ZA Open Tender No: DB/022/OT/2020/21 Bidding Document For Lot I Supply and Implementation of Next Generation Firewall “Let’s Keep Our Social Distance and Protect Ourselves, Family and the Society from Corona Virus” November 2020 Addis Ababa, EthiopiaINSTRUCTION TO BIDDERS 1. All bidders shall be required to submit Copy of renewed Trade License, VAT Registration Certificate and TIN Certificate along with their bid documents. 2. Birr 130,000.00 (One Hundred Thirty Thousand only)for Lot I, shall be presented as a bid security in the form of Bank Guarantee or cashier's payment order (CPO) at least valid for 118 days upon submission of offer. 3. Payment shall be made in currency of the contract in the following manner: () Advance Payment: Thirty (30) percent of the Contract Price shall be paid within Fifteen (15) days of signing of the Contract, and upon submission of payment request and furnishing unconditional & irrevocable Bank guarantee for equivalent amount valid until the Goods are delivered. (i) On Inspection, test & Acceptance: Seventy (70) percent of the contract price of goods & full implementation of the project shall be paid within thirty (30) days of presentation of claim supported by a certificate from the Bank declaring that the Goods have been delivered and that all other contracted Services have been performed. 4. The Warranty validity period shall remain valid for minimum of 3 years after the delivery of the items, initialization test, and give support within the warranty period of with the manufacturer warranty, or any portion thereof as the case may be, have delivered to and accepted at the final destination. 5. The Supplier warrants that all the Goods are new, unused, and of the most recent or current models, and that they incorporate all recent improvements in design and materials, unless provided otherwise in the Contract. the Supplier further warrants that the Goods shall be free from defects arising from any act or omission of the ‘Supplier or arising from design, materials, and workmanship, under normal use in the conditions prevailing in the country of final destination, The Bank shall give notice to the Supplier stating the nature of any such defects together with all available evidence thereof, promptly following the discovery thereof. The Bank shall afford all reasonable opportunity for the Supplier to inspect such defects. Upon receipt of such notice, the Supplier shall, expeditiously repair or replace the defective Goods or parts thereof, at no cost to the Bank. If having been notified, the Supplier fails to remedy the defect within the period specified in the Contract; the Bank may proceed to tal f he es in a reasonable period such remedial action asmay be necessary, at the Supplier's risk and expense and without prejudice to any other rights which the Bank may have against the Supplier under the Contract. 6. Bidders shall mention the Offer Validity date and it must not be less than Three months (90 Days) and also the bid security validity period shall be 118 days starts from the date of Bid submission deadline. The Bank may request Bidders to extend the period of validity of their Bids. The request and the responses shall be made in writing. 7. Price should be Delivered Duty Paid (DDP) in Ethiopian Birr including VAT and other applicable Local taxes. 8. A prospective BIDDER requiring any clarification of the bidding documents may request a clarification on any of parts of the bidding document up to Seven Days before the dead-line for submission of the bid(s). Any request for clarification with respect to this RFP, the bidder must be sent via e-mail - https://bids.extratenders.com /bids-shop/dashen. 9, At any time prior to the deadline for submission of Bids, the Bank may amend the bidding document by issuing addenda. Any addendum issued shall be part of the bidding document and shall be communicated in writing to all who have obtained the bidding document from the Dashen Bank in accordance with ITB. 10.The Bid shall comprise two Parts, namely the Technical Part and the Financial Part ‘These two Parts shall be submitted simultaneously in two separate sealed envelopes (two-envelope Bidding process) within one outer envelope. One envelope shall contain only information relating to the Technical Part and the other, only information relating to the Financial Part. At the same time, the required bid security shall be submitted together with the separate technical proposal. 