The contractor shall provide Palo Alto PA-455 IPS or compatible to US Embassy Tbilisi WRAIR office. The contract type will be a fixed price contract. The price listed below shall door-to-door transportation cost to US Embassy Tbilisi, 29 Georgian American Friendship Ave. Tbilisi 0131, Georgia. .
Minimum Essential Characteristic (MEC) for Palo Alto PA-455 IPS or Compatible
Hardware specifications
- 1G SFP/RJ45 combo (2), 1G RJ45 (2), 1G RJ45/PoE (4)
- Management port 10/100/1000 out-of-band management port (1), RJ45 console port (1), USB port (2), Micro USB console port (1)
- Storage Capacity 128 GB eMMC
- Trusted Platform Module (TPM) Integrated with TPM for secure boot, hardware root of trust, and securing system secrets.
- Power Over Ethernet (PoE) PoE 1G RJ45 ports (4) Total PoE Budget: 91 W Maximum loading on a single port: 60 W
- Average Power Consumption: 32.6 W, Max Power Consumption: 41.3W
- Max BTU/hr:205
- Input Voltage (Input Frequency): 100-240 VAC (50–60 Hz)
- Max Current Consumption: 5 A @ 12 VDC
- Max Inrush Current: 4.4 A
- Dimensions: 1.7" H x 9.4" D x 15.4" W
Performance and Capacities
- Firewall throughput 3.3 Gbps
- Threat Prevention throughput 2.1 Gbps
- IPsec VPN throughput 1.7 Gbps
- Max concurrent sessions 300,000
- New sessions per second 48,000
- Virtual systems (base/max) 1/5
Networking Features
- Interface Modes: L2, L3, tap, virtual wire (transparent mode)
- Routing: OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP, static routing, Policy-based forwarding, Point-to-Point Protocol over Ethernet (PPPoE), Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
- SD-WAN: Path quality measurement (jitter, packet loss, latency), Initial path selection (PBF), Dynamic path change
- IPv6: IPv6 L2, L3, tap, virtual wire (transparent mode), ) Features: App-ID, User-ID, Content-ID, Wildfire, and SSL decryption, SLAAC
- IPsec VPN: Key exchange: manual key, IKEv1 and IKEv2 (pre-shared key, certificate-based authentication), Encryption: 3des, AES (128-bit, 192-bit, 256-bit), Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
- VLANS: 802.1Q VLAN tags per device/per interface: 4,094/4,094, Aggregate interfaces (802.3ad), LACP
Security and Connectivity Features
- Embeds machine learning (ML) in the core of the firewall to provide inline signatureless attack prevention for file-based attacks while identifying and immediately stopping never-before-seen phishing attempts.
- Leverages cloud-based ML processes to push zero-delay signatures and instructions back to the NGFW.
- Uses behavioral analysis to detect internet of things (IoT) devices and make policy recommendations; is a cloud-delivered and natively integrated service on the NGFW.
- Automates policy recommendations that save time and reduce the chance of human error.
- Identifies and Categorizes All Applications, on All Ports, All the Time, with Full Layer 7 Inspection
- Enforces Security for User Devices Anywhere While Adapting Policies Based on User Activity
- Prevents Malicious Activity Concealed in Encrypted Traffic
- Offers Centralized Management and Visibility
- Offers AI-Powered Unified Management and Operations with Strata Cloud Manager
- Cloud-Delivered Security Services Powered by Precision AI:
- Service:
-
-
- Advanced Threat Prevention: Stop known and unknown exploits, malware, spyware, and command-and-control (C2) threats, including 60% more injection attacks and 48% more highly evasive C2 traffic than traditional IPS solutions with industry-first zero-day attack prevention
- Advanced Wildfire: Ensure safe access to files with the industry’s largest malware prevention engine, stopping up to 22% more unknown malware and turning detection into prevention 180X faster than competitors.
- Advanced URL Filtering: Ensure safe access to the web and prevent 40% more threats in real time than traditional filtering databases with industry-first prevention of known and unknown phishing attacks, stopping up to 88% of malicious URLs at least 48 hours before competitors.
- Advanced DNS Security: Protect your DNS traffic and stop advanced DNS-layer threats, including DNS hijacking, all in real time with 2X more DNS-layer threat coverage than competitors
- Next-Generation CASB: Discover and control all SaaS consumption in your network with visibility into 60,000+ SaaS apps and protect your data with 28+ API integrations.
- IoT Security: Secure your blind spots and protect every connected device unique to your vertical with the industry’s most comprehensive Zero Trust solution for IoT devices, discovering 90% of devices within 48 hours.
- Delivering a Unique Approach to Packet Processing with Single-Pass Architecture
- Enables SD-WAN Functionality