Should support atleast 2.2 Gbps of NGFW performance throughput (includes FW, Application Visibility & IPS) 

Maximum Sessions with AVC : 195K or higher.

New connections per second 12K or higher.

Minimum Transport Layer Security (TLS) : 600 Mbps or higher.

NG Firewall should support 1.1 Gbps IPSec VPN Throughput with 144 VPN Peers

Maximum VPN Peers : 144 or higher.

Minimum number of URLs filtering categorized 270 million

The Firewall should support IPS, Malware & URL Protection Feature. 

Firewall should support Active/Standby failover

Should support Static, RIP, OSPF, OSPFv3 and BGP

Should be capable of detecting and blocking IPv6 attacks.

The solution must provide IP reputation feed that comprised of several regularly updated collections of poor repuration of IP addresses determined by the proposed security vendor

Solution must support IP reputation intelligence feeds from third party and custom lists of IP addresses including a global blacklist.

Should must support URL and DNS threat inetllifence feeds to protect against threats

Should support Reputation- and category-based URL filtering offering comprehensive alerting and control over suspect web traffic and enforces policies on more than 270 million of URLs in more than 80 categories.

Solution must be capable of passively gathering details unique to mobile devices traffic to identify a wide variety of mobile operating systems, mobile applications and associated mobile device hardware.

Should be capable of providing network-based detection of malware by checking the disposition of known files in the cloud using the SHA-256 file-hash as they transit the network and capability to do dynamic analysis on-premise on purpose built-appliance (if required in future)

NGFW OEM must have its own threat intelligence analysis center and should use the global footprint of security deployments for more comprehensive network protection.

 The detection engine should support capability of detecting and preventing a wide variety of threats (e.g., malware, network probes/reconnaissance, VoIP attacks, buffer overflows, P2P attacks, etc.).

Should be able to identify attacks based on Geo-location and define policy to block on the basis of Geo-location

The detection engine should support the capability of detecting variants of known threats, as well as new threats

The detection engine must incorporate multiple approaches for detecting threats, including at a minimum exploit-based signatures, vulnerability-based rules, protocol anomaly detection, and behavioral anomaly detection techniques. Identify and explain each type of detection mechanism supported.