised
Web have ICSA Suggested Clause: The proposed specifications
Application Certified and solution should be PCI Compliant given below.
Firewall PCI Compliant WAF on the same Hardware from the
with Server WAF on the same OEM. It must be able to handle
Load same Hardware OWASP Top 10 attacks and WASC
Balancer from the same Web Security Attack Classification.
Clause No OEM. It must be
18 Page 41 able to handle
OWASP Top 10
attacks and
WASC Web
Security Attack
Classification.
4 Specificatio Application load Signature protection, Anti-Virus Please refer the
ns – B” balance with should be part of dedicated solution; revised
Web functionality of it can’t be added on top of ADC. specifications
Application Application Suggested Clause: Application load given below.
Firewall delivery balance with functionality of
with Server features, Application delivery features, IP
Load Antivirus, IP Reputation, WAF Security, Credential
Page 101 of 174
Balancer Reputation, IPS, Stuffing Defense, Zero-day
Clause No WAF Security, prevention, DLP, Analytics, Bot
44 a Page Credential protection, logs, High Availability and
43 Stuffing reporting from day 1. OEM should be
Defense, Zero- present in India from at least 5 years
day prevention, and Proposed solution should support
DLP, Analytics, 24x7x365 OEM TAC support and
Bot protection, advance Next Business Day
logs, High Hardware replacement. The
Availability and proposed equipment’s must come
reporting from with 5-year warranty and onsite
day 1. OEM support. Installation, basic
should be configuration (at least 2 domains),
present in India and six days of training on essential
from at least 5 aspects of the WAF/ADC for the IT
years and team of the High Court of M.P.,
Proposed Jabalpur. The WAF/ADC should
solution should support to store all log of minimum
support 8months period on external storage
24x7x365 OEM such as NAS/SAN. The required
TAC support and external storage (Hitachi VSP E590H
advance Next through) will be provided by High
Business Day Court of M.P.
Hardware
replacement.
The proposed
equipment’s
must come with
5 year warranty
and onsite
support.
Installation,
basic
configuration (at
least 2
domains), and
six days of
training on
essential
aspects of the
WAF/ADC for
the IT team of
the High Court of
M.P., Jabalpur.
The WAF/ADC
should support
to store all log of
minimum
8months period
on external
storage such as
Page 102 of 174
 NAS/SAN. The
required external
storage (Hitachi
VSP E590H
through) will be
provided by High
Court of M.P.
5 Specificatio The proposed The NSS lab has last published the Removed.
ns - A firewall vendor report in 2019. The Lab is no longer
Firewall must have over operational. Hence we request you to
Technical 97% of Exploit modify the clause as suggested.
Specificatio Block rate in Suggested Clause: "The firewall
ns Clause latest NGFW solution be should be NSS labs
no 2 Pg 32 NSS Lab Test recommended / SE Labs
report. recommended or equivalent"
6 Specificatio 6 X 10G The asked interfaces are high in Please refer the
ns - A Copper/RJ45 number and this will lead to price revised
Firewall Day 1 8 X 1/10G escalation. We request you to modify specifications
Technical SFP/SFP+ Day the clause as suggested to allow us given below.
Specificatio 1 with LR/SM to participate and be price
ns s Clause transceivers and competitive. Suggested Change:
no 3 Pg 32 8x3m patch 8x1G Copper / RJ45 Day 1,
cords. 4X 8x1/10G/25G SFP/SFP+ Day 1 with
10/25Gig SFP28 4x10G and 4x25G SR / MM
Ports with 4 nos. transceivers and 8 x 3m patch cords
of LR from day 1. The firewall should have
transceivers and a free slot for future expansion to
4x3m patch support 40/100 interfaces as needed.
cords from Day
one Minimum 2
x 10G HA port in
addition to
requested data
ports, Dedicated
1 X 10/100/1000
RJ45
Management
Port
7 Specificatio "Bidder has to Our logging appliance has certain The syslog server
ns - A propose on storage. The log size will depend on will be provided
Firewall premise the type of logging enabled and the by the High
Technical dedicated volume of logs. For exporting the logs Court.
Specificatio logging, to external storage, there is a need
ns s Clause analytics & for syslog server. We request you to
no 16 Pg 38 reporting provide a syslog server which will be
solution from mapped to the external storage.
same OEM
(Virtual /Physical
Appliance) from
day1, the
logging solution
Page 103 of 174
to be deployed
at Data Center
only. In Case of
Virtual
Appliance,
bidder to
consider
Required
computing /
hardware
resource for the
VM. The firewall
should support
to store all log of
minimum
8months period
on external
storage such as
NAS/SAN. The
required external
storage (Hitachi
VSP E590H
through) will be
provided by High
Court of M.P.
Required
Features:
Should Deliver
single-pane
visibility, also
have reporting
facility to
generate reports
on virus
detected over
different
protocols, top
sources for
viruses,
destination for
viruses, top
viruses etc.
Should have
options to
generate
Predefined or
customized
Advance reports
in different
formats. The
solution should
Page 104 of 174
 have
configurable
options to
schedule the
report
generation. Log
retention
customization by
category.
Solution should
offer Centralized
NOC/SOC
Visibility for the
Attack Surface.
Bidder has to
include any
additional
license for
analytics /event
correlation from
day1. The
solution should
machine
learning
capability to
detect the exploit
and not depend
on the
vulnerabilities
with trained
models and
traffic classifiers.
The same
should be
available on
public website to
validate the
capabilities”.
Pre-Bid Query For The Network Monitoring System
1 “Specificati The solution Please consider remove "2008.2012", Please refer the
ons – C” should allow Only OEM supported O.S can be revised
Network monitoring of supported specifications
Monitoring Server Status given below.
System/ and Availability,
Servers CPU Utilization,
&System Memory
Monitoring/ Utilization,
35/Pg Process
No.45 Monitoring, File
System
Monitoring, Disk
Page 105 of 174
 Utilization of
RHEL/Centos,
SUSE, Ubuntu
servers/Window
s 2008,
2012,2016,2019,
2022.
2 “Specificatio Solution offers Please consider removing "XML, Please refer the
ns – C” multiple SOAP& Trap" as RestAPI based revised
Network integration integration is the industry best specifications
Monitoring methods which practice and modify the point to given below.
System/ can be used by "Solution offers multiple integration
Servers & customers for methods which can be used by
System integrating their customers for integrating their own
Monitoring/ own systems. systems. Integration should provide
17/Pg Integration the option in both north as well as
No.45 should provide south bound integration using
the option in multiple options like RestAPI on each
both north as module level. Any faultdetails should
well as south be able to send to third party CRM,
bound Customer Portal,UNMS or even EMS
integration using if needed."
multiple
options like
RestAPI, XML,
SOAP, etc. on
each module
level. Any fault
details should be
able to send to
third party CRM,
Customer Portal,
UNMS or even
EMS if needed
using the Trap,
XML
3 “Specificatio The solution Please elaborate what kind of Please refer the
ns – C” should be able recommendations is expected from revised
Network to gather the solution? specifications
Monitoring capacity data given below.
System/ from vCenter,
Servers & HMC, Physical
System servers, etc.
Monitoring/ Generate report
40/Pg and provide
No.46 recommendation
4 “Specificatio The proposed Please consider removing end point Please refer the
ns – C” solution should devices like desktop to "The revised
Network be able to proposed solution should be able to specifications
Monitoring monitor the monitor the availability, given below.
System/ availability, health and performance of physical
Page 106 of 174
 Servers & health and servers, virtual servers, web
System performance of service (Apache), database service
Monitoring/ physical servers, (MySQL & PGSQL), Network
Pg No.43 virtual servers, devices like routers, switches, Kiosks,
web display boards, URL monitoring, other
service snmp/ping enabled devices like UPS
(Apache), and AC from single dash board."
database service
(MySQL &
PGSQL),
Network
devices like
routers,
switches, end
point devices
like desktop,
Kiosks, display
boards, URL
monitoring, other
snmp enabled
devices like UPS
and AC from
single dash
board.
5 “Specificatio The solution Please consider removing this point Yes removed.
ns – C” should show
Network storage growth
Monitoring rates and project
System/ when the
Storage storage capacity
Monitoring/ will be reached
40/Pg
No.46
6 “Specificatio Provides multi- Different OEM's have different level Please refer the
ns – C” level (preferably of severity definitions. revised
Network six-level) specifications
Monitoring Severity given below.
System/Log definition, will
ging/Reporti handle
ng/Alert/thre events
shold/65/Pg automatically
No.47 and inform the
designated
person as per
operational
requirement
7 “Specificatio Capacity Please consider removing this Yes made
ns – C” Reservations: specifications . Optional.
Network tool should allow
Monitoring management of
System/ resource
Page 107 of 174
 System/ allocations and
Another reservations (for
Features/72 services,
/Pg No.48 applications or
other needs),
identify resource
shortages and
provide
information for
further analysis
or procurement
8 “Specificatio The licenses Please consider modifying to "The Please refer the
ns – C” should be licenses should be On Prem revised
Network perpetual with Subscription with 05 years support specifications
Monitoring 05 years support /updates /upgrade." given below.
System/ /updates
Licensing/8 /upgrade.
0/Pg No.49
9 “Specificatio The bidder has Please consider removing this Yes removed.
ns – C” to quote only 01 specifications as EMS based OEM's
Network product of single do not provide solutions for Web
Monitoring make / brand at Application Firewall with Server Load
System/ a time and not Balancer.
Note/4/Pg multiple brands
No.49 for same item.
10 “Specificatio Provides Please consider modifying the Please refer the
ns – C” provision to draw specifications to "The tool should revised
Network & map user enable business users or specifications
Monitoring specific network administrators to efficiently design given below.
System/ diagram and modify the service model
Discovery/1 (network diagram) using templates "
5/Pg No.44
11 Additional The bidder L1 should be considered for the Yes accepted.
points to be should be individual line item.
considered allowed to quote
for individual line
item
12 Additional Product This will help in evaluating the Yes accepted.
points to be demonstration product as per the requirement of the
considered should be called High Court.
before the
finalization of the
Technical bid
22. M/s SISL Infotech Private Limited
1 Section - VII Device L4 Due to license capping the OEMs Please refer the
7.Technical Throughput: 20 have the advantage to quote higher revised
Specificatio Gbps and for the incremental license which is specifications
ns / scalable upto 40 not cost effective to customer. Hence given below.
Specificatio Gbps request you to amend the point as
ns - B/ "The ADC+WAF should be fully
Web populated with the license throughput
Page 108 of 174
 Application of 40 Gbps from Day-1"
Firewall
with Server
Load
Balancer /
Point No.2
Page No.
39
2 Section - VII Processor: Intel To derive the performance number Please refer the
7.Technical 12-core CPU, from the specific compute numbers revised
Specificatio 64GB RAM, does not decide performance of the specifications
ns / minimum 480GB devices at all due to Different given below.
Specificatio SSD Disk and architecture, ASICS, FTGA cards etc
ns - B/ dual power have different hardware requirement
Web supply. which cannot be generalized for
Application performance. Request you to change
Firewall the required processor to Intel Xeon
with Server 8-core or higher.
Load
Balancer /
Point No.2
Page No.
39
3 Section - VII The appliance Security appliance should be Please refer the
7.Technical hardware should evaluated based on their security revised
Specificatio be a multicourse effectiveness, features, and specifications
ns / CPU functionality, rather than their given below.
Specificatio architecture and architecture. The current clause
ns - A/ should not be seems to favor PC-based
Firewall proprietary ASIC architecture, potentially excluding
Technical based in nature ASIC OEMs from the tender. We
Specificatio & should be would like to emphasize that ASIC
ns s / Point open technology is no longer proprietary,
No.4 architecture as many leading OEMs are adopting
Page No. based on multi- it for its superior performance. Please
32 core cpu's to refer to the URL below, which
protect & scale highlights that ASIC is not exclusive
against dynamic to Fortinet. Therefore, we request the
latest security removal of this clause and suggest
threats. The that MP High court to consider
appliance architectures based on their
hardware should performance and security
have a hardened effectiveness.
operating
system from the Therefore Request to amend to new
OEM and should clause as below:
support
minimum of The appliance hardware should be a
64GB of RAM to multicore CPU architecture or should
make sure all be proprietary ASIC based in nature
the security & should be open architecture based
Page 109 of 174
 capabilities are on multi-core cpu's to protect & scale
provided without against dynamic latest security
degradation from threats. The appliance hardware
day one. should have a hardened operating
The firewall system from the OEM
should have
integrated The firewall should have integrated
redundant fan redundant fan and dual redundant hot
and dual swappable power supply to remove
redundant hot any single point of failure in the
swappable solution
power supply to
remove any
single point of
failure in the
solution
4 Section - VII OEM and ASCI solution does not require higher Please refer the
7.Technical should support memory and CPU to deliver the revised
Specificatio minimum of desire functionality. Only PC based specifications
ns / 64GB of RAM to architecture require high memory. We given below.
Specificatio make sure all suggest removing this clause as it is
ns - A/ the security favoring single OEM devices. We
Firewall capabilities are emphasize MP High court team to
Technical provided without evaluate the Firewall solution based
Specificatio degradation from on the performance parameters Not
ns s / Point day one. memory and CPU.
No.4 Therefore request to amend to new
Page No. clause as:
32 OEM and should support minimum of
64GB of RAM to make sure all the
security capabilities are provided
without degradation from day one or
or should be proprietary ASIC based
in nature to make sure all the security
capabilities are provided without
degradation from day one.
5 Section - VII The NGFW Every OEM has different ways to Please refer the
7.Technical throughput of the measure the throughput values. We revised
Specificatio firewall should request to changes so all major OEM specifications
ns / be a minimum match this and can participate given below.
Specificatio 20 Gbps with Therefore request to amend to new
ns - A/ application clause as:
Firewall identification and The NGFW throughput of the firewall
Technical firewalling should be a minimum 15 (enterprise
Specificatio enabled with real mix /Real world with logging enabled)
ns s / Point world/enterprise/ OR Application throughput measured
No.5 production traffic with 64K http minimum 20Gbps.
Page No. with logging Threat prevention throughput
32 enabled. The minimum 10Gbps ( Enterprise Mix /
Threat Real World with logging enabled)
Prevention
Page 110 of 174
 /NGIPS
throughput after
enabling IPS,
AVC,
antimalware,
sandboxing with
logging enabled
should be 12
Gbps.
6 Section - VII NGFW Firewall Most of the OEM is publish the Please refer the
7.Technical should support connection per second and revised
Specificatio at least concurrent session in TCP. It's highly specifications
ns / 1400,000 Layer recommended on the basis of the given below.
Specificatio 7 Concurrent ports count that the connections
ns - A/ sessions requirement must be higher so device
Firewall not becomes bottle neck. Asking the
Technical NGFW Firewall lower connections is favoring specific
Specificatio should support OEM model.
ns s / Point at least 150,000 Therefore request for modifying to
No.5 connections per Min 500K Connection per Second
Page No. second L3/L4 or and 5M concurrent connections
32 New Layer 7
connections per
second – Min
90000
7 Section - VII Should support Favoring to specific OEM signature Please refer the
7.Technical more than count. revised
Specificatio 19,000 Therefore request for modifying to specifications
ns / (excluding allow min 10000 Signatures. given below.
Specificatio custom
ns - A/ signatures) IPS
Firewall signatures or
Technical more. Solution
Specificatio should be able
ns s / Point to passively
No.6 detect endpoints
Page No. and
33 infrastructure for
threat correlation
and Indicators of
Compromise
(IoC)
intelligence. The
signatures
should also have
categorization
based on MITRE
TTP's
8 Section - VII Should support Every OEM has different counts and Please refer the
7.Technical Reputation- and categories. This is favoring to specific revised
Specificatio category-based OEM nos. specifications
Page 111 of 174
 ns /URL filtering Request to remove this clause given below.
Specificatio offering
ns - A/ comprehensive
Firewall alerting and
Technical control over
Specificatio suspect web
ns s / Point traffic and
No.7 enforces policies
Page No. on more than
35 250 million of
URLs in more
than 75+
categories from
day1.
9 Section - VII The Solution Favoring to Specific OEM Please refer the
7.Technical should support Therefore request to amend to new revised
Specificatio DNS security in clause as: specifications
ns / line mode and The Solution should support DNS given below.
Specificatio not proxy mode. security in line mode/proxy mode.
ns - A/ Necessary Necessary licenses to be included
Firewall licenses to be from day 1.
Technical included from
Specificatio day 1.
ns s / Point
No.11
Page No.
36
10 Section - VII DNS security Every OEM has different counts in Please refer the
7.Technical should block threat intelligence asking specific revised
Specificatio known bad favoring to specific OEM. specifications
ns / domains and given below.
Specificatio predict with Request to remove 10M malicious
ns - A/ advanced domain
Firewall machine
Technical learning
Specificatio technology and
ns s / Point should have
No.11 global threat
Page No. intelligence of at
36 least 10 million
malicious
domains.
11 Section - VII The solution Favoring to Specific OEM: Should Please refer the
7.Technical should integrate have OEM human-driven adversary revised
Specificatio and correlate to tracking and malware reverse specifications
ns / provide effective engineering, including insight from given below.
Specificatio prevention globally deployed honey pots.
ns - A/ against. New C2 Should take inputs from at least 25
Firewall domains, file third-party sources of threat
Technical download source intelligence
Specificatio domains, and
Page 112 of 174
 ns s / Point domains in Request to remove this clause.
No.11 malicious email
Page No. links.
36
Integrate with
URL Filtering to
continuously
crawl newfound
or uncategorized
sites for threat
indicators.
Should have
OEM human-
driven adversary
tracking and
malware reverse
engineering,
including insight
from globally
deployed honey
pots. Should
take inputs from
at least 25 third-
party sources of
threat
intelligence.
12 Section – The solution Request you to modify the OEM Please refer the
VII should specific clause as: revised
Clause No- automatically The solution should automatically specifications
7. Technical group servers /Manually group servers that work given below.
Specificatio that work closely closely together based on analysis of
ns s together based communication between them
Specificatio on analysis of
ns – C” communication
Network between them
Monitoring
System
Page No.-
44
13 Section – The solution The required features is not the Please refer the
VII should standard ask of EMS module and to revised
Clause No- automatically achieve this solution dedicated APM specifications
7. Technical build tool will be required so we request given below.
Specificatio visualizations you to remove this clause for wider
ns s that show participate
Specificatio dependency
ns – C” between
Network switches,
Monitoring routers,
System physical/virtual
Page No.- host, Containers,
Page 113 of 174
 44 storages, cluster
software,
business
applications and
other entities. It
should also have
the capability to
detect
applications that
span from
Datacenter and
end in a public
or a private
cloud with
interconnects
between them.
14 Section – The solution Request you to modify the specific Please refer the
VII should be able clause as: revised
Clause No- to automatically The solution should be able to specifications
7. Technical detect software’s automatically /manually detect given below.
Specificatio that are end of software’s that are end of support,
ns s support, end of end of extended support and end of
Specificatio extended life. With respect to OS, it should
ns – C” support and end detect End of support and End of life
Network of life. With as well. On Security, It should be able
Monitoring respect to OS, it to find the patches installed on
System should detect servers along with reports on
Page No.- End of support vulnerable ports. Lastly, it should
44 and End of life integrate with a vulnerability
as well. On management solution to detect blind
Security, It spots in security of nodes missed out
should be able in vulnerability management that are
to find the found to be active in discovery.
patches installed
on servers along As multiple software does not provide
with reports on the required data on any standard
vulnerable ports. protocol so please modify the clause
.Lastly, it should as suggested
integrate with a
vulnerability
management
solution to detect
blind spots in
security of nodes
missed out in
vulnerability
management
that are found to
be active in
discovery.
15 Section – Solution offers Request you to provide more details Please refer the
Page 114 of 174
 VII multiple on the software/application from revised
Clause No- integration which EMS application need to specifications
7. Technical methods which integrate given below.
Specificatio can be used by
ns s customers for
Specificatio integrating their
ns – C” own systems.
Network Integration
Monitoring should provide
System the option in
Page No.- both north as
45 well as south
bound
integration using
multiple options
like RestAPI,
XML, SOAP, etc.
on each module
level. Any fault
details should be
able to send to
third party CRM,
Customer Portal,
UNMS or even
EMS if needed
using the Trap,
XML
16 Section – The solution As per our understanding here need Please refer the
VII should be able to monitor the latency of all the nodes revised
Clause No- to track from application server, please clarify specifications
7. Technical connectivity given below.
Specificatio between network
ns s endpoints and
Specificatio display the delay
ns – C” between nodes
Network
Monitoring
System
Page No.-
45
17 Section – Configurations: The required features is not the Please refer the
VII create rules that standard ask of NMS solution and revised
Clause No- automatically can be achieved via ITSM solution, specifications
7. Technical assign deadlines so please confirm here whether new given below.
Specificatio to events based ITSM need to propose here or NMS
ns s on their impact will be integrated with existing
Specificatio on services or running ITSM solution.
ns – C” on end-users,
Network create rules that If Existing please provide OEM and
Monitoring perform version details of the ITSM solution.
System automated
Page 115 of 174
 Page No.- assignment of
48 events to the
corresponding
teams, create
rules that control
automated
notification of
interested
stakeholders
about events ,
automatically
handling
duplicate events,
provide event
correlation
capabilities to
combine a set of
different events
into one major
event
18 Section – It should be The required features is not the Please refer the
VII possible to standard ask of EMS module and to revised
Clause No- initiate complete achieve this solution dedicated APM specifications
7. Technical discovery of an tool will be required so we request given below.
Specificatio application and you to remove this clause for wider
ns s connected participate
Specificatio components
ns – C” from anywhere
Network in the tree.
Monitoring Therefore it
System should support
Page No.- top down,
44 bottom up and
start anywhere
discovery from
any
node of the
application.
19 Additional Request you to please provide the Please visit High
required details of the IT Court of M.P. for
Infrastructure which will be monitored information.
in NMS solution
1) No. Of servers:
i) Physical Server ii) VMs
iii) Physical server on which
virtualization platform running.
2) No. & Make Of Network devices
i) Router /Switches Firewall
ii) Wireless Controller /Wifi AP
iii) Storage
3) No. & Name Of Applications
Page 116 of 174
 4) No. Of containers.
Or any other IP devices
20 Section-II Experience in We understand that bidder need to Yes, but to have
Point No. Supply, show similar experience of supply, experience as per
2.15.2(ii) Installation, installation and system integration of the tender
Page No. commissioning, Firewall, WAF & NMS tool and similar document.
10 & 11 Maintenance of IT equipments through one, two and In this regard the
firewall, WAF, three PO as per given option. We decision of the
NMS tool and also understand that experience of all High Court shall
similar IT stated category can be shown in be final.
equipments multiple order as well as per given
during last 05 option.
years ending last
day of month Please confirm.
previous to the
month of
publication of
this tender,
should be either
of the following:-