11.The sealed bid document offered shall be placed in the box prepared for this purpose on or before December 14, 2020 at 5:00 PM After noon at Dashen Bank S.Co, Supply Chain Management Department, Dashen Bank New Head Quarter Building 14" floor in front of National Bank of Ethiopia. For more information, you may contact through Tel: +251 15 -18-03-56/ ext 4107/3038, through e-mail address - https://bids.extratenders.com/bids-shop/dashe: 12.Bid opening shall be conducted without physical attendance of bidder(s) or legal representative(s) due to the current pandemic COVID-19. The Procurement Committee of the Bank shall open the bid transparently at the avenue of Dashen Bank, 14th floor Supply Chain Management Department, meeting hall at December 15, 2020, and 9:30AM morning.13.Bidders are required to attach the following along with their offers(s) , «Renewed & Valid Manufacturer Authorization Letter (MAF) for their product(s) * Proof of documentary evidence of past experience in contracts to similar magnitude. * Technical Compliance to required Specifications * Bidder must be local partner for the product and provides the local partner certificate. « A-written confirmation that he/she understands the terms and condition stated in bidding documents. « Alleligibility criteria stated within the bidding document. 14.The bid evaluation result shall be communicated in written form to all bidders after completion of the bid evaluation process. 15.The winner shall present 10% of the total awarded amount as a performance bond guarantee in the form of casher’s payment order (CPO) or Bank guarantee valid at least for Six months (180 days } after contract signing, 16.Winner shall enter into a contractual agreement with Dashen Bank for the supply of awarded items 17.The winner must be delivering the awarded items to Bank’s warehouse. 18.The winner is required to submit an equivalent advance payment guarantee bond for any advance payment request. 19.The prices quoted by the Bidder shall not be subject to adjustment during the performance of the Contract (Fixed Price Contract). 20.Bid security for the winner will be returned upon submission of performance bond guarantee. 21.Bids prepared by prospective bidders and all correspondence including documents relating to the bids exchanged by the bidders and Dashen Bank must be written in English. 22. Security for the second and third lowest evaluated bidders will be returned after the winner submits performance Bond Guarantee. 23. Bid security may be forfeited, > Ifa bidder withdraws its bid during the period of bid validity period specified on No. 6. > Ifthe successful bidder fails to furnish the performance bond as indicated on No.14. > Ifthe successful bidder fails to sign contract as indicated on the No.1524.Bid security will be returned to all unsuccessful bidders after signing contract with the winner. 25.Failure to comply with any of the conditions stated above shall result in automatic rejection. 26. The Bank reserves the right to accept or reject the bid partially or fully at any time. 27. The bidder is expected to go through all the instructions, terms, forms and specifications of this bidding document. 28.The invitation to bid which has been published on the widely circulated magazine of Reporter and fortune dated November 29, 2020 is not part of this governing bidding document. Any information inconsistency between the former and the later shall get prevailed by the later one.Technical Specificationeed Request for Proposal (RFP) For Supply and Implementation of Next Generation Firewall + August 29, 2020 Addis AbabaTable of Contents 1 Objective. Scope of Work. 3. Technical Requirement 4 Responsibility of the Bidder 5 Instruction to Bidders (ItB) 5.3 Clarification of Bidding Document. 5.4 Clarification of Bids... 5.4.1 Amendment of Bidding Document 5.4.2 Documents Comprising the Bid. 5.4.3 Documents Establishing Bidders Eligibility and Qualification. 5.4.4 Possibility for a Joint venture Tender or Sub Contracting. 6 Special Terms and Condition: 7 Evaluation Criteria 7.1 Eligibility Assessment... 7.2 Technical Evaluation Criteri:1 Objective The objective of this RFP is to solicit competitive proposals for supply, implement and integration of redundant Highly Available Next Generation Firewall at Dashen Bank Data Center to protect current and future security risks. 2. Scope of Work The scope of this work is supplying, implementation and testing and training experts on Next Generation Firewall at Dashen Bank, Bole Tower Data Center. Supply, redundant Next Generation perimeter firewall at premises of Dashen Bank Datacenter. * Supply and implement Management solution for Firewall management and ‘Analytics. + Optimize existing security policies to be translated to the new solution. * Bidders should provide a list of the printed documentation provided for installation, operation, use, and administration of the whole solution. Bidders should configure the features and requirements listed in this RFP according to the environment of the bank and needs of the security that will arise during the implementation period. 