Request for Proposal RFPM06-2891 – Internet Filtering Software
Details and Specifications
The Peel District School Board encompasses schools from Alton to Mississauga in the Peel Region. We
currently have 221 schools, 145,000 students and 12,000 staff.
Access to the Internet is centrally located at the Central Board Office and Learning Technology Support
Services (LTSS) acts as the ISP for all Public Schools in Peel Region.
We currently have Fiber optics run to each school in the region. They connect to the Board wide, Wide Area
Network at Gigabit Ethernet Speeds.
The Board is connected to the Internet via two service providers. 90% of our traffic is HTTP and saturates a
100 Mbps link from 8:00am to 3:30pm five days a week. At any given time during the day we have 15,000
active outbound HTTP sessions.
The need for better reporting on incidents of breaches in the acceptable use policies has forced us to
explore the need for outbound authentication for Internet services. It is our intent to be able to report on
specific user traffic in a quicker more efficient manner.
Cisco Catalyst 6500 ORION
Default Route = To Internet @ 100Mbps
1.0 Solution Overview
1.1 Provide an overview of your proposed solution. In the overview describe all servers and
services required for your solution to be implemented.
1.2 Can your solution operate as a slave / integrate into a PIX Firewall
1.3 Describe, with the aid of diagram, how the solution integrates into the current network
2.0 Filtering Features and Policy
Please describe the desired features of the proposed solution as outlined below.
2.1 Can your solution set unique filtering policies based on source IP Address? For example the IP
subnet of a school
2.2 Describe the number of unique filtering policies your proposed solution will support.
2.3 Can your solution force users to authenticate before access to the Internet (for HTTP traffic) is
2.3.1 Can a unique filtering policy based on username and password be applied?
184.108.40.206 What is the maximum number these policies that can be applied
220.127.116.11 Can the policy to be applied be an object in a Directory Database (i.e.
Grade 8 students have a different policy than grade 2 students, where
Grade is an object in a directory database)
2.3.2 Describe in detail how user authentication works in your solution. Describe the type
of back end databases supported, additional servers / services if required and
performance specifications (simultaneous access, number of Directory lookups per
second, effect on system performance etc).
Remember, your solution has to work for 20,000 simultaneously authenticated
2.3.3 How does the proposed solution time out authenticated sessions or allow the user
to logout? The problem is how would your proposed solution restrict other users
from assuming existing sessions during turnaround times in computer labs, etc.
2.3.4 Can username / password authentication be turned off based on source IP address.
2.4 Can your solution Filter based on Keyword blocking.
2.5 Describe how your solution handles the Image web sites like Google Images or Yahoo to filter
inappropriate pictures that may result based on searches.
2.6 Describe the size of your database.
2.7 How are new sites added to the database and what is the frequency of updates?
2.8 If your solution encounters a site that is not in your database what happens?
2.9 Is there a mechanism for users to request a site to be blocked or that site has been incorrectly
2.10 Describe how your Internet Filtering database is updated, maintained, the number of
“humans” doing content review, how new sites are discovered and what criteria is used to
3.0 Site Overrides
3.1 If a site is blocked, does your solution have the ability to:
3.1.1 Allow the computer being blocked the ability to Override a Blocked Site with a for a
specified amount of time, with a predetermined username and password
3.1.2 Allow a the computer being blocked the ability to Override a Blocked Site for a
specified amount of time, with a unique username and password authenticated
against a Directory Source?
18.104.22.168 If yes, what are the connections per second supported and the
Maximum number of supported authentications.
4.1 Can your proposed solution report on user activity (sites visited, blocked sites accessed, time
on-line, etc) and generate the report based on source address or username.
4.2 Can your solution provide detailed reporting on overall system performance (filtering, system
processes, HTTP services, IP throughput, etc)?
4.3 Can your solution report on site overrides (who, where, when)
4.4 Report showing what type of Filtering Blocks were activated
4.5 Describe any additional servers or services that are required to get collect and analyze logging
5.1 Describe how the box is managed.
5.2 Does the solution support SNMP MIBs to extract status and health information of the solution
(and not just MIB_II info).
5.3 Does your solution support the use of syslog servers to report critical events and errors.
6.0 Bidder Proposal
The Bidders proposal must include the following :
6.1 Answers to sections 1.0 – 5.0
6.2 Provide details about your install base and provide reference accounts that we may contact.
6.3 Provide a complete price breakdown of all components necessary to implement your solution
and indicate any future costs for ongoing maintenance , subscriptions, and increase in users /
6.4 Provide a price if Peel District School Board would like to have the vendor install, configure and
train staff in the proposed solution.
6.5 In your pricing please indicate prices for extended contract terms (1 year, 2 year, 3 year, and
any other terms for greater than a three year period.
6.6 Please indicate whether a multi-year contract must be paid in full up front or spread our over
multiple years. Typically the Boards pays yearly on multi-year contracts.
The Peel District Board will also consider proposals from vendors that provide additional products or
services to add additional value to your proposal.