(a) Three similar

completed work
costing not less
than the amount
equal to 40% of
the estimated
cost.
OR
(b) Two similar
completed work
costing not less
than the amount
equal to 50% of
the estimated
cost.
OR
(c) One similar
completed work
costing not less
than the amount
equal to 80% of
the estimated
cost.
Similar works
means: Supply,
installation and
System
Integration of
firewall, WAF,
NMS tool and
Page 117 of 174
 similar IT
equipments.
21 Section - VII Following Load Virtual Matrix Architecture feature is Please refer the
7.Technical Balancing specific to one ADC OEM. Kindly revised
Specificatio Topologies remove this clause for wider specifications
ns / should be participation and please allow similar given below.
Specificatio supported: or equivalent feature metrics for
ns - B/ • Virtual Matrix broader participation. Following Load
Web Architecture Balancing Topologies should be
Application • Client Network supported:
Firewall Address • Client Network Address Translation
with Server Translation (Proxy IP)
Load (Proxy IP) • Mapping Ports
Balancer / • Mapping Ports • Direct Server Return
Point No.7 • Direct Server • One Arm Topology Application
Page No. Return • Direct Access Mode
39 • One Arm • Assigning Multiple IP Addresses
Topology • Immediate and Delayed Binding
Application
• Direct Access
Mode
• Assigning
Multiple IP
Addresses
• Immediate and
Delayed Binding
22 Section - VII The proposed We are currently in the process of Please refer the
7.Technical appliance/softwa obtaining our EAL 2 certification. In revised
Specificatio re should be order to facilitate wider participation specifications
ns / EAL2 certified. kindly allow us so that during the given below.
Specificatio bidding time we can submit the
ns -B / Web undertaking for the same. It is
Application suggested to amend the clause as"
Firewall The proposed appliance/software
with Server should be EAL2 certified or EAL 2
Load Applied"
Balancer /
Point No.31
Page No.
42
23 Section - VII Application load IPS is completely different technology Please refer the
7.Technical balance with even deployment is different. Kindly revised
Specificatio functionality of remove the IPS feature in the specifications
ns / Application specifications s for the wider given below.
Specificatio delivery features participations of OEM. It is suggested
ns - B/ , to amend the clause as "Application
Web Antivirus, IP load balance with functionality of
Application Reputation, IPS, Application delivery features,
Firewall WAF Security, Antivirus, IP Reputation, WAF
with Server Credential Security, Credential Stuffing Defense,
Load Stuffing Zero day prevention, DLP, Analytics,
Page 118 of 174
Balancer / Defense, Bot protection, logs, High Availability
Point No.44 Zero day and reporting from day 1.
Page No. prevention, DLP, OEM should be present in India from
43 Analytics, Bot at least 5 years and Proposed
protection, logs, solution should support 24x7x365
High Availability OEM TAC support and advance Next
and reporting Business Day Hardware replacement.
from day 1. OEM The proposed equipments must come
should be with 5 year warranty and onsite
present in India support. Installation, basic
from at least 5 configuration (at least 2 domains),
years and and six days of training on essential
Proposed aspects of the WAF /ADC for the IT
solution should team of the High Court of M.P.,
support Jabalpur. The WAF/ADC should
24x7x365 OEM support to store all log of minimum
TAC support 8months period
and advance on external storage such as
Next Business NAS/SAN. The required external
Day Hardware storage (Hitachi VSP E590H through)
replacement. will be provided by High Court of
The proposed M.P"
equipments
must come with
5 year warranty
and onsite
support.
Installation,
basic
configuration (at
least 2
domains), and
six days of
training on
essential
aspects of the
WAF/ADC for
the IT team of
the High Court of
M.P., Jabalpur.
The WAF/ADC
should support
to store all log of
minimum
8months period
on external
storage such as
NAS/SAN. The
required external
storage
(Hitachi VSP
Page 119 of 174
 E590H through)
will be provided
by High Court of
M.P.
23. M/s Tekno Solutions Pvt. Ltd.
“SPECIFICATIONS –A” Firewall Technical Specifications
1 Section – Performance & Considering the current requirement Please refer the
VII, Clause Scalability: and future scalability for MP High revised
No- 7. The NGFW Court, it is recommended to increase specifications
Technical throughput of the the throughput of NGFW ad Threat given below.
Specificatio firewall should Prevention. It would also take care of
ns s, Page be a minimum the periodical spike in the traffic and
No. - 32, 20 Gbps with higher throughput requirement for the
Point No. - application contract period as well. Request MP
5 identification and High Court to modify / amend the
firewalling clause as below:
enabled with real The NGFW throughput of the firewall
world/enterprise/ should be a minimum 28 Gbps with
production traffic 64 KB including application
with logging identification and firewalling enabled
enabled. The with real world/enterprise/ production
Threat traffic with logging enabled. The
Prevention/NGIP Threat Prevention/NGIPS throughput
S throughput after enabling IPS, AVC, antimalware,
after enabling antispyware, sandboxing, user
IPS, AVC, identification, file blocking, DNS
antimalware, security and logging enabled should
sandboxing with be 15 Gbps considering 64 KB HTTP
logging enabled transaction size.
should be 12
Gbps.
Performance & For better throughput and Please refer the
Scalability: performance and to be inline with the revised
NGFW Firewall throughput, please ammed the clause specifications
should support as below: given below.
at least NGFW Firewall should support at
1400,000 Layer least 2.5 Million Layer 7 Concurrent
7 Concurrent sessions measured utilizing HTTP
sessions transactions or 20 Million Layer 3 / 4
concurrent sessions.
Performance & For better throughput and Please refer the
Scalability: performance and to be inline with the revised
NGFW Firewall throughput, we recommend specifications
should support amending the clause as below: given below.
at least 150,000 NGFW Firewall should support at
connections per least 2 Million connections per
second L3/L4 or second L3/L4 or New Layer 7
New Layer 7 connections per second – Min 225K
connections per measured with application override,
second – Min utilizing 1 byte HTTP transactions.
90,000
Page 120 of 174
2 Section – Support: For a better visibility of the various Please refer the
VII, Clause OEM should be licenses to be proposed / quoted, revised
No- 7. present in India please ammend the clause as below: specifications
Technical from at least 5 given below.
Specificatio years and OEM should be present in India from
ns s, Page Proposed at least 5 years and should be
No. - 36, solution should proposed with 5 Years OEM support
Point No. - support bundle with 24x7x365 days TAC
10 24x7x365 OEM support, RMA (There should be at
TAC support and least 4 RMA dept and one TAC for
advance Next support in India), software updates
Business Day and subscription update support. The
Hardware NGFW should be proposed with 5
replacement. years subscription licenses for
The NGFW NGFW, NGIPS, Anti-Virus , Anti
should be Spyware, Threat Protection, APT
proposed with 5 Protection (Zero Day Protection with
years onsite integrated Sandboxing), URL Filtering
support and and DNS Security from day 1. The
subscription solution shall support bidirectional
license for control over the unauthorized transfer
NGFW, NGIPS, of file types and Social Security
Anti Virus, Anti numbers, credit card numbers, and
Spyware, URL custom data patterns for future use.
Filtering, DNS,
VPN and Anti
botnet
3 Section – Automation & These are the features generally part Please refer the
VII, Clause Incident of the Security Automation tool such revised
No- 7. Response: as SOAR and the Firewall specifications
Technical The Proposed management could provide an insight given below.
Specificatio system shall for the below events and alert the
ns s, Page support analysts. Please remove the section
No. - 37, automation or modify as below:
Point No. - response based Monitor and send email alerts for
14 on following below events:
events: System
Compromised Threats
Hosts detected Zero day / unknown malware
Configuration traffic logs
Change
Event Log
High CPU
License Expiry
Email Alert
IP Ban
4 Section – Device Storage: Since these are hardware appliances, Please refer the
VII, Clause Minimum 800GB it comes with a fixed storage size, revised
No- 7. SSD different vendor models would have specifications
Technical different size of storage based on the given below.
Specificatio models. Also since the RFP is also
Page 121 of 174
 ns s, Page asking for Management server which
No. - 38, would have more storage space to
Point No. - store the logs and configs a regular
15 storage size SSD is adequete on the
firewall, it is recommended to change
the clause as below:
Minimum 400 GB SSD.
“SPECIFICATIONS –B” Web Application Firewall with Server Load
Balancer
1 Section – Traffic Ports Traffic Ports support: As per the Please refer the
VII, Clause support: 4 x 10 present data centre / It infra revised
No- 7. GE Fiber, 4 x 1G requirement standard, 10G ports are specifications
Technical GE Fiber and 4 x recommended over 1G, As 10G is given below.
Specificatio 1G Copper Port backward-compatible with 1G where
ns s, Page from day-1. as vies-versa is not possible. And for
No. - 39, Additionally ADC/WAF/SLB deployment 8 x 10G
Point No. - should have 8 x is more than sufficient because asked
2 1GE Fiber for throughput is 40G.please amending
future use this clause.
(Break-Out Layer 4 connections per second:
should not be Considering the asked Concurrent
used). All Connections and Layer 4 connections
transceivers per second requirement is lower side.
(SM) from day1. Please amend this clause.
Device L4 Layer 7 requests per second:
Throughput: 20 Considering the asked Concurrent
Gbps and Connections and Layer 7 requests
scalable upto 40 per second requirement is lower side.
Gbps Please amend this clause.
Layer 7 requests It is suggested to amend the clause
per second: as: -
1300,000 Traffic Ports support: 8 x 10 GE
Layer 4 SFP+ from day-1
connection per Device L4 Throughput: 20 Gbps and
second: 500,000 scalable up to 40 Gbps
Concurrent Layer 7 requests per second: 5
Connection: 38 million
Million Layer 4 connections per second: 3
RSA CPS (2K Million
Key): 20,000 RSA CPS(2K Key): 20,000
ECC CPS (EC- ECC CPS (EC-P256): 12,000 with
P256): 12,000 TLS1.3 Support
with TLS1.3 Processor: Intel 12-core CPU or
Support equivalent or better
Processor: Intel Concurrent Connections: 40 Million
12-core CPU, Processor: Intel 12-core CPU, 64GB
64GB RAM, RAM, minimum 480GB SSD Disk and
minimum 480GB dual power supply.
SSD Disk and The appliance should have 1 x 1G
dual power RJ45 Management Port and 1G RJ45
supply. Console port.
Page 122 of 174
 The appliance
should have 1 x
1G RJ45
Management
Port and 1G
RJ45 Console
port.
2 Section – The proposed ap Different OEM has different Please refer the
VII, Clause pliance should s terminology and technique to achieve revised
No- 7. upport the below similar function. We would like to specifications
Technical metrics: request the honorable tendering given below.
Specificatio — Minimum committee to use vendor agnostic
ns s, Page Misses, terminology for wider participation.
No. - 39, — Hash,
Point No. - — Persistent — Minimum Misses,
6 Hash, — Hash,
— Tunable — Persistent Hash,
Hash, — Tunable Hash/Equivalent
— Weighted — Weighted Hash/Equivalent
Hash, — Least Connections,
— Least — Least Connections Per Service,
Connections, — Round-Robin,
— Least — Response Time,
Connections Per — Bandwidth, etc
Service,
— Round-Robin,
— Response
Time,
— Bandwidth,
etc.
3 Section – Following Load Virtual Matrix Architecture feature is Please refer the
VII, Clause Balancing specific to one ADC OEM. Kindly revised
No- 7. Topologies remove this clause for wider specifications
Technical should be participation and for other points given below.
Specificatio supported: please allow similar or equivalent
ns s, Page • Virtual Matrix feature metrics for broader
No. - 39, Architecture participation
Point No. - • Client Network Following Load Balancing Topologies
7 Address should be supported:
Translation • Client Network Address Translation
(Proxy IP) (Proxy IP) /Equivalent
• Mapping Ports • Mapping Ports /Equivalent
• Direct Server • Direct Server Return /Equivalent
Return • One Arm Topology Application
• One Arm /Equivalent
Topology • Direct Access Mode /Equivalent
Application • Assigning Multiple IP Addresses
• Direct Access /Equivalent
Mode • Immediate and Delayed Binding
• Assigning /Equivalent
Multiple IP
Page 123 of 174
 Addresses
• Immediate and
Delayed Binding
4 Section – The proposed For wider participation, We would like Please refer the
VII, Clause appliance/softwa to request the honorable tendering revised
No- 7. re should be committee to amend the clause as specifications
Technical EAL2 certified. requested. given below.
Specificatio "The proposed appliance/software
ns s, Page should be EAL2 certified/Make in
No. - 42, India"
Point No. -
31
5 Section – Capable of In order to switch over the Please refer the
VII, Clause handling applications traffic like web app, email revised
No- 7. complete Full app etc. the GSLB solution must specifications