3 Technical Requirement The following table shows the technical requirements the bidder must fulfill.Pm er Cerne as 5 Loomer Commies 1 | Brand Shall be specified 2_| Model Shall be specified 3__ | Quantity 2 4 [Interfaces — Console Port - USB Port 1 Management Ports | 2x 1GE R/S RJ45 Ports 16x 1GE SEP Slots 6x10 GE with SFP included 5 | Network Operating | Shall be specified System 6 | Onboard Storage 480GB SSD 7__| Networking Features | L2, L3, Tap, Virtual B Routing ‘© OSPF2/3, BGP, RIP, 7 ‘* Policy based forwarding * PPPoE © Multicast «Bidirectional Forwarding 9 | VLAN © 802.10 :4094 10 | General Requirements | The System must at least, and Features Visionary in 2019 Gartner Magic Quadrant identify and secure users and devices in real-time, on and off of the network secure, accelerate, and unifies the network and user experience deception-based security Control thousands of applications Automatically prevent, detect, and mitigate advanced attacks within minutes with an integrated Al- driven security and advanced threat protection Improve and unify the user experience with innovative SD- WAN capabilities with the ability to detect, contain, and isolate threats" with automated segmentation Utilize hardware acceleration to boost network security performance. Consolidated platform with a single OS and pane-of-glass for across the entire digital attack surface. web filtering, URL Filtering Antivirus Security and |Proactively blocks unknown’ sophisticated attacks in real time using continuous threat intelligence Predefined compliance checklists Protect against Malware, exploits and malicious web site in both in both encrypted and non- encrypted traffic. Support application aware Capabilities. Built in advanced routing Capabilities with high performance encrypted IPsec tunnels. Segmentation that adopts to any network topology, delivering end to end security from branch level to data centers. Reduce security risk by improving network visibility from fabric components Deliver defense in-depth security powered by high performance layer 7 inspection and remediation. Protect critical _ business applications & help to implement any compliance requirement without network redesign. Full visibility into users, devices & applications across the entire attack surface and consistent security policy enforcement irrespective of asset location. Protect against network exploitable, vulnerabilities with industry validated IPS security effectiveness, low latency and optimize network performance. Automatically block threats on decrypted traffic using industries highest. SSL inspection performance including TLS 1.3 standard. 4G and 5G security for users and data The Firewall should be Hardware based, Reliable, purpose-built security appliance with —_—hardened operating system that eliminates the security risks associated with general-purpose operating stems. should support OEM license for ogGate Way Antivirus, IPS, Web filter, application "filtering, spyware, botnet, content and application filtering, Sandboxing/ATP (Advanced Threat Protection), reporting and support, Upgrades and hardware support License. © The Proposed solution should be integrated with existing SEIM (IBM QRADAR) * The Bank is planning _ to Implement SOC and NOC site, The Proposed solution should. be capable to synchronize critical security event to the NOC and SOC sites. 1 NAT TPV4(Static, dynamic, PAT) 2} Detailed performance a ind Features Next Generation ‘9Gbps Firewall-NGFW Concurrent Session | 20 Million TPS: TL5 Gbps Firewall Latency (64 | 2 us bytes, UDP) 13 _| Capabilities TPv4 Firewall | 90 Gbps Throughput (1518 | byte, UDP) | Firewall Throughput | 90 Mpps (Packet per Second) _| Concurrent Sessions | 20 Million (TCP) new Sessions/Second | 500,000 (TCP) Firewall Policies 100,000 IPsec VPN 65 Gbps ‘Throughput (512 | byte) Gateway-to-Gateway | 20,000 IPsec VPN Tunnels _| Client-to-Gateway 7 100,000 IPsec VPN Tunnels SSL-VPN Throughput _| 6 Gbps Concurrent SSL-VPN | 30,000 Users High availability Active-Active SSL Inspection 9.0 Gbps ‘Throughput ‘Application Control _| 20 Gbps Throughput NGFW Throughput | 9, CBRL ey } d = 2 Py ASHEN?Threat Protection 5.4 Gbps Throughput Virtual Domains 1000 Maximum Number of | 4,096 72048 apps (Total / Tunnel) Maximum Number of | 20,000 Tokens ‘maximum Number of | 8,000 Registered Endpoint 14 | Power Supply AC T00-240V AC, 50-60 Hz Maximum Current | Shall be specified Power Consumption | Shall be specified (Average / Maximum) Heat Dissipation Shall be specified Redundant Power yes, Hot swappable Supplies Fans Minimum three built-in fans 15 | Form Factor 2U Rack Mountable 16 _| Dimensions Shall be specified 17_| Weight Shall be specified 18 | Operating 0-40°C ‘Temperature 19 | Storage Temperature | 35-70°C 20 | Humidity 20-90% non-condensing 21 | Compliance FCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CB [22 | Certifications ICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN [23 | Technical Support and | Industry Standard Service for Servicing type Hardware and software [24 Training on Firewall | Training outside or Local for six /6/ | Managementand —_| staffs on Configuration, Deployment configuration | and Testing. [25 | License Package [Minimum 1 year [26 | Accessories | Full package accessories (console, Power cord and SFP should be included 27__| Warranty [Minimum T year 28 _ | Firewall Management Appliance spec 28.1 | Quantity iE [28.2 | Devices/VDOMs 7100 [283 | Total Interfaces 4x GE RJ45, 2.x SFP [284 | Sustained LogRates | 1GB/Day 28.5 | Storage Capacity T6TB (4x4 TB) 28.6 | Usable Storage (after | 8TB RAID) 28.7 [Default RAID Level | 10 28.8 | Hardware FormFactor 28.9 | Console Port RyaS 26.10] Removable Hard yes Drives 28.11] Redundant Hot Swap | yes Power Supplies 28.12| Chassis Management _| yes [ 28.13] Dimensions Shall be specified 28.14] AC Power Supply (00-240V AC, 50-60 Ha 28.15] Operating 0-40°C Temperature 28.16 Storage Temperature | -35-70°C 28.17| Safety Certifications | FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CB 26.18) Technical support and | Shall be specified services 28.19] Warranty Minimum 3 year 28.20] Accessories Full package accessories (console, Power cord and SFP should be included ) # Responsibility of the Bidder 4.1 The Bidder has to supply, install, integrate, migrate and commission the Firewall solution at ashen Bank data center. 4,2 The Bidder shall configure, Implement, and tune the Firewall Appliances at Dashen Bank until the technical requirements are satisfied and all valid requirements that could emerge during the implementation phase are addressed properly. 5 Instruction to Bidders (ItB) 5.1 General a) The BANK will reject a proposal for award if it determines that the BIDDER recommended for award has engaged in corrupt or fraudulent practice in competing for the contract in question. b) The BIDDER is expected to examine carefully all instructions, conditions, forms, terms etc. In the bidding document failure to furnish all information required or submission of a bid not substantially responsible to the requirements of the bidding documents will be at the Bidder’s risk and may result in the rejection of its bid. ©) The time allowed to complete the project should not exceed three (3) months period of time. 5.2 Cost of Bidding ‘The BIDDER shall bear all costs associated with the preparation and submission of its bid, and the BANK will in no case be responsible or liable for those costs, regardless of the outcome of the bidding process. 5.3 Clarification of Bidding Document A prospective BIDDER requiring any clarification of the bidding documents may request a clarification on any of the RFP documents up to 5 working days (one week) before the deadline for submission of the proposal. Any request for clarification must be sent by s the bank's official email address or fax or in person.5.4 Clarification of Bids During evaluation of the Bids, the Bank, at its discretion, may ask the Bidder for clarification of its Bid. The request for clarification and the response shall be in writing, and no change in the prices or substance of the Bid shall be sought, offered, oF permitted. 5.4.1 Amendment of Bidding Document a) Atany time before the deadline for the submission of the proposal, the BANK may, for any reason, whether on its own initiative or in response to the clarification requested by a BIDDER, modify the bidding documents by amendments. b) Any amendment or a clarification shall be issued in writing through addenda to all prospective BIDDERS. Addenda shall be sent by e-mail, or fax to all bidders participated in this bid. ©) In order to provide prospective BIDDERS reasonable time in which to take the amendment into account in preparing their bids, the BANK may, at its discretion, extend the deadline for the submission of bids. 5.4.2 Documents Comprising the Bid ‘The bid to be submitted by the BIDDER shall comprise the following components: a)’ Technical proposal responding to all the bank’s requirements. The Technical Proposal shall, at a minimum provide the following informatio ¥. Professional fee must be mentioned on the financial document ¥. Provide inter firewall High availability (HA) solution. ¥ The two/2/ firewalls must be managed using the requested management solution. ¥ The management solution must be implemented, configured by bidders without any extra cost. Y Provide CV's recently signed by each of the proposed team members and the authorized representative submitting the proposal. Key information should include number of years working for the BIDDER/firm and degree of responsibility held in various assignments as well as experience in the delivery ofa similar solution. Y Provide copy of registration certificate by the __ responsible government/accredited organ and currently renewed business license. ¥ The Technical proposal should not include financial information in a separate document. Y The Technical proposal should confirm that it will meet or comply with all the technical as well as functional requirements. The technical proposal shall not include any financial information, A Technical Proposal containing financial information shall be declared non-responsive. b) Financial proposal should include alll costs related to the delivery of the solution including professional fees and SLA costs for the proposed time period 5.4.3 Documents Establishing Bidders Eligibility and Qualification ¥ BIDDERS should provide statements outlining the reasons that they feel they have the technical capability to carry out the contract. V BIDDERS should provide references of successful performance of assignment of similar and/or same nature and magnitude from relevant previous clients. 