SLED Opportunity · IOWA · CITY OF CEDAR RAPIDS
AI Summary
The City of Cedar Rapids seeks proposals for a firewall upgrade and implementation service integrating with existing infrastructure. The solution must support high availability, TLS decryption, and VMware integration. Proposals are due January 30, 2026, submitted electronically via the City's procurement portal.
Notice of Request for Proposal Notice is hereby given that sealed proposals will be received electronically before 3:00 p.m. CST on Friday, January 30, 2026, for a firewall solution for upgrade and implementation that can be integrated with the City's existing and planned infrastructure, as requested by the City of Cedar Rapids Information Technology Department. The City will only accept proposals submitted through the City’s Online E-Procurement portal system (Euna Procurement, powered by IonWave). Email, fax or hard copy Submittals are not acceptable. Suppliers are solely responsible for correctly submitting their response into the electronic system (Euna Procurement, powered by IonWave). The City bears no responsibility for delays or errors in submittal of response by the Supplier. Proposals will be opened on Friday, January 30, 2026, at 3:00 p.m. CST (our clock). Proposals will be evaluated promptly after opening. After an award is made, a proposal summary will be sent to all companies who submitted a proposal. Proposal results will not be given over the telephone or prior to award. Proposals may be withdrawn any time prior to the scheduled closing time for receipt of proposals; no proposal may be modified or withdrawn for a period of sixty (60) calendar days thereafter. --- Q&A --- Q1: Can you describe the redundancy present in the L3 architecture of the internal switches? Is there geographic redundancy for the L3 switches inside the main firewalls? A1: The City’s internal Layer 3 architecture provides redundancy and high availability, and geographic diversity is incorporated into the design. Detailed topology specifics will be addressed during discovery with the awarded vendor. Submitted: 1/16/2026 11:50:29 AM (CT) Q2: Can you specify from the architecture diagram how the campuses are connected? A2: All campuses are connected via fiber as part of the City’s network architecture. Detailed connectivity specifics and topology will be addressed during discovery with the awarded vendor. Submitted: 1/16/2026 11:39:57 AM (CT) Q3: Do you have a current hypervisor and if so, what is it? A3: VMware. Submitted: 1/16/2026 11:29:31 AM (CT) Q4: Can you clarify how many total firewalls are needed and of those, which are HA pairs, and which are standalone? A4: The City has requested a high-availability firewall solution distributed across three locations. The exact deployment model—whether a single firewall at each location or an HA pair at each—is at the discretion of the vendor, provided the proposed design meets the RFP’s requirements for redundancy, performance, and security. Detailed implementation specifics will be finalized during discovery with the awarded vendor. Submitted: 1/16/2026 11:27:41 AM (CT) Q5: In Attachment A high level topology document, there is a reference to TLS break-inspect in the DC/Edge use case. If TLS decryption is a requirement, do you know approximately what percentage of traffic will need to be decrypted and which firewalls will need to support this feature? A5: TLS decryption is required on the edge/DC firewalls with ISP connectivity. The City does not maintain a fixed percentage of traffic to be decrypted; in practice, the majority of Internet traffic is TLS and inspection will be enabled for most outbound/inbound use cases, with policy‑based exceptions (e.g., privacy/regulated apps, mutual‑TLS, certificate‑pinned services). Vendors should size and propose platforms that meet current needs with decryption enabled, and provide published throughput/latency figures with all core NGFW features active (TLS decryption, IPS, URL filtering, anti‑malware). Exact decryption coverage and exceptions will be finalized during discovery with the awarded vendor. Please include in proposals: Throughput with decryption ON vs. OFF, and headroom assumptions. Supported decryption modes (forward proxy for outbound, inbound SSL/TLS for public services). Handling for certificate pinning/mTLS and safe bypass workflows. Key/cert management approach, user notification/opt‑out options if applicable, and privacy controls. Submitted: 1/16/2026 11:24:22 AM (CT)
SLED stands for State, Local, and Education. These are solicitations issued by state governments, counties, cities, school districts, utilities, and higher education institutions — as opposed to federal agencies.
SamSearch Platform
AI-powered intelligence for the right opportunities, the right leads, and the right time.