Technical DNS bind understand all types of DNS records given below.
Specificatio records including and not just A or AAAA. Kindly add
ns s, Page A, AAAA, etc. for following functionality for complete
No. - 42, IPv4/IPv6 Solution. It is suggested to amend
Point No. - this clause as :-
34 The Proposed Solution must have
Global Server Load Balancing and
should be able to host SRV Records,
AAAA Records, A, PTR, MX, TXT,
SOA, NS, Dname, Dmarc Records
and should also support DNSSEC.
6 Section – Support: IPS is completely different technology Please refer the
VII, Clause Application load even deployment is different. Kindly revised
No- 7. balance with remove the IPS feature in the specifications
Technical functionality of specifications s for the wider given below.
Specificatio Application participations of OEM. It is suggested
ns s, Page delivery to amend the clause as
No. - 43, features, "Application load balance with
Point No. - Antivirus, IP functionality of Application delivery
44 / a Reputation, IPS, features, Antivirus, IP Reputation,
WAF Security, WAF Security, Credential Stuffing
Credential Defense, Zero day prevention, DLP,
Stuffing Analytics, Bot protection, logs, High
Defense, Zero Availability and reporting from day 1.
day prevention, OEM should be present in India from
DLP, Analytics, at least 5 years and Proposed
Bot protection, solution should support 24x7x365
logs, High OEM TAC support and advance Next
Availability and Business Day Hardware replacement.
reporting from The proposed equipments must come
day 1. OEM with 5 year warranty and onsite
should be support. Installation, basic
present in India configuration (at least 2 domains),
from at least 5 and six days of training on essential
years and aspects of the WAF/ADC for the IT
Proposed team of the High Court of M.P.,
Page 124 of 174
 solution should Jabalpur. The WAF/ADC should
support 24 x 7 x support to store all log of minimum
365 OEM TAC 8months period on external storage
support and such as NAS/SAN. The required
advance Next external storage (Hitachi VSP E590H
Business Day through) will be provided by High
Hardware Court of M.P"
replacement.
The proposed
equipments
must come with
5 year warranty
and onsite
support.
Installation,
basic
configuration (at
least 2
domains), and
six days of
training on
essential
aspects of the
WAF/ADC for
the IT team of
the High Court of
M.P., Jabalpur.
The WAF/ADC
should support
to store all log of
minimum 8
months period
on external
storage such as
NAS/SAN. The
required external
storage (Hitachi
VSP E590H
through will be
provided by High
Court of M.P.
"Specifications – C” Network Monitoring System
1 Section – The solution Request you to modify the OEM Please refer the
VII, Clause should specific clause as: revised
No- 7. automatically The solution should automatically specifications
Technical group servers /Manually group servers that work given below.
Specificatio that work closely closely together based on analysis of
ns s, Page together based communication between them
No. - 44, on analysis of
Point No. - communication
2 between them
Page 125 of 174
2 Section – The solution The required features is not the Please refer the
VII, Clause should standard ask of EMS module and to revised
No- 7. automatically achieve this solution dedicated APM specifications
Technical build tool will be required so we request given below.
Specificatio visualizations you to remove this clause for wider
ns s, Page that show participate
No. - 44, dependency
Point No. - between
4 switches,
routers,
physical/virtual
host, Containers,
storages, cluster
software,
business
applications and
other entities. It
should also have
the capability to
detect
applications that
span from
Datacenter and
end in a public
or a private
cloud with
interconnects
between them.
3 Section – The solution Request you to modify the specific Please refer the
VII, Clause should be able clause as: revised
No- 7. to automatically The solution should be able to specifications
Technical detect software’s automatically/manually detect given below.
Specificatio that are end of software’s that are end of support,
ns s, Page support, end of end of extended support and end of
No. - 44, extended life. With respect to OS, it should
Point No. - support and end detect End of support and End of life
8 of life. With as well. On Security, It should be able
respect to OS, it to find the patches installed on
should detect servers along with reports on
End of support vulnerable ports. Lastly, it should
and End of life integrate with a vulnerability
as well. On management solution to detect blind
Security, It spots in security of nodes missed out
should be able in vulnerability management that are
to find the found to be active in discovery.
patches installed
on servers along As multiple software does not provide
with reports on the required data on any standard
vulnerable ports. protocol so please modify the clause
.Lastly, it should as suggested.
integrate with a
Page 126 of 174
 vulnerability
management
solution to detect
blind spots in
security of nodes
missed out in
vulnerability
management
that are found to
be active in
discovery.
4 Section – It should be The required features is not the No change
VII, Clause possible to standard ask of EMS module and to
No- 7. initiate complete achieve this solution dedicated APM
Technical discovery of an tool will be required so we request
Specificatio application and you to remove this clause for wider
ns s, Page connected participate.
No. - 44, components
Point No. - from anywhere
12 in the tree.
Therefore it
should support
top down,
bottom up and
start anywhere
discovery from
any node of the
application.
5 Section – Configurations: The required features is not the Removed.
VII, Clause create rules that standard ask of NMS solution and
No- 7. automatically can be achieved via ITSM solution,
Technical assign deadlines so please confirm here whether new
Specificatio to events based ITSM need to propose here or NMS
ns s, Page on their impact will be integrated with existing
No. - 48, on services or running ITSM solution.
Point No. - on end-users,
74 create rules that If Existing please provide OEM and
perform version details of the ITSM solution.
automated
assignment of
events to the
corresponding
teams, create
rules that control
automated
notification of
interested
stakeholders
about events ,
automatically
handling
Page 127 of 174
 duplicate events,
provide event
correlation
capabilities to
combine a set of
different events
into one major
event
6 Additional Request you to please provide the The bidder is
required details of the IT requested to visit
Infrastructure which will be monitored the High Court of
in NMS solution M.P., Jabalpur for
1) No. Of servers: getting the real
i) Physical Server time detail of
ii) VMs same before the
iii) Physical server on which submission of bid
virtualization platform running. document.
2) No. & Make Of Network devices
i) Router/Switches/Firewall
ii) Wireless Controller/Wi-Fi AP
iii) Storage
3) No. & Name Of Applications
4) No. Of containers.
Or any other IP devices
24. M/s Path Infotech
1 “Specificatio The solution Please consider remove "2008.2012", Please refer the
ns – C” should allow Only OEM supported O.S can be revised
Network monitoring of supported specifications
Monitoring Server Status given below.
System/ and Availability,
Servers & CPU Utilization,
System Memory
Monitoring/ Utilization,
35/Pg Process
No.45 Monitoring, File
System
Monitoring, Disk
Utilization of
RHEL/Centos,
SUSE, Ubuntu
servers/Window
s 2008,
2012,2016,2019,
2022.
2 “Specificatio Solution offers Please consider removing "XML, Please refer the
ns – C” multiple SOAP & Trap" as RestAPI based revised
Network integration integration is the industry best specifications
Monitoring methods which practice and modify the point to given below.
System/ can be used by "Solution offers multiple integration
Servers & customers for methods which can be used by
System integrating their customers for integrating their own
Page 128 of 174
 Monitoring/ own systems. systems. Integration should provide
17/Pg Integration the option in both north as well as
No.45 should provide south bound integration using
the option in multiple options like RestAPI on each
both north as module level. Any fault details should
well as south be able to send to third party CRM,
bound Customer Portal, UNMS or even EMS
integration using if needed."
multiple options
like RestAPI,
XML, SOAP, etc.
on each module
level. Any fault
details should be
able to send to
third party CRM,
Customer Portal,
UNMS or even
EMS if needed
using the Trap,
XML
3 “Specificatio The solution Please elaborate what kind of Please refer the
ns – C” should be able recommendations is expected from revised
Network to gather the solution? specifications
Monitoring capacity data given below.
System/ from vCenter,
Servers & HMC, Physical
System servers, etc.
Monitoring/ Generate report
40/Pg and provide
No.46 recommendation
4 “Specificatio The proposed Please consider removing end point Please refer the
ns – C” solution should devices like desktop to "The revised
Network be able to proposed solution should be able to specifications
Monitoring monitor the monitor the availability, health and given below.
System/ availability, performance of physical servers,
Servers & health and virtual servers, web service (Apache),
System performance of database service (MySQL & PGSQL),
Monitoring/ physical servers, Network devices like routers,
Pg No.43 virtual servers, switches, Kiosks, display boards,
web service URL monitoring, other snmp/ping
(Apache), enabled devices like UPS and AC
database service from single dash board."
(MySQL &
PGSQL),
Network devices
like routers,
switches, end
point devices
like desktop,
Kiosks, display
Page 129 of 174
 boards, URL
monitoring, other
snmp enabled
devices like UPS
and AC from
single dash
board.
5 “Specificatio The solution Please consider removing this point Removed.
ns – C” should show
Network storage growth
Monitoring rates and project
System/ when the
Storage storage capacity
Monitoring will be reached
Monitoring/
40/Pg
No.46
6 Specificatio Provides multi- Different OEM's have different level Please refer the
ns – C” level (preferably of severity definitions. revised
Network six-level) specifications
Monitoring Severity given below.
System/ definition, will
Logging/Re handle events
porting/Alert automatically
/threshold and inform the
/65/Pg designated
No.47 person as per
operational
requirement
7 “Specificatio Capacity Please consider removing this Optional.
ns – C” Reservations: specifications .
Network tool should allow
Monitoring management of
System/ resource
Other allocations and
Features/72 reservations (for
/Pg No.48 services,
applications or
other needs),
identify resource
shortages and
provide
information for
further analysis
or procurement
8 “Specificatio The licenses Please consider modifying to "The Please refer the
ns – C” should be licenses should be On Prem revised
Network perpetual with Subscription with 05 years support specifications
Monitoring 05 years support /updates /upgrade." given below.
System/ /updates
Licensing/8 /upgrade.
Page 130 of 174
 0/Pg No.49
9 “Specificatio The bidder has Please consider removing this Yes accepted.
ns – C” to quote only 01 specifications as EMS based OEM's
Network product of single do not provide solutions for Web
Monitoring make / brand at Application Firewall with Server Load
System/ a time and not Balancer.
Note/4/Pg multiple brands
No.49 for same item.
10 “Specificatio Provides Please consider modifying the Please refer the
ns – C” provision to draw specifications to "The tool should revised
Network & map user enable business users or specifications
Monitoring specific network administrators to efficiently design given below.
System/ diagram and modify the service
Discovery/1 model(network diagram) using
5/Pg No.44 templates
25. M/s Trend Micro
1 Section 7 / RFP has asked RFP has asked for NGFW (Next Quote as per
Clause 7 / for Firewall, Web Generation Firewall) which is a tender.
Page 31 application combination of Firewall, NIPS, Anti-
Firewall and APT i.e. all is fitting in a single box.
NMS We propose to have dedicated
Network Intrusion Prevention System
along with Next Generation Firewall
to avoid single point of failure
- Whenever throughput increases, by
default the box capacity will decrease
as it is working with all the modules of
FW, NIPS & Anti-APT or in worst
case NGFW will bypass the NIPS &
Anti-APT & will offer basic Firewall
functionality only. These problems of
NGFWs are publically available on
web.
We request to consider our
recommendation for dedicated
purpose built NIPS appliance.
2 Section 7 / RFP has asked Even in recent Supreme court RFP of Quote as per
Clause 7 / for Firewall, Web Data Center for ICT enablement: tender.
Page 31 application GEM/2024/B/4564249; Next
Firewall and Generation IPS is there which
NMS mentions that NIPS should be a
Dedicated appliance (NOT a part of
Router, UTM, Application Delivery
Controller, Proxy based architecture
or any Stateful Appliance).
We request to consider our
recommendation for dedicated
purpose built NIPS appliance.
3 Section 7 / RFP has asked Moreover, we propose to have Quote as per
Clause 7 / for Firewall, Web dedicated Network Intrusion tender.
Page 31 application Prevention System along with Next
Page 131 of 174
 Firewall and Generation Firewall to avoid single
NMS point of failure.

