1. The solution must operate as a data center firewall appliance, supporting a zerotrust framework with internal network segmentation and traffic aggregation. Additionally, it must integrate seamlessly with the District's existing Palo Alto Networks Internet firewall. 2. The solution ensures that the security system is always up-to-date with the latest threat information, helping to protect against emerging cyber threats more effectively. 3. The solution must include application identification technology to ensure granular application visibility and control, regardless of port, protocol, or encryption. 4. The solution must be able to provide segmentation of applications on standard application ports within a single security policy rule. For example, if DNS and SMTP are both added within the same security policy rule, DNS should NOT be permitted to operate on port 25 and vice versa. Layer 7 application segmentation must hold true both across security policy rules and within each individual security policy rule itself. 5. The firewall Layer 7 functionality must have application dependency checks and warnings that notify the administrator when dependent applications must be added to a policy rule in order for a given application or applications to operate properly. 6. The solution must be capable of 70.0 Gbps of throughput with all subscriptions, and logging/alerting enabled. 7. The solution must support on-box SSL decryption, with separate management and data planes present on the same physical appliance...