5.4.4 Possibility for a Joint venture Tender or Subcontracting Legally registered vendors may associate to enhance their qualifications. In such cases, there shall be one main vendor for the assignment. The main vendor may make use of sub-vendors for completion of a part of the assignment, which demands specialized knowledge. The main vendor, however, will remain liable to the entireproject with reference to the whole contract. The main vendor shall submit a letter of association signed by the sub-vendor, confirming the commitment of the sub- vendor to the assignment. 6 Special Terms and Conditions 6.1 Delivery Period: The delivery should be made within 3-4 Months from the date of receipt of purchase order. 6.2 Warranty: The entire item supplied by the vendor shall be guaranteed against any defects and the vendor should provide time-to-time operational maintenance support (On Site comprehensive Warranty). The said warranty should cover all the Hardware & Software Products. The warranty and service shall be provided directly from the manufacturer. The vendor shall be liable to rectify any defects that may be found in the equipment supplied at free of cost. 6.3 Installation and Configuration: The installation and Configuration should be done at Dashen Bank SC Bole Tower Data Center without incurring additional cost. 6.4 Response Time: The response time of the vendor to attend to any complaint upon receipt of the complaint/information from the user should not be more than 24 hours. 6.5 Dashen Bank S.c Reserves the right to cancel the contract under repeated violations of the specified and mutually agreed QoS parameters. 6.6 Dashen Bank Sc. is not responsible for any delay in delivery of equipment. 6.7 The items must be delivered and installed at the required locations at your own risk and cost. 6.8 Any Proposal or Bid received after Bid submission date and time will not be entertained/ considered. 6.9 The Successful vendor has to provide training for installation and configuration for the items supplied by them to the 5/5/ staffs involved in the project 7 Evaluation Criteria The contract will be awarded to best quality and economically most favorable proposal. The evaluation shall use the following criteria to determine the best proposal:~ 7:1 Eligibility Assessment en SN Joint Venture Must be partner of Technology | Must meet Existing or intended Joint providers requirement —_| Venture must meet requirement Must Have MAF for all Must meet Existing or intended Joint Hardware Supplies requirement —_| Venture must meet requirement Valid joint venture agreement, | Must meet Existing and intended Joint in case of a joint venture requirement —_| Venture must meet requirement 7.2 Technical Evaluation Criteria Detailed technical evaluation will be done for firms/bidders who qualify the eligibility criterion mentioned above. The eligible firms/bidders may be asked to give presentation of proposal on power point (soft copy}/ proof of concept on their solution. The technical criteria and maximum number of points to be given under each are: eye) Implementation Experience (Successfully completed) 10 Meeting the requirements and maturity of proposed | 40 | | technical implementationDocumentation 10 * Technical assistance and detail administration Manual * Detail Deployment and —_ implementation documentation Technical presentation Proposed Training arrangement i0 Financial 30 Total Points 100 The minimum technical score required to pass is 60%. The BANK will evaluate the compliance criteria using the following scoring scale: 10 | Excellent Exceeds the requirements of the criteria significantly an beneficial ways/very desirable 9 Very Good Exceeds the requirements of the criteria in ways which are beneficial to our needs 7-8 | Good Fully meets the requirement of the criteria 5-6 | Average ‘Adequately meets most of the requirements of the criteria. May be lacking in some areas that are not critical. 3-4_| Poor ‘Addresses all of the requirements of the criterion to the minimum acceptable level. 1-2 | Very poor Minimally addresses some, but not all, of the requirements of the criteria or lacking in critical areas. | Unsatisfactory | Does not satisfy the requirements of the criteria in any manner |