NGFW is a single box with same

underlying OS; if it is compromised
my perimeter security is broken. So
dedicated NIPS is required
4 Section 7 / RFP has asked NGFW has very less threat signature Quote as per
Clause 7 / for Firewall, Web compared with NIPS. We request to tender.
Page 31 application consider our recommendation for
Firewall and dedicated purpose built NIPS
NMS appliance.
5 Section 7 / RFP has asked Lot of times Firewall is bypassed Quote as per
Clause 7 / for Firewall, Web (sometimes it goes in auto bypass tender.
Page 31 application mode) to let the traffic through and
Firewall and then there is no protection at North
NMS South Interface.
We request to consider our
recommendation for dedicated
purpose built NIPS appliance.
26. M/s A10 Networks Inc
3.30 Link Load Balancer-HW solution
1 The LLB Due to license The LLB must be deployed in Active- No change.
must be capping the Standby mode of HA from day one
deployed in OEMs will take and proposed solution shall also
Active- advantage to support Active-Active mode of HA.
Standby quote higher for Proposed solution shall be
mode of HA the incremental horizontally/vertically scalable in
from day license which is future via software and/or hardware
one and not cost effective with minimum scalability support of
proposed to customer. 80Gbps L4 throughput considering
solution Hence request the redundancy of one load balancer
shall also you to amend unit. The LLB shall be dual stack
support the point as "The (IPv4 & IPv6) ready and HA should
Active- LLB must be be supported on both IPV4 and IPV6.
Active deployed in
mode of Active-Standby
HA. mode of HA from
Proposed day one and
solution proposed
shall be solution shall
horizontally/ also support
vertically Active-Active
scalable in mode of HA.
future via Proposed
software solution shall be
and/or horizontally/verti
hardware cally scalable in
with future via
minimum software and/or
scalability hardware with
Page 132 of 174
 support of minimum
80Gbps L4 scalability
throughput support of
considering 80Gbps L4
the throughput
redundancy considering the
of one load redundancy of
balancer one load
unit. The balancer unit
LLB shall from Day-1. The
be dual LLB shall be
stack (IPv4 dual stack (IPv4
& IPv6) & IPv6) ready
ready and and HA should
HA should be supported on
be both IPV4 and
supported IPV6. "
on both
IPV4 and
IPV6.
2 The LLB Request you to The LLB should have a minimum L4 Quote as per
should have remove this throughput of 40 Gbps. tender and
a minimum point as this is clarification
L4 contradicting published.
throughput with point no. 3.
of 40 Gbps.
3 The Due to The proposed solution should have No change.
proposed connection minimum 1.2 million L4 TCP
solution reuse the Layer connections / second and 2.4 Million
should have 4 CPS numbers HTTP requests / second
minimum are high
1.2 million compared to
L4 TCP Layer4 CPS
connections numbers which
/ second are 1/10th of the
and 2.4
L4 TPS
Million numbers. Hence
HTTP request you to
requests / amend the
second clause as "The
proposed
solution should
have minimum
120K L4 TCP
connections /
second".
3.31 Link Load Balancer for DR
4 The LLB Due to license The LLB must be deployed in Active- Quote as per
must be capping the Standby mode of HA from day one tender.
deployed in OEMs will take and proposed solution shall also
Active- advantage to support Active-Active mode of HA.
Page 133 of 174
 Standby quote higher for Proposed solution shall be
mode of HA the incremental horizontally/vertically scalable in
from day license which is future via software and/or hardware
one and not cost effective with minimum scalability support of
proposed to customer. 40Gbps L4 throughput considering
solution Hence request the redundancy of one load balancer
shall also you to amend unit. The LLB shall be dual stack
support the point as "The (IPv4 & IPv6) ready, and HA should
Active- LLB must be be supported on both IPV4 and IPV6.
Active deployed in
mode of Active-Standby
HA. mode of HA from
Proposed day one and
solution proposed
shall be solution shall
horizontally/ also support
vertically Active-Active
scalable in mode of HA.
future via Proposed
software solution shall be
and/or horizontally/verti
hardware cally scalable in
with future via
minimum software and/or
scalability hardware with
support of minimum
40Gbps L4 scalability
throughput support of
considering 40Gbps L4
the throughput
redundancy considering the
of one load redundancy of
balancer one load
unit. The balancer unit
LLB shall from Day-1. The
be dual LLB shall be
stack (IPv4 dual stack (IPv4
& IPv6) & IPv6) ready
ready, and and HA should
HA should be supported on
be both IPV4 and
supported IPV6. "
on both
IPV4 and
IPV6.
3.32 Hardware Server Load Balancer
5 The solution As per pt no.3 The solution (along with its Quote as per
(along with the appliance tenant/virtual instance) must be tender.
its Layer 7 deployed in Active-
tenant/virtu throughput Standby mode of HA from day one
al instance) asked is of 10 and proposed solution shall also
Page 134 of 174
must be Gbps whereas support Active - Active mode of HA
deployed in point no. 17 and should provide seamless
Active- states SSL takeover in-case if one device fails.
Standby throughput of Proposed solution shall be horizontal
mode of HA 40Gbps. SSL scalable in future via software and/or
from day adds overhead hardware
one and due to SSL/TLS with minimum scalability support of
proposed encryption of 40 Gbps SSL throughput considering
solution around 30-50%. the
shall also At the beast for redundancy of one load balancer unit.
support a 10 Gbps The SLB shall be dual stack (IPv4 &
Active- appliance we IPv6) ready, and HA should be
Active can consider 6 supported on both IPV4 and IPV6.
mode of HA Gbps of SSL
and should throughput.
provide Request you to
seamless reconsider the
takeover in- SSL throughput
case if one which is inline to
device fails. the Layer 7
Proposed throughput
solution asked.
shall be
horizontal
scalable in
future via
software
and/or
hardware
with
minimum
scalability
support of
40 Gbps
SSL
throughput
considering
the
redundancy
of one load
balancer
unit. The
SLB shall
be dual
stack (IPv4
& IPv6)
ready, and
HA should
be
supported
on both
Page 135 of 174
 IPV4 and
IPV6.
6 The Request you to The proposed WAF solution should Please refer the
proposed amend the be ICSA and PCI compliant. revised
WAF clause as The specifications
solution proposed WAF given below.
should be solution should
ICSA and be ICSA/ISO
PCI /IEC
compliant. 27001:2013/SO
C 2 Type 2 and
PCI compliant
for wider
participation
from the WAF
OEM`s.
Web Application Firewall with Server Load Balancer
7 Device L4 Due to license capping the OEMs Quote as per
Throughput: have the advantage to quote higher tender.
20 Gbps for the incremental license which is
and not cost effective to customer. Hence
scalable request you to amend the point as
upto 40 "The ADC+WAF should be fully
Gbps populated with the license throughput
of 40 Gbps from Day-1."
8 Processor: To derive the performance number Quote as per
Intel 12- from the specific compute numbers tender.
core CPU, does not decide performance of the
64GB RAM, device at all due to Different
minimum architecture, ASICS, FTGA cards etc
480GB SSD have different hardware requirement
Disk and which cannot be generalized for
dual power performance. Request you to change
supply. the required Processor to Intel Xeon
8-core or higher.
27. M/s gstbhopalb
1 Section–VII The solution Request you to modify the OEM Please refer the
Clause No - should specific clause as: revised
7. Technical automatically "The solution should automatically specifications
Specificatio group servers /Manually group servers that work given below.
ns s that work closely closely together based on analysis of
Specificatio together based communication between them."
ns – C” on analysis of
Network communication
Monitoring between them
System
Page No.-
44, Point
no. 2
2 Section– VII The solution The required features is not the Please refer the
Clause No- should standard ask of EMS module and to revised
Page 136 of 174
 7. Technical automatically achieve this solution dedicated APM specifications
Specificatio build tool will be required so we request given below.
ns s visualizations you to remove this clause for wider
Specificatio that show participate
ns – C” dependency
Network between
Monitoring switches,
System routers,
Page No.- physical/virtual
44, Point host, Containers,
no. 4 storages, cluster
software,
business
applications and
other entities. It
should also have
the capability to
detect
applications that
span from
Datacenter and
end in a public
or a private
cloud with
interconnects
between them.
3 Section– VII The solution Request you to modify the specific Please refer the
Clause No- should be able clause as: revised
7. Technical to automatically "The solution should be able to specifications
Specificatio detect software’s automatically /manually detect given below.
ns s that are end of software’s that are end of support,
Specificatio support, end of end of extended support and end of
ns – C” extended life. With respect to OS, it should
Network support and end detect End of support and End of life
Monitoring of life. With as well. On Security, It should be able
System respect to OS, it to find the patches installed on
Page No.- should detect servers along with reports on
44, Point End of support vulnerable ports. Lastly, it should
no. 8 and End of life integrate with a vulnerability
as well. On management solution to detect blind
Security, It spots in security of nodes missed out
should be able in vulnerability management that are
to find the found to be active in discovery."
patches installed
on servers along As multiple software does not provide
with reports on the required data on any standard
vulnerable ports. protocol so please modify the clause
Lastly, it should as suggested
integrate with a
vulnerability
management
Page 137 of 174
 solution to detect
blind spots in
security of nodes
missed out in
vulnerability
management
that are found to
be active in
discovery.
4 Section– VII Solution offers Request you to provide more details Please refer the
Clause No- multiple on the software/application from revised
7. Technical integration which EMS application need to specifications
Specificatio methods which integrate given below.
ns s can be used by
Specificatio customers for
ns – C” integrating their
Network own systems.
Monitoring Integration
System should provide
Page No.- the option in
45, Point both north as
no. 17 well as south
bound
integration using
multiple options
like RestAPI,
XML, SOAP, etc.
on each module
level. Any fault
details should be
able to send to
third party CRM,
Customer Portal,
UNMS or even
EMS if needed
using the Trap,
XML
5 Section– VII The solution As per our understanding here need Quote as per
Clause No- should be able to monitor the latency of all the nodes tender.
7. Technical to track from application server, please clarify
Specificatio connectivity
ns s between network
Specificatio endpoints and
ns – C” display the delay
Network between nodes
Monitoring
System
Page No.-
45, Point
no. 29
6 Section– VII Configurations: The required features is not the Removed.
Page 138 of 174
 Clause No- create rules that standard ask of NMS solution and
7. Technical automatically can be achieved via ITSM solution,
Specificatio assign deadlines so please confirm here whether new
ns s to events based ITSM need to propose here or NMS
Specificatio on their impact will be integrated with existing
ns – C” on services or running ITSM solution.
Network on end-users, If Existing please provide OEM and
Monitoring create rules that version details of the ITSM solution.
System perform
Page No.- automated
48, Point assignment of
no. 74 events to the
corresponding
teams, create
rules that control
automated
notification of
interested
stakeholders
about events ,
automatically
handling
duplicate events,
provide event
correlation
capabilities to
combine a set of
different events
into one major
event
7 Section– VII It should be The required features is not the No change.
Clause No- possible to standard ask of EMS module and to
7. Technical initiate complete achieve this solution dedicated APM
Specificatio discovery of an tool will be required so we request
ns s application and you to remove this clause for wider
Specificatio connected participate
ns – C” components
Network from anywhere
Monitoring in the tree.
System Therefore it
Page No.- should support
44, Point top down,
no. 12 bottom up and
start anywhere
discovery from
any node of the
application.
8 Additional Request you to please provide the The bidder is
required details of the IT requested to visit
Infrastructure which will be monitored the High Court of
in NMS solution M.P., Jabalpur for
Page 139 of 174
 1) No. Of servers: getting the real
i) Physical Server time detail of
ii) VMs same before the
iii) Physical server on which submission of bid
virtualization platform running. document.
2) No. & Make Of Network devices
i) Router/Switches/Firewall
ii) Wireless Controller /Wi-Fi AP
iii) Storage
3) No. & Name Of Applications
4) No. Of containers.
Or any other IP devices

