Product Details | Product Description |
|---|
Certification Country: AUSTRALIA/NEW ZEALAND (2017)
Certification Method: CC
Evaluation Facility: BAE Systems Applied Intelligence
Manufacturer/Vendor/Distributor: Fortinet Fortinet
Website: http://www.fortinet.comContact
Michael Hodge
Major Account Manager - Federal
AU
Mobile: 0414 358 893
Email: mhodge@fortinet.com
| The Target of Evaluation (TOE) is FortiGate NGFW appliances running FortiOS 5.4.
The TOE is designed to provide next-generation firewall services ensuring network protection for Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) networks. The TOE is capable of robust filtering based on information contained in IPv4, IPv6, ICMPv4, ICMPv6, TCP and UDP headers as specified by their respective RFC’s. Additionally the TOE is capable of content inspection of FTP and H.323 protocols to work with the dynamic nature of these protocols.
ASD Cryptographic Evaluation:
The ASD Crypt Evaluation covers the VPN functionality of FortiOS 5.4.4 only.
The supported platforms are :
|
Desktop
|
FortiGate-50E; FortiWiFi-50E; FortiGate-51E; FortiWiFi-51E; FortiGate-52E; FortiGate-60E; FortiGate-60E-PoE; FortiWiFi-60E; FortiGate-61E; FortiWiFi-61E; FortiGate-80E; FortiGate-81E; and FortiGate-81E-PoE.
|
|
Mid-range
|
FortiGate-100E; FortiGate-101E; FortiGate-200D; FortiGate-200E; FortiGate-201E; FortiGate-300D; FortiGate-400D; FortiGate- 500D; FortiGate-600D; FortiGate-800D; FortiGate-900D; FortiGate-1000D; FortiGate-1200D; FortiGate-1500D; FortiGate-2000E; and FortiGate-2500E.
|
|
High-end
|
FortiGate-3000D; FortiGate-3100D; FortiGate-3200D; FortiGate-3700D; FortiGate-3810D; and FortiGate-3815D.
The FortiGate 5000-series chassis are modular enclosures for blade systems. The following blade systems are capable of running in the evaluated configuration:
FortiGate-5001D
|
|
Virtual models
|
FortiGate-VM01; FortiGate-VM02; FortiGate-VM04; and FortiGate-VM08
When operating on the following hypervisors and hardware platforms:
FortiHypervisor-500D (KVM 64-bit)
|
The Security Functions provided by the TOE are listed in the table below.
| Security Functions |
Description |
|
Security audit
|
The TOE generates logs for auditable events. These logs can be stored locally in protected storage and/or exported to an external audit server via a secure channel.
|
|
Cryptographic support
|
The TOE implements a variety of key generation and cryptographic methods to provide protection of data both in transit and at rest within the TOE.
|
|
User data protection
|
The TOE ensures that data cannot be recovered once deallocated.
|
|
Identification and authentication
|
The TOE implements mechanisms to ensure that users are both identified and authenticated before any access to TOE functionality or TSF data is granted.
|
|
Security management
|
The TOE provides a suite of management functionality, allowing for full configuration of the TOE by an authorised administrator.
|
|
Protection of the TSF
|
The TOE implements a number of protection mechanisms (including authentication requirements, self-tests and trusted update) to ensure the protection of the TOE and all TSF data.
|
|
TOE access
|
The TOE provides session management functions for local and remote administrative sections.
|
|
Trusted path/channels
|
The TOE provides secure channels between itself and local/remote administrators and other devices to ensure data security during transit.
|
|
Stateful traffic and packet filtering
|
The TOE allows for the configuration and enforcement of stateful packet filtering/firewall rules on all traffic traversing the TOE.
|
|
Intrusion prevention
|
The TOE allows for the enforcement of pre-defined or custom attack signatures, as part of a comprehensive intrusion prevention suite.
|
|
