OPH Primary Site Firewall Replacements and Network Architecture Redesign

Requirements

Old Parliament House (OPH) is undergoing a significant network and server infrastructure replacement and architecture redesign project, moving towards a simplified "SaaS first" approach.

For additional information please refer to companion tender: PCS-02832

As critical work package, OPH requires its primary firewall devices to be replaced, and foundational network configurations to be completed to facilitate additional work packages.

OPH Currently utilises 2x FortiGate 101Fs in HA configuration.

OPH has recently completed a network audit and identified certain functions that are required to be validated and configured as part of the broader infrastructure architecture. This includes:

• Migration of DHCP and DNS from an on-premises Active Directory Domain Controller to the primary site firewalls
• ISP ports for 2x 10GB links in BGP configuration
• 8x redundant 10Gb links to Core Switches, 2x logical networks, 4x links each (May change dependent on the Network Segmentation redesign)
• Site to Site VPN configurations for satellite office and Azure resources instance.
• Enablement configurations to facilitate Azure and AWS SaaS and IaaS consumption

Primary Contract Requirements (What is required):

• OPH requires 2x new Firewall devices that supports the above requirements, configured in HA
• Project Management of the audit, approval and implementation of network elements
• Professional Services for
• Configuration of devices
• Network segmentation (Subnets = 43) redesign audit and proposal
• implementation of approved changes to the network segmentation (consolidate and decommission where approved)
• Integration with Rapid7 and Sentinel for reporting and monitoring
• As-Built Documentation.

Contract Extension Work Packages (dependent on approvals and funding):

Each extension package will be evaluated separately and be taken up as contract extensions, in the form of additional Milestones, once the initial contract requirements have been delivered.

• Extension Package 1 - Audit Building Management Systems (BMS) network, edge devices and infrastructure.
• Document findings and propose an approach, including requirements, for separating dependencies from current OPH core network.
• Extension Package 2 - Implement separation of BMS dependencies in line with OPH Stakeholder requirements.

Resources available to successful vendor:

• Network Elements Audit report (August 2025)
• OPH currently has a Network Managed Services Provider that collaboration is highly encouraged, on an as needs basis.
• Recently completed (October2024) replacement of all edge switches in the Non-Corporate Logical network (Aruba).
• IT Section operates using Agile and Azure DevOps for Task management and tracking
• Internal Change Approval Board and platform for recording and approving, environment and system changes
• Microsoft Teams and SPO used for collaboration and sharing project related resources.