“Specifications – A”
Firewall Technical Specifications
S. Feature Technical Specifications Revised Specifications after Compliance
No clarification /query Yes / No with
. Remarks (if any)
1 Type Next Generation
Enterprise Firewall
2 3rd party The proposed firewall Removed
Test vendor must have over
Certificati 97% of Exploit Block rate
on in latest NGFW NSS Lab
Test report.
The proposed vendor The proposed vendor must be
must be in the Leader’s or in the Leader’s or challenger
challenger quadrant of the quadrant of the Network
Network Firewalls Gartner Firewalls Gartner Magic
Magic Quadrant for latest Quadrant for latest year report
year report. OR Top 5 OEMs in Network
Firewalls (NGFW) according to
the latest report from IDC
(International Data
Corporation).
3 Interface 6 X 10G Copper/RJ45 Minimum 6x1G copper or fiber
and Day 1 from day1. (In case of fiber, the
Connectivi vendor have to provide the
ty appropriate no. of transceivers
Requirem and patch cords)
ent 8 X 1/10G SFP/SFP+ Day Minimum 4 X 1/10G SFP/SFP+
1 with LR/SM transceivers Day 1 with LR/SM transceivers
and 8x3m patch cords. and 8x3m patch cords.
4X 10/25Gig SFP28 Ports Minimum 2X 10/25Gig SFP28
with 4 nos. of LR Ports or Minimum 2x 40/100G
transceivers and 4x3m QSFP28 ports with appropriate
patch cords from Day one nos. of LR/SM transceivers and
4x3m patch cords from Day
one
Page 140 of 174
 Minimum 2 x 10G HA port Minimum 1 x 1G HA port in
in addition to requested addition to requested data ports
data ports, Dedicated 1 X or higher, Dedicated 1 X
10/100/1000 RJ45 10/100/1000 RJ45
Management Port Management Port
Should have support Removed
2x40/100G for future use.
4 Hardware The appliance based No Change
Architectu security platform should
re provide Next-Gen Firewall
functionality like IPS,
Application Control, URL
and content filtering and
Anti-malware functionality
in a single appliance from
day one.
The appliance hardware The appliance hardware should
should be a multicore be a multicore CPU
CPU architecture and architecture or should be
should not be proprietary proprietary ASIC based in
ASIC based in nature & nature & should be open
should be open architecture based on multi-
architecture based on core cpu's to protect &scale
multi-core cpu's to protect against dynamic latest security
& scale against dynamic threats. The appliance
latest security threats. The hardware should have a
appliance hardware hardened operating system
should have a hardened from the OEM and should
operating system from the support minimum of 64GB of
OEM and should support RAM to make sure all the
minimum of 64GB of RAM security capabilities are
to make sure all the provided without degradation
security capabilities are from day one or should be
provided without proprietary ASIC based in
degradation from day one. nature to make sure all the
security capabilities are
provided without degradation
from day one.
The firewall should have The firewall should have
integrated redundant fan integrated redundant fan and
and dual redundant hot dual redundant power supply to
swappable power supply remove any single point of
to remove any single failure in the solution
point of failure in the
solution
5 Performan The NGFW throughput of The NGFW throughput of the
ce & the firewall should be a firewall should be a minimum
Scalability minimum 20 Gbps with 20 Gbps with application
application identification identification and firewalling
and firewalling enabled enabled with real
with real world/enterprise/ world/enterprise mix/
Page 141 of 174
 production traffic with production traffic with logging
logging enabled. The enabled. The Threat
Threat Prevention/NGIPS Prevention/NGIPS throughput
throughput after enabling after enabling IPS, AVC,
IPS, AVC, antimalware, antimalware, sandboxing with
sandboxing with logging logging enabled should be 10
enabled should be 12 Gbps.
Gbps.
The firewall should No Change.
provide 12 Gbps of IPSEC
VPN throughput
NGFW Firewall should NGFW Firewall should support
support at least 1400,000 at least 1400,000 Layer 7
Layer 7 Concurrent Concurrent
sessions sessions/connections.
NGFW Firewall should No Change.
support at least 150,000
connections per second
L3/L4 or New Layer 7
connections per second –
Min 90,000
High Availability: No Change.
Active/Active and
Active/Passive and should
support session state
synchronization among
firewalls from day 1.
6 Next Gen Firewall should support Firewall should support
Firewall creating security policies creating security policies with
Features with source/destination source/destination zones,
zones, networknetwork subnets/ranges,
subnets/ranges, relocation relocation objects or geo
objects, ports/protocols,location objects,
applications, user/group ports/protocols, applications,
attributes, URL/URL user/group attributes, URL/URL
categories and action on categories and action on traffic.
traffic. The actions on the The actions on the traffic
traffic should be to allow, should be to allow, alert, block,
alert, block, block and block and continue, reset or the
continue, reset. Theactions on the traffic should be
firewall should provide to accept, drop, ask, inform,
time based polices with reject, user auth, client auth
options for reccurrecing etc. The firewall should provide
schedule or one time time based polices with options
schedule. for reccurrecing schedule or
one time schedule.
The firewall should The firewall should supports
supports NAT's like NAT's like source NAT,
source NAT, destination destination NAT, U-Turn NAT
NAT, U-Turn NAT. or hairpin or loopback or better
Firewall should support option. Firewall should support
Page 142 of 174
Nat66, Nat 64 or Nat46 Nat66, Nat 64 or Nat46
functionality functionality
Solution should provides No Change
capabilities like dynamic
real-time metrics based,
policy-based, application
path selection across
multiple WAN connections
and supports service
chaining for additional
services such as WAN
optimization and firewalls.
The solution should No Change
provide the following
routing capabilities:
OSPF, EIGRP, BGP, RIP,
Multicast, Static,
Route Tracking(SLA) No Change
PBR, ISIS, BFD, ECMP,
VRF, Application based
Routing
Should support capability Should support capability to
to create multiple virtual create multiple virtual
context/instance with strict context/instance.
hardware resource (CPU,
Memory & Storage)
reservation and ensure
traffic isolation between
virtual context/instance
The solution should be The solution should be able to
able to provide contextual provide contextual information
information about the about the hosts and the
hosts and the network network subnets present such
subnets present such that that the admins are able to
the admins are able to capture all the required
capture all the required information and build the
information and build the security profiles based on the
security profiles based on details shown on the solution.
the details shown on the The details captured should
solution. The details consist of the following: IOC's ,
captured should consist of IP address, Applications, Ports
the following: IOC's , MAC &protocols, vulnerabilities etc.
addresses, IP address,
Applications, Ports
&protocols, vulnerabilities
etc.
Should support capability No Change
to integrate with other
security solutions to
receive contextual

Page 143 of 174

information like security
group tags/names.
Should support more than No Change
4000+ (excluding custom
application signatures)
distinct application
signature as application
detection mechanism to
optimize security
effectiveness and should
be able to create 40 or
more application
categories for operational
efficiency
Should be capable of No Change
dynamically tuning
IDS/IPS sensors (e.g.,
selecting rules, configuring
policies, updating policies,
etc.) with minimal human
intervention.
Should support more than Should support more than
19,000 (excluding custom 15,000 (excluding custom
signatures) IPS signatures signatures) IPS signatures or
or more. Solution should more. Solution should be able
be able to passively detect to passively detect endpoints
endpoints and and infrastructure for threat
infrastructure for threat correlation and Indicators of
correlation and Indicators Compromise (IoC) intelligence.
of Compromise (IoC) The signatures should also
intelligence. The have categorization based on
signatures should also MITRE TTP's.
have categorization based
on MITRE TTP's.
The firewall solution No Change
should have the following
capabilities to make sure
the current solution is
future ready for
technologies like WAN
routing, SASE etc. The
firewall should have
application aware routing
with HTTP and ICMP ping,
ZTNA based clientless
access to applications
from day1.
The firewall solution No Change
should have capabilities
like Application Aware

Page 144 of 174

Routing, Health
Monitoring, DIA, Dual ISP,
Data interface
Management for simplified
branch capabilities
Should be capable of No Change
automatically providing the
appropriate inspections
and protections for traffic
sent over non-standard
communications ports.
The solution should be No Change
able to identify, decrypt
and evaluate both inbound
and outbound SSL traffic
on-box. The NGFW shall
support the ability to have
a SSL inspection policy
differentiate between
personal SSL connections
i.e. banking, shopping,
health and non-personal
traffic.
The solution should have No Change
ML/AI capability to detect
client apps and process.
Moreover it should be able
identify malicious
encrypted traffic even
when it is destined for a
trustworthy service. This is
required to help
administrators control
specific applications and
improve network security
The solution should The solution should provide
provide traffic hit count, traffic hit count. Rule Conflict
Rule Conflict Detection Detection (Redundant
(Redundant &Shadowed) &Shadowed) and policy
and policy warning for warning for streamlining firewall
streamlining firewall policies is optional.
policies.

The solution should Removed.

provide Change
Management capability for
the organizations needs to
implement more formal
processes for
configuration changes,
Page 145 of 174
including audit tracking
and official approval
before changes are
deployed.
Should support the No Change
capability to quarantine
end point by integrating
with other security solution
like Network Admission
Control.
The solution must provide No Change
IP reputation feed that
comprised of several
regularly updated
collections of poor
reparation of IP addresses
determined by the
proposed security vendor.
Solution must support IP
reputation intelligence
feeds from third party and
custom lists of IP
addresses including a
global blacklist. The
solution should have the
capability to detect MD5,
SHA256 and SHA512
traffic hashes to detect
any malicious traffic
pattern
The solution should The solution should provide
provide Configuration Configuration Deployment
Deployment History, History, Pending Changes and
Pending Changes and Policy Compare /test capability
Policy Compare capability before the security policies are
before the security policies deployed on the firewall. It
are deployed on the should also provide
firewall. It should also configuration rollback capacity
provide configuration to the last good configuration
rollback capacity to the running on the firewall.
last good configuration
running on the firewall.
The Appliance OEM must No Change
have its own threat
intelligence analysis
center and should use the
global footprint of security
deployments for more
comprehensive network
protection.

