MPED-X-Routing-Tender20080721 - Madhya Pradesh State Excise
MPED-X-Routing-Tender20080721 - Madhya Pradesh State Excise
MPED-X-Routing-Tender20080721 - Madhya Pradesh State Excise
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Network Management<br />
Fire walling features<br />
support includes<br />
VPN Features support<br />
include -:<br />
Support for bi-directional NAT<br />
Split tunneling VPN support<br />
The firewall should support configurations through a command Line interface as<br />
well as a GUI based<br />
Support for cut-through proxy<br />
Support for NAT-T (NAT Transparency)<br />
Support for fix-up (to support fix-up protocols like H.323, SIP, FTP etc)<br />
The firewall must support FTP or TFTP for easy software upgrades over the<br />
network.<br />
Dedicated Out-of-Band Management Interface<br />
Network management services should be provided using standards based<br />
protocols like SNMP & SNMP V2<br />
The following MIB’s should be supported:<br />
SNMP get, SNMP trap, MIB II, Firewall MIB, Syslog MIB<br />
Real time alerting & notification features and Syslog support<br />
Application/Protocol Inspection Engines:<br />
L2 transparent firewalling<br />
Advanced HTTP Inspection Engine<br />
Method Policing for HTTP methods defined in the RFC as well as extension<br />
methods.<br />
Port 80 Misuse detection<br />
ESMTP Inspection Engine<br />
GTP/GPRS Inspection Engine<br />
NAT and PAT support for MGCP Inspection Engine<br />
NAT support for RTSP Inspection Engine<br />
H.323 Inspection Engine enhancements (T.38 and GKRCS)<br />
FTP Inspection Engine with command filtering support (GET, PUT etc.)<br />
<strong>State</strong>ful ICMP Inspection Engine<br />
Sun RPC TCP Inspection Engine<br />
NIS+ Inspection Engine<br />
TCP stream reassembly for Inspection Engines<br />
All inspection engines have the ability to be enabled or disabled via configuration<br />
Ability to configure inspection engines on an interface, network, or host basis<br />
Outbound ACLs<br />
Time-based ACLs<br />
Configuring NAT policy will not be required to pass traffic through the device. NAT<br />
no longer a prerequisite for firewalling<br />
Option to pass traffic between interfaces with the same security level<br />
URL filtering performance enhancements<br />
Are You There (AYT) support<br />
TCP based NAT transparency<br />
VPN Hub, client-to-client routing; traffic u-turn on interface<br />
Block VPN clients by OS and type<br />
Support for Diffie Hellman Group 7 (ECC) and Movian VPN Client<br />
OSPF routing and QoS over VPN tunnels<br />
IKE DoS safeguards (Aggressive Mode knob)<br />
Support for n-tiered X.509 certificate chaining<br />
Manual X.509 certificate enrollment (PKCS 10/7 support)<br />
59