Page 146 of 174

 The detection engine No Change
should support capability
of detecting and
preventing a wide variety
of threats (e.g., network
probes/reconnaissance,
VoIP attacks, buffer
overflows, P2P attacks,
etc.).
Should be able to identify No Change
attacks based on Geo-
location and define policy
to block on the basis of
Geo-location
The detection engine must No Change
incorporate multiple
approaches for detecting
threats, including at a
minimum exploit-based
signatures, vulnerability-
based rules, protocol
anomaly detection, and
behavioral anomaly
detection techniques.
Should be IPv6 Logo or No Change
USGv6 certified
7 URL Should support Open No Change
Filtering based Application ID /
Features Custom Application ID for
access to community
resources and ability to
easily customize security
to address new and
specific threats and
applications quickly
Should must support URL No Change
threat intelligence feeds to
protect against threats
Should support Should support Reputation-
Reputation- and category- and category-based URL
based URL filtering filtering offering comprehensive
offering comprehensive alerting and control over
alerting and control over suspect web traffic and
suspect web traffic and enforces policies.
enforces policies on more
than 250 million of URLs
in more than 75+
categories from day1.
8 Anti-APT / Should support the Should support the capability of
Malware capability of providing providing network-based
Features network-based detection detection of malware by
Page 147 of 174
 of malware by checking checking the disposition of
the disposition of unknown unknown files using SHA-256
files using SHA-256 file- file-hash or signature as they
hash or signature (update transit the network and
to be provided in 300 capability to do dynamic
seconds) as they transit analysis.
the network and capability
to do dynamic analysis.
Solution shall have No Change
capability to analyze and
block TCP/UDP protocol
to identify attacks and
malware communications.
At minimum, the following
protocols are supported
for real-time inspection,
blocking and control of
download files: HTTP,
SMTP, POP3, IMAP,
NetBIOS-SSN and FTP
9 Managem Proposed solution shall No Change
ent have required subscription
like Threat Intelligence for
proper functioning
The management platform No Change
must be accessible via a
web-based interface and
ideally with no need for
additional client software
and must provide
centralized logging and
reporting functionality
The management platform No Change
must be a dedicated OEM
appliance or VM (bidder to
consider Required
computing / hardware
resource) running on
server.
The management platform No Change
must be capable of
integrating third party
vulnerability information
into threat policy
adjustment routines and
automated tuning
workflows
The management platform No Change
must be capable of role-
based administration,
enabling different sets of
Page 148 of 174
 views and configuration
capabilities for different
administrators subsequent
to their authentication.
Should support No Change
troubleshooting
techniques like Packet
tracer and capture
The management platform No Change
must provide multiple
report output types or
formats, such as PDF,
HTML, and CSV. The
management platform
support running on-
demand and scheduled
reports
The management platform No Change
must support multiple
mechanisms for issuing
alerts (e.g.,SNMP,e-mail,
SYSLOG).
The centralized No Change
management platform
must not have any limit in
terms of handling logs per
day
The management platform No Change
must provide built-in
robust reporting
capabilities, including a
selection of pre-defined
reports and the ability for
complete customization
and generation of new
reports.
The management platform No Change
must risk reports like
advanced malware,
attacks and network
10 Support The management platform No Change
must include an
integration mechanism,
preferably in the form of
open APIs and/or
standard interfaces, to
enable events and log
data to be shared with
external network and
security management
applications, such as
Page 149 of 174
 Security Information and
Event Managers (SIEMs),
and log management
tools.
OEM should be present in No Change
India from at least 5 years
and Proposed solution
should support 24x7x365
OEM TAC support and
advance Next Business
Day Hardware
replacement. The NGFW
should be proposed with 5
years onsite support and
subscription licenses for
NGFW, NGIPS, Anti Virus,
Anti Spyware, URL
Filtering, DNS, VPN and
Anti Botnet.
11 DNS The Solution should The Solution should support
Security support DNS security in DNS security from day1.
line mode and not proxy
mode. Necessary licenses
to be included from day 1.
Solution should maintain a No Change.
database containing a list
of known botnet command
and control (C&C)
addresses which should
be updated dynamically.
DNS Security should have DNS Security should have
predictive analytics to predictive analytics to disrupt
disrupt attacks that use attacks that use DNS for Data
DNS for Data theft and theft and Command and
Command and Control. Control.
DNS security should block DNS security should block
known Bad domains and known Bad domains and
predict with advanced predict with advanced machine
machine learning learning technology and should
technology and should have global threat intelligence.
have global threat
intelligence of at least 10
million malicious domains.
It should prevent against No Change.
new malicious domains
and enforce consistent
protections for millions of
emerging domains.
The solution should The solution should integrate
integrate and correlate to and correlate to provide
Page 150 of 174
provide effective effective prevention against.
prevention against. New C2 domains, file download
New C2 domains, file source domains, and domains
download source in malicious email links or
domains, and domains in equivalent or better.
malicious email links. Integrate with URL Filtering to
Integrate with URL continuously crawl newfound or
Filtering to continuously uncategorized sites for threat
crawl newfound or indicators or equivalent or
uncategorized sites for better.
threat indicators. Should have OEM human-
Should have OEM human- driven adversary tracking and
driven adversary tracking malware reverse engineering,
and malware reverse including insight from globally
engineering, including deployed honey pots.
insight from globally Should take inputs from at least
deployed honey pots. 25 third-party sources of threat
Should take inputs from at intelligence or equivalent or
least 25 third-party better.
sources of threat
intelligence.
Should have simple policy No Change.
formation for dynamic
action to block domain
generation algorithms or
sinkhole DNS queries.
Solution should prevent No Change.
against DNS tunneling
which are used by hackers
to hide data theft in
standard DNS traffic by
providing features like
DNS tunnel inspection
The solution should have The solution should have
capabilities to neutralize capabilities to neutralize DNS
DNS tunneling and it tunneling.
should automatically stop
with the combination of
policy on the next-
generation firewall and
blocking the parent
domain for all customers.
The solution should have No Change.
dynamic response to find
infected machines and
respond immediately.
There should be provision
for administrator to
automate the process of
sink holing malicious
domains to cut off
Page 151 of 174
 Command and control and
quickly identify infected
users.
12 SD-WAN Proposed firewall should
support for internet links
load balancing and
fail‐over based
parameters such as
Latency, Jitter,
Packet‐Loss,
Support for WAN Link- No Change.
Load balancing and Fail-
over with 4 Links or more.
Integrated Traffic Shaping Integrated Traffic Shaping
functionality for both functionality for outbound
inbound and outbound traffic.
traffic.
The proposed firewall No Change.
should support SD-Wan
functionality for application
aware traffic control
13 VPN The proposed system No Change.
shall comply/support
industry standards,
supports without additional
external solution,
hardware or modules:
IPSEC VPN , PPTP VPN,
L2TP VPN,SSL VPN
The system shall support No Change.
2 forms of site-to-site VPN
configurations: Route
based IPSec tunnel
,Policy based IPSec
tunnel
The system shall provide No Change.
IPv6 IPSec feature to
support for secure IPv6
traffic in an IPSec VPN.
The proposed system No Change.
shall support TWO modes
of SSL VPN operation:
Web-only mode: for thin No Change.
remote clients equipped
with a web browser only
and support web
application such as:
HTTP/HTTPS, SMB/CIFS,
SSH, RDP.

Page 152 of 174

 Tunnel mode, for remote No Change.
computers that run a
variety of client and server
applications
The proposed solution No Change.
shall support to a
minimum of 2000
concurrent IPSEC-VPN
and 1000 concurrent SSL-
VPN users from day 1
14 Automatio The Proposed system The Proposed system shall
n& shall support automation support automation response
Incident response based on based on following events:
Response following events: Compromised Hosts detected,
Compromised Hosts Configuration Change,
detected Event Log,
Configuration Change High CPU,
Event Log License Expiry,
High CPU Email Alert,
License Expiry IP Ban, or the proposed system
Email Alert shall monitor and send email
IP Ban alerts for events such as
system threats, unknown
malware, traffic logs etc.

15 Device Minimum 800GB SSD Minimum 400GB SSD

Storage
16 Logs & Bidder has to propose on No Change.
Reporting premise dedicated
logging, analytics &
reporting solution from
same OEM (Virtual
/Physical Appliance) from
day1, the logging solution
to be deployed at Data
Center only.
In Case of Virtual
Appliance, bidder to
consider Required
computing / hardware
resource for the VM. The
firewall should support to
store all log of minimum
8months period on
external storage such as
NAS/SAN. The required
external storage (Hitachi
VSP E590H through) will
be provided by High Court
of M.P.
Required Features:
Page 153 of 174
 Should Deliver single-
pane visibility, also have
reporting facility to
generate reports on virus
detected over different
protocols, top sources for
viruses, destination for
viruses, top viruses etc.
Should have options to
generate Predefined or
customized Advance
reports in different
formats. The solution
should have configurable
options to schedule the
report generation. Log
retention customization by
category. Solution should
offer Centralized
NOC/SOC Visibility for the
Attack Surface. Bidder has
to include any additional
license for analytics/event
corelation from day1. The
solution should machine
learning capability to
detect the exploit and not
depend on the
vulnerabilities with trained
models and traffic
classifiers. The same
should be available on
public website to validate
the capabilities.
17 Installatio The bidder must migrate No Change.
n and the existing configuration
Migration and policies from the
SonicWall NSA6600
firewall to the new one
and provide six days of
training on the
configuration and
management of all key
security aspects to the
technical team of the High
Court of Madhya Pradesh,
Jabalpur

Page 154 of 174

 “Specifications – B”
Web Application Firewall with Server Load Balancer
S. Specifications s Revised after clarification Compliance
No. (Yes/No) with
Remarks (if
any)
Web Application Firewall with Server
Load Balancer
1 The proposed appliance should be a No Change.
dedicated ADC/WAF/SLB appliance
having DDoS protection, SSL inspection,
and real-time threat intelligence. it
should not be part of any Firewall or
UTM.
2 Traffic Ports support: 4 x 10 GE Fiber, Traffic Ports support:
4 x 1G GE Fiber and 4 x 1G Copper Port Minimum (4 x 1/10 G Fiber, 6 x
from day-1. Additionally should have 8 x 1G Port) or Minimum (8x1/10G)
1GE Fiber for future use (Break-Out from day-1 or higher or better.
should not be used). All transceivers All transceivers (SM) from day1.
(SM) from day1. Device L4 Throughput: 20
Device L4 Throughput: 20 Gbps and Gbps and scalable upto 40
scalable upto 40 Gbps Gbps
Layer 7 requests per second: Layer 7 requests per second:
1300,000 1300,000
Layer 4 connection per second: Layer 4 connection per
500,000 second: 500,000
Concurrent Connection: 38 Million Concurrent Connection: 38
RSA CPS(2K Key): 20,000 Million
ECC CPS (EC-P256): 12,000 with RSA CPS(2K Key): 20,000
TLS1.3 Support ECC CPS (EC-P256): 12,000
Processor: Intel 12-core CPU, 64GB with TLS1.3 Support
RAM, minimum 480GB SSD Disk and Processor: Intel 8-core CPU,
dual power supply. 64GB RAM, minimum 480GB
The appliance should have 1 x 1G RJ45 SSD Disk and dual power
Management Port and 1G RJ45 Console supply.
port. The appliance should have 1 x
1G RJ45 Management Port and
1G RJ45 Console port.
3 The solution must be able to protect both No Change.
HTTP Web applications, SSL (HTTPS)
web applications & Should support
HTTP/2
4 The solution must be able to decrypt No Change.
SSL web traffic between clients and web
servers.
5 Device must have Dynamic routing No Change.
protocols like OSPF, RIP1, RIP2, BGP
from Day 1

Page 155 of 174

6 The proposed The proposed
appliance should support the below appliance should support the
metrics: below metrics:
— Minimum Misses, — Minimum Misses,
— Hash, — Hash,
— Persistent Hash, — Persistent Hash or equivalent
— Tunable Hash, or better,
— Weighted Hash, — Tunable Hash or equivalent
— Least Connections, or better,
— Least Connections Per Service, — Weighted Hash or equivalent
— Round-Robin, or better,
— Response Time, — Least Connections,
— Bandwidth, etc — Least Connections Per
Service,
— Round-Robin,
— Response Time,
— Bandwidth, etc
7 Following Load Balancing Topologies Following Load Balancing
should be supported: Topologies should be
• Virtual Matrix Architecture supported:
• Client Network Address Translation • Virtual Matrix Architecture or
(Proxy IP) equivalent or better,
• Mapping Ports • Client Network Address
• Direct Server Return Translation (Proxy IP)or
• One Arm Topology Application equivalent or better,
• Direct Access Mode • Mapping Ports or equivalent or
• Assigning Multiple IP Addresses better,
• Immediate and Delayed Binding • Direct Server Return or
equivalent or better,
• One Arm Topology or
equivalent or better, Application
• Direct Access Mode or
equivalent or better,
• Assigning Multiple IP
Addresses or equivalent or
better,
• Immediate and Delayed
Binding or equivalent or better,
8 The proposed device should have The proposed device should
Hypervisor (should not use Open have Hypervisor (should not use
Source) Based Virtualization feature (NO Open Source) Based
Multi-Tenancy) that virtualizes the Virtualization feature (NO Multi-
Device resources—including CPU, Tenancy) or inbuilt support of
memory, network, and acceleration virtual domain that virtualizes
resources. It should NOT use Open the Device resources—including
Source/3rd party Network Functions. CPU, memory, network, and
The proposed appliance should have acceleration resources. It
capability to run in Virtualized as well as should NOT use Open
Standalone mode (Bidder may be asked Source/3rd party Network
to demonstrate this feature during Functions. The proposed
Technical Evaluation). Should be high appliance should have capability
Page 156 of 174
 performance purpose built next to run in Virtualized as well as
generation multi-tenant (min. 5 virtual Standalone mode (Bidder may
instances from Day 1 and scalable upto be asked to demonstrate this
10 Virtual Instances) hardware. Platform feature during Technical
must have multiple functions including Evaluation). Should be high
Advance application load balancing and performance purpose built next
global server load balancing, Network generation multi-tenant (min. 2
security functionality and complete virtual instances from Day 1 and
application protection functionality. scalable upto4 Virtual Instances)
Each Virtual Instance contains a hardware. Platform must have
complete and separated environment multiple functions including
of the Following: Advance application load
a) Resources, b) Configurations, c) balancing and global server load
Management, d) Operating System balancing, Network security
functionality and complete
application protection
functionality.
Each Virtual Instance contains
a complete and separated
environment of the Following:
a) Resources, b) Configurations,
c) Management, d) Operating
System
9 The proposed Hardware must have No Change.
Bandwidth Management feature from
Day 1
10 The solution should provide No Change.
comprehensive and reliable support for
high availability with Active- active &
active standby unit redundancy
mode using standard/ RFC
compliant redundancy protocol like
VRRP or equivalent, for HA
interconnection over network from day 1.
11 The solution should support IPv6 as well No Change.
as IPv4 and have the ability to turn IPv4
traffic to IPv6 traffic on the backend
12 The solution should have support for No Change.
multiple VLANs with tagging capability
13 The solution should support link No Change.
aggregation for bonding links to prevent
network interfaces from becoming a
single point of failure
14 Appliance should support Local No Change.
Application Switching, Server load
Balancing, HTTP, TCP Multiplexing,
Compression, Caching, TCP
Optimization, Filter-based Load
Balancing, Content-based Load
Balancing, Persistency, HTTP Content
Modifications
Page 157 of 174
15 Should have ability to No Change.
upgrade/downgrade device software
Images.
16 The device should support following No Change.
health check types:
• Link Health Checks • TCP Health
Checks • UDP Health Checks • ICMP
Health Checks • HTTP/S Health Checks
• TCP and UDP-based DNS Health
Checks • TFTP Health Check • SNMP
Health Check • FTP Server Health
Checks
• POP3 Server Health Checks • SMTP
Server Health Checks • IMAP Server
Health Checks • NNTP Server Health
Checks
• RADIUS Server Health Checks • SSL
HELLO Health Checks • WAP Gateway
Health Checks • LDAP/LDAPS Health
Checks
• Windows Terminal Server Health
Checks • ARP Health Checks • DHCP
Health Checks • RTSP Health Checks
• SIP Health Checks • Virtual Wire
Health Checks • DSSP Health Checks •
Script-Based Health Checks
• Cluster-based Health Checks
17 Device should be accessed through the No Change.
below:
• Using the CLI
• Using SNMP
• REST API
• Using the Web Based Management
18 The proposed Solution should have The proposed Solution should
ICSA Certified and PCI Compliant WAF have ISO /IEC 27001:2013/SOC
on the same Hardware from the same 2 Type 2 and PCI compliant
OEM. It must be able to handle OWASP WAF on the same Hardware
Top 10 attacks and WASC Web Security from the same OEM. It must be
Attack Classification. able to handle OWASP Top 10
attacks and WASC Web
Security Attack Classification.
19 WAF should have the flexibility to be WAF should have the flexibility
deployed in the following modes: to be deployed in the following
Reverse proxy modes:
Out of Path (OOP) Reverse proxy
20 Solution should dynamically understand No Change.
the Changes on the Web/Application
Server

Page 158 of 174

21 The Proposed WAF Solution should No Change.
support both a Positive Security Model
Approach (A positive security model
states what input and behavior is
allowed and everything else that
deviates from the positive security model
is alerted and/or blocked) and a
Negative Security Model (A negative
security model explicitly defines known
attack signatures). The solution must
support automatic updates to the
signature database to ensure complete
protection against the latest web
application threats
22 The WAF should support the following No Change.
escalation modes:
a) Active, b) Bypass, c) Passive
23 The solution must have a database of No Change.
signatures that are designed to detect
known problems and attacks on web
applications
24 Hiding Sensitive Content Parameters: No Change.
It should be able to Mask values of
sensitive parameters (for example,
passwords, credit card and social
security details)
25 Auto Policy Optimization Auto Policy Optimization
a • Known Types of Attack Protection - • Known Types of Attack
Rapid Mode Protection - Rapid Mode or
equivalent or better.
b • Zero Day Attack Blocking - Extended • Zero Day Attack Blocking -
Mode Extended Mode or equivalent or
better.
c • Working in Learn Mode • Working in Learn Mode
d • Auto Discovery • Auto Discovery
26 Following Threats should be No Change.
protected by the proposed WAF
solution:
a Parameters Tampering No Change.
b Cookie Poisoning No Change.
c SQL Injection No Change.
d Session Hijacking No Change.
e Web Services Manipulation No Change.
f Stealth Commands No Change.
g Debug Options No Change.
h Backdoor No Change.
f Manipulation of IT Infrastructure No Change.
Vulnerabilities
g 3rd Party Mis-configuration No Change.
Page 159 of 174
h Buffer Overflow Attacks No Change.
f Data Encoding No Change.
g Protocol Piggyback No Change.
h Cross-Site Scripting (XSS) No Change.
f Brute Force Attacks No Change.
g OS Command Injection No Change.
h Cross Site Request Forgery (CSRF) No Change.
g Information Leakage No Change.
h Path (directory) Traversal No Change.
f Predefined resource location No Change.
g Malicious file upload No Change.
h Directory Listing No Change.
27 The proposed WAF should support No Change.
the Activity Tracking, which should
include the following:
a Dynamic IP No Change.
b Anonymity No Change.
c Scraping No Change.
28 Device Fingerprint-based tracking No Change.
a The Proposed WAF should support No Change.
Device Fingerprint technology or
equivalent by involving various tools and
methodologies to gather IP agnostic
information about the source.
29 The proposed solution should have No Change.
Signature Update, Attacker Feed and
Geo Location database from day1.
30 Bidder should propose Centralized No Change.
Management & Reporting Solution from
Day 1.
31 The proposed appliance/software should The proposed
be EAL2 certified. appliance/software should be
EAL2/NDPP certified or better.
32 The appliance should support site No Change.
selection feature to provide global
load balancing features for disaster
recovery and site redundancy.
33 Global load balancing should support No Change.
advance functions Authoritative name
sever, DNS proxy/DNS NAT/ full DNS
server with DNSSec/DNS DDOS/
application load balancing from day one
with relevant Licenses.
34 Capable of handling complete Full DNS The Proposed Solution must
bind records including A, AAAA, etc. for have Global Server Load
IPv4/IPv6 Balancing and should be able to
host SRV Records, AAAA
Records, A , MX ,TXT ,SOA,
Page 160 of 174
 NS, Dmarcetc Records for
IPv4/IPv6and should also
support DNSSEC or equivalent
or better.
35 Should have a Web Vulnerability Should have integration with
Scanner feature to detect existing third party web Vulnerability
vulnerabilities like SQL Injection, Cross scanner or should have a Web
Site Scripting, Source code disclosure, Vulnerability Scanner feature to
OS Commanding in the web detect existing vulnerabilities like
applications. SQL Injection, Cross Site
Scripting, Source code
disclosure, OS Commanding in
the web applications.
36 Should enforce strict RFC compliance No Change.
check to prevent attacks such as
encoding attacks, buffer overflows and
other application specific attacks.
37 Appliance should have application‐aware No Change.
load‐balancing engine to distribute traffic
and route content across multiple web
servers.
38 The solution should have configurable No Change.
persistency features to maintain
sessions to the load balanced backend
servers
39 The solution should support a No Change.
connection draining mode in order to
allow maintenance of a protected server
without disrupting the client experience
with the application
40 Solution must have the API protection No Change.
and support Json , XML and Open API
41 Protection for REST APIs filters No Change.
malicious inputs in requests with JSON
payloads.
42 Data Analytics , Logs and Reporting No Change.
a Solution must have analytics No Change.
functionality which includes logical view /
tree view of virtual servers and
connectivity.
b Solution must have the various charts No Change.
static and dynamics for analytics
c Solution must have real time monitoring No Change.
views or dashboards
d Solution should support realty time No Change.
logging and reporting functionality
e Solution must have support to configure No Change.
SNMP
43 Integration No Change.
a Solution must support integrations like No Change.
Page 161 of 174
 SAP , Cloud platform and SIEM tools
b Solution must support REST API No Change.
c Solution should support virtual servers or No Change.
profiles, one for internal traffic and one
for external traffic. Configure load
balancing rules specific to each domain.
Internal traffic can be routed to internal
servers, and external traffic to public-
facing servers. Should have option to set
up separate monitoring and logging
profiles for internal and external traffic to
track performance and security
incidents.
d The solution should be scalable enough No Change.
to support future growth in traffic and
applications.
44 Support
a Application load balance with Application load balance with
functionality of Application delivery functionality of Application
features , Antivirus, IP Reputation, IPS, delivery features, IP Reputation,
WAF Security, Credential Stuffing WAF Security, Credential
Defense, Zero day prevention , DLP , Stuffing Defense, Zero day
Analytics ,Bot protection ,logs, High prevention, Analytics, Bot
Availability and reporting from day 1. protection, logs, High Availability
OEM should be present in India from at and reporting from day 1. OEM
least 5 years and Proposed solution should be present in India from
should support 24x7x365 OEM TAC at least 5 years and Proposed
support and advance Next Business Day solution should support
Hardware replacement. The proposed 24x7x365 OEM TAC support
equipments must come with 5 year and advance Next Business Day
warranty and onsite support. Installation, Hardware replacement. The
basic configuration (at least 2 domains), proposed equipments must
and six days of training on essential come with 5 year warranty and
aspects of the WAF/ADC for the IT team onsite support. Installation, basic
of the High Court of M.P., Jabalpur. The configuration (at least 2
WAF/ADC should support to store all log domains), and six days of
of minimum 8months period on external training on essential aspects of
storage such as NAS/SAN. The required the WAF/ADC for the IT team of
external storage (Hitachi VSP E590H the High Court of M.P.,
through) will be provided by High Court Jabalpur. The WAF/ADC should
of M.P. support to store all log of
minimum 8months period on
external storage such as
NAS/SAN. The required external
storage (Hitachi VSP E590H
through) will be provided by
High Court of M.P.

Page 162 of 174

45 New Clause: The proposed solution should
provide Behavioral DoS
(BADoS) capability to protect
against threat/attack by
analyzing traffic from day 1 or
better.

46 New Clause: Top 10 brands / OEM as per

latest IDC reports / Industry
Standards.

“Specifications – C”
Network Monitoring System
S. The proposed solution should be able to Revised after clarification. Complian
No. monitor the availability, health and The proposed solution ce
performance of physical servers, virtual should be able to monitor Yes / No
servers, web service (Apache), database the availability, health and with
service (MySQL & PGSQL), Network performance of physical Remarks
devices like routers, switches, end point servers, virtual servers, (if any)
devices like desktop, Kiosks, display web service (Apache),
boards, URL monitoring, other snmp database service (MySQL &
enabled devices like UPS and AC from PGSQL), Network devices
single dash board. like routers, switches,
Kiosks, display boards,
URL monitoring, other
snmp enabled devices like
UPS and AC from single
dash board.
Discovery
1 The solution should be able to do a complete No Change.
discovery of IT environment across
distributed (i.e., physical, virtual, network,
application, middleware, storage, databases)
and heterogeneous environment and provide
a clear and visual mapping of IT
infrastructure to business services. This
should be aided by 5000+ asset type
discovery signatures to detect the DC
comprehensively. System should have
option for multiple options for discovery
including IP address based discovery, IP
address range discovery, CSV based
discovery for bulk discovery.
2 The solution should automatically group The solution should
servers that work closely together based on automatically/manually group
analysis of communication between them servers that work closely
together based on analysis of
communication between them
or grouping criteria such as
tag and types between them.
Page 163 of 174
3 Discovery has to work intelligently by No Change.
identifying the device in the network by the
given IP range and categorize into network
devices and servers with vendor and model
details.
4 The solution should automatically build The solution should
visualizations that show dependency automatically build
between switches, routers, physical/virtual visualizations that show
host, Containers, storages, cluster software, dependency between
business applications and other entities. It switches, routers,
should also have the capability to detect physical/virtual host,
applications that span from Datacenter and Containers, storages, cluster
end in a public or a private cloud with software, business
interconnects between them. applications and other
entities.
5 The discovery data should be fully auditable No Change.
as to where it came from and what the
method to retrieve that data was.
6 The solution should show exactly how the No Change.
discovery data is obtained (i.e., Audit trail
and mechanism to validate the quality of
data discovered)
7 The Discovery solution should come with No Change.
real-time dashboards that collate and
present data that allows organizations to
make decision on consolidation, re-use of
infrastructure, detecting infrastructure that
has never been used etc.
8 The solution should be able to automatically The solution should be able
detect software’s that are end of support, to automatically/manually
end of extended support and end of life. With detect software’s that are end
respect to OS, it should detect End of of support, end of extended
support and End of life as well. On Security, support and end of life. With
It should be able to find the patches installed respect to OS, it should
on servers along with reports on vulnerable detect End of support and
ports. Lastly, it should integrate with a End of life as well. On
vulnerability management solution to detect Security, It should be able to
blind spots in security of nodes missed out in find the patches installed on
vulnerability management that are found to servers along with reports on
be active in discovery. vulnerable ports. Lastly, it
should integrate with a
vulnerability management
solution to detect blind spots
in security of nodes missed
out in vulnerability
management that are found
to be active in discovery.
9 The discovery solution should have the No change.
ability to capture and report on infrastructure
drift in datacenter.

Page 164 of 174

10 The solution should be able to do Virtual The solution should be able
systems discovery (including Microsoft to do Virtual systems
Hyper-V, vmware, etc.) Furthermore, it discovery (including Microsoft
should support discovery of modern day Hyper-V, vmware, etc.)
DevOps platforms such as containers such Furthermore, it should
as Docker, Runc, AIX WPARs and support discovery of modern
management solutions such as Kubernetes, day DevOps platforms such
Docker Swarm, Cloud Foundry and as containers such as
OpenShift. Docker, Runc, AIX WPARs
and management solutions
such as Kubernetes, Docker
Swarm, and Open Shift.
11 Discovers in-depth configuration data for Removed.
storage systems, pools, volumes, disks
drives, LUNS, File Systems
12 It should be possible to initiate complete No Change.
discovery of an application and connected
components from anywhere in the tree.
Therefore it should support top down, bottom
up and start anywhere discovery from any
node of the application.
13 The report of inventory of discovered devices No Change.
should be available to export in .csv format.
14 Automatically learn IP Networks and their No Change.
segments, LANs, hosts, switches, routers,
firewalls etc. and to establish the
connections and to correlate
15 Provides provision to draw & map user Provides provision to draw &
specific network diagram map user specific network
diagram OR The tool should
enable business users or
administrators to efficiently
design and modify the service
model (network diagram)
using templates
16 Integration and Development No Change.
17 Solution offers multiple integration methods The solution should offer
which can be used by customers for multiple integration methods
integrating their own systems. Integration for customers to integrate
should provide the option in both north as their own systems. Integration
well as south bound integration using should support both
multiple options like RestAPI, XML, SOAP, northbound and southbound
etc. on each module level. Any fault details communication using various
should be able to send to third party CRM, options, like REST API.
Customer Portal, UNMS or even EMS if
needed using the Trap, XML
18 Application monitoring No Change.
19 The solution should automatically provide No Change.
real-time view of processes running in
systems and in-depth application

Page 165 of 174

 performance statistics after
discovery/configuration of applications
20 The solution should automatically provide No Change.
real-time view of windows event logs
including the level of the event logs, event
ID, and source.
21 The solution should be able to put together No Change.
important parameters of an application, into
one single monitoring template that can be
uniformly applied to applications on different
servers, including
- Microsoft servers (e.g. Active Directory,
Exchange, SharePoint, and Office
Communications Server)
- Databases (e.g. Microsoft SQL Server,
PGSQL, MySQL etc.)
- Major application (e.g. ERP, CRM, etc.)
22 The solution should support monitoring The solution should support
various attributes(at least 50+) in Tomcat, monitoring various attributes
Web Sphere MQ, Apache HTTP, IIS, and in Tomcat, Web Sphere MQ,
WAS Apache HTTP, IIS, and WAS
23 The solution should support receiving events No Change.
from Web Methods, IBM HTTP server,
Apache Active MQ
24 The solution should have capability to No Change.
monitor HTTP service, HTTPS service, FTP
server statistics, POP/SMTP services, ICMP
services or any customer specific port based
systems
25 Network Monitoring No Change.
26 The solution should have network monitoring No Change.
data available in the same console where
every other information is available.
27 The solution should be able to capture No Change.
network log errors
28 The solution should be able to do flow No Change.
analysis
29 The solution should be able to track No Change.
connectivity between network endpoints and
display the delay between nodes
30 The solution should allow query of network No Change.
events and performance data
31 The solution should provide network path No Change.
monitoring
32 The solution should provide live network No Change.
topology view
33 The solution should also provide No Change.
configuration management on network
devices
34 Servers/System Monitoring No Change.
Page 166 of 174
35 The solution should allow monitoring of The solution should allow
Server Status and Availability, CPU monitoring of Server Status
Utilization, Memory Utilization, Process and Availability, CPU
Monitoring, File System Monitoring, Disk Utilization, Memory
Utilization of RHEL/Centos, SUSE, Ubuntu Utilization, Process
servers/Windows 2008, Monitoring, File System
2012,2016,2019,2022. Monitoring, Disk Utilization of
RHEL/Centos, SUSE, Ubuntu
servers/Windows
2016,2019,2022.
36 The solution should support extensive The solution should support
monitoring capabilities from an OS (Linux, extensive monitoring
Windows)/ platform standpoint and should capabilities from an OS
provide capabilities for customer to develop, (Linux, Windows)/ platform
deploy customized monitoring requirements standpoint and should
provide capabilities for
customer to deploy
customized monitoring
requirements
37 The solution should do performance No Change.
monitoring of Redhat Open Shift
VM/containers and VMware environments,
including VMware ESX /ESXi, vSphere,
vCenter Server.
38 The solution should be able to monitor No Change.
database from different aspects of the
system including SQL Statements (memory,
I/O , CPU intensive), wait types, server
resources, storage I/O`s, virtualization layer,
default users status , table spaces status and
threshold utilization , raise warning or critical
alerts where applicable.
39 The solution should be able to report on No Change.
hardware details (like CPU, memory, fan
state, power etc.) of servers from multi
vendors like IBM, HP, Cisco, Dell and also
VMware Hosts.
40 The solution should be able to gather The solution should be able
capacity data from vCenter, HMC, Physical to gather capacity data from
servers, etc. Generate report and provide vCenter, Physical servers,
recommendation. etc. and generate report for
analysis.
41 The solution should be able to monitor disk The vender can quote better
elements like RAID controllers, hard disks, solution.
RAIDs, failure prediction, availability of the
volumes.
42 The solution should be able to monitor No Change.
environment metrics like temperature,
internal voltages, power supplies, fans.

Page 167 of 174

43 The solution should be able to monitor No Change.
critical hardware components like
processors, memory modules, ECC errors,
failure prediction.
44 Storage Monitoring No Change.
45 The solution should be able to monitor No Change.
performance and capacity of physical and
virtual storage infrastructure
46 The solution should be able to provide real- Removed
time, in-depth performance statistics after
discovery/configuration of devices, including
but not limited to:
- Array performance
- Controller Performance
- LUN performance
- Disk performance
47 The solution should provide hardware health No Change.
information for the storage array.
48 The solution should show statistics like Total No Change.
IO/sec, service time, IO response time,
queue length etc.
49 The solution should show storage growth No Change.
rates and project when the storage capacity
will be reached
50 The solution should be able to analyze the No Change.
data coming from Dell EMC and Hitachi disk
arrays, including:
- Storage units, Extent pools, Ranks, Storage
volume.
- File Systems: Available and consumed
capacity, list of CIFS shared, list of NFS
exports, number of operations, data traffic,
and so on.
- Physical Disks: Disk time utilization,
number of operations, presence, traffic,
response time, status, and so on.
- Storage Pools: Subscribed and consumed
capacity, over subscription operation,
number of operations, data traffic, and so on.
- Storage Systems: Available and subscribed
capacity, number of operations, number of
ports, number of operations, data traffic,
status, and so on.
- Volumes: Consumed capacity, disk time
utilization, list of hosts, host visible capacity,
number of operations, paths, number of
operations, data traffic, response times,
status, time since last activity, and so on.
- Hardware components: fans, power
supplies.

Page 168 of 174

51 The solution should automatically map VMs No Change.
and logical connections to physical storage
environment to enable root-cause analysis
52 The solution should be able to monitor and No Change.
manage multi-vendor storage systems with
the same tool to detect performance issues
and take proactive actions,
53 Logging/Reporting/Alert/threshold No Change.
54 The proposed solution should support to No Change.
store all log of minimum 6 months period on
external storage such as NAS/SAN. The
required external storage (Hitachi VSP
E590H through) will be provided by High
Court of M.P.
55 Ensure logs are retained for at least six No Change.
months with options for longer retention
56 The system should allow for customizable No Change.
reports on performance, security events, and
compliance.
57 Capability to schedule automated report No Change.
generation and distribution via email or other
channels.
58 Provide real-time analysis and reporting No Change.
dashboards for immediate insights.
59 Enable real-time alerts for critical events, No Change.
with customizable thresholds and conditions.
60 Support for alerts via email, SMS, or other No Change.
communication channels.
61 Include options for escalating alerts based No Change.
on severity and response time.
62 System should support global threshold and No Change.
it should have option to define individual
resource/interface statistics level threshold
63 Detect & highlight faults (abnormal No Change.
situations) in near real-time occurring
anywhere within the monitored IT
Infrastructure
64 Provides Filtering, De-duplication, Holding, No Change.
Suppression and Correlation capability to let
user focus on the critical event that affects
the business and business processes
65 Provides multi-level (preferably six-level)Provides Severity definition,
Severity definition, will handle events will handle events
automatically and inform the designated automatically and inform the
person as per operational requirement designated person as per
operational requirement
66 System should support separate Rule The system should have built-
Engine based alarms apart from the generic in functionality to define rules
threshold. for alarms and monitoring,
a. Should have capability to configure including real-time network
Page 169 of 174
 Device Group based, Node Based, flow, traffic utilization, and
Resources/Interface based, and Aggregation protocol distribution. It should
link based. support threshold-based
b. On Selection of alarms and monitoring for the
Nodes/Resources/Aggregation links it have following components:
flexibility to filter based on fields available in
node information a) Disk utilization
c. Rules should have option to apply b) Bandwidth utilization
configuration on top of performance value or c) CPU utilization
based on configured threshold alarms d) Interface utilization.
d. Rules should have option configure the
breach based on min, max and average
values.
e. Should have option to configure rules n
repeat counters
f. Should have options to select custom
alarm and clear alarm messages for
individual configured rules
g. Should have option to send severity levels
like error, warning and information
h. Notifications support based on configured
rules
67 Provides alarm suppression with hold time No Change.
and aid in prevention of flooding
68 Supports instant diagnosis of the node status No Change.
through Ping, Telnet and SNMP walk
69 Other Features No Change.
70 Cover geographically distributed networks No Change.
through multi-level scalable distributed
deployment architecture.
71 The tool should have option to be deployed No Change.
in HA mode (High Availability) for
redundancy purpose.
72 Capacity Reservations: tool should allow Optional.
management of resource allocations and
reservations (for services, applications or
other needs), identify resource shortages
and provide information for further analysis
or procurement
73 Event Record & Classification: possible to No Change.
generate event for all the monitoring devices,
tool be used to define thresholds to generate
events, collect from 3rd party using REST
API , on regular interval Polling API and
collect events from 3rd party system, classify
them , assign different levels of severity to
events

Page 170 of 174

74 Configurations: create rules that Removed
automatically assign deadlines to events
based on their impact on services or on end-
users, create rules that perform automated
assignment of events to the corresponding
teams, create rules that control automated
notification of interested stakeholders about
events , automatically handling duplicate
events, provide event correlation capabilities
to combine a set of different events into one
major event
75 Monitors all traffic from all the interfaces of No Change.
the network device. Provides traffic
Utilization based on individual interface level,
nodes level or based on the group by
location, branch, departments etc. as an
Avg, Min and Max bandwidth, utilization,
throughput or any custom monitoring
parameters.
76 System should have capability to configure No Change.
business, non-business hours or custom
time polling. This configuration should be
available for every device as well as every
component in the device.
77 Provision to disable and enable the polling of No Change.
specific type of devices
78 System should have capability to configure No Change.
the maintenance period for any device.
When device is in maintenance period there
is no polling done and the SLA clock on the
device is stopped.
79 Provide a notification mechanism that allows No Change.
administrator to define what notification
channel to be used in different time of days,
and able to trigger multiple notifications to
alert multiple person and actions
80 System should provide many different types No Change.
of topology representation. To perform the
following:
1. Display physical connections of the
different devices being monitored in the
system.
2. Display flat maps of the entire network or
networks in a single view
3. Display customer maps based on user
configurations
4. Display maps based on geo locations
81 Licensing No Change.
82 Specify a base license for monitoring a No Change.
minimum of 500 devices /application (Any

Page 171 of 174

 kind of). Ensure the license is scalable up to
3,000 devices or applications without
requiring a complete reinstallation or new
licenses
83 Define costs for incremental license No Change.
additions (per 100 devices/application(any
kind))
84 The bidder must provide all necessary No Change.
hardware or compute resources required to
manage and operate the monitoring system
effectively, including servers, storage, and
networking components, as per the specified
scale of monitoring up to 3,000 devices or
applications.
85 Ensure the software includes a robust No Change.
license management tool to track and
manage licenses as the environment grows.
86 Consider options for transferring licenses No Change.
between devices or reallocating licenses as
needs change.
87 The bidder must provide all necessary No Change.
hardware or compute resources required to
manage and operate the proposed
monitoring system effectively, including
servers, storage, and networking
components, as per the specified scale of
monitoring up to 3,000 devices /application
(any kind) with required warranty/support.
88 The licenses should be perpetual with 05 The licenses should be On
years support/ updates/ upgrade. Prem Subscription with 05
years support and updates
/upgrade.
89 New Clause: The proposed NMS solution
must comply with recognized
security standards, including
ISO 27001:2013/ ISO 27034,
OR CIS (Center for Internet
Security) certifications, to
ensure robust security
management.

Note:-

1. The tentative overall project cost has been revised to Rs.

05 Crore. Hence, the EMD has been increased to Rs. 10
Lakh from previous Rs. 03 Lakh and condition 2.15.2 of
the tender document will change accordingly.

Page 172 of 174

2. The delivery and installation time is maximum 60 days to
complete the project from date of Letter of Acceptance /
Letter of Intent.
3. The specifications s mentioned in tender document are
minimum and the vendor may quote equivalent or higher
specifications s for the products as mentioned in the tender
document.
4. The total price of commercial bid inclusive of all taxes &
expenses for 05 (Five) years on-site maintenance & support
shall be taken as the basis for evaluation of commercial bids.
In case of any discrepancy in the tax factor, the basic product
price shall be taken in to consideration for finalization of bids.
5. The above clarifications are for all the prospective bidders for
their tender reference and necessary action.
6. All future correspondence / clarifications / addendum /
corrigendum shall be available on the website of the High
Court of Madhya Pradesh i.e. www.mphc.gov.in and
Government e-procurement portal www.mptenders.gov.in.
7. All the pages of the bids and Annexure’s are to be sealed and
signed by the authorized officers of the company / vendor.
8. All prospective bidders are requested to submit the bid with
all relevant documents in sequenced manner, without fail.
9. The vendor to provide appropriate number of transceivers
(fiber /copper) and fiber patch cords as per the number of
ports in the quoted device from day 1.
10. All fiber transceivers should be single mode. The vendor can
provide multimode transceivers in pair instead of single
mode.

Page 173 of 174

11. The decision of the High Court of Madhya Pradesh in
selection/finalization of firm/vendor shall be final and no
objection in this regard shall be entertained.
12. The last date for online tender submission is hereby
extended till 21st October, 2024 by 6:00 P.M., hard copy
submission is 22nd October, 2024 by 5:00 P.M. and
technical bid opening on 23rd October, 2024 at 11:30 A.M.

Sd/-
REGISTRAR GENERAL

Page 174 of 174