FortiGate NGFW appliances running FortiOS 5.4

Product type: Network and Network Related Devices and Systems
Product Status: Completed
Assurance Level: Protection Profile FWcPP, VPNGWEP and IPSEP

Version: 5.4

Product Details

Product Description

Certification Country: AUSTRALIA/NEW ZEALAND (2017)
Certification Method: CC
Crypt Evaluation: Progressing
Evaluation Facility: BAE Systems Applied Intelligence
Manufacturer/Vendor/Distributor: Fortinet

Fortinet


Website: http://www.fortinet.com

Contact


Michael Hodge
Major Account Manager - Federal
AU
Mobile: 0414 358 893
Email: mhodge@fortinet.com

Documents

CC Certificate
Security Target
Certification Report

The Target of Evaluation (TOE) is FortiGate NGFW appliances running FortiOS 5.4.

The TOE is designed to provide next-generation firewall services ensuring network protection for Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) networks. The TOE is capable of robust filtering based on information contained in IPv4, IPv6, ICMPv4, ICMPv6, TCP and UDP headers as specified by their respective RFC’s. Additionally the TOE is capable of content inspection of FTP and H.323 protocols to work with the dynamic nature of these protocols.

ASD Cryptographic Evaluation:
The ASD Crypt Evaluation covers the VPN functionality of FortiOS 5.4.4 only.

The supported platforms are :

Desktop

FortiGate-50E; FortiWiFi-50E; FortiGate-51E; FortiWiFi-51E; FortiGate-52E; FortiGate-60E; FortiGate-60E-PoE; FortiWiFi-60E; FortiGate-61E; FortiWiFi-61E; FortiGate-80E; FortiGate-81E; and FortiGate-81E-PoE.

Mid-range

FortiGate-100E; FortiGate-101E; FortiGate-200D; FortiGate-200E; FortiGate-201E; FortiGate-300D; FortiGate-400D; FortiGate- 500D; FortiGate-600D; FortiGate-800D; FortiGate-900D; FortiGate-1000D; FortiGate-1200D;   FortiGate-1500D; FortiGate-2000E; and FortiGate-2500E.

High-end

FortiGate-3000D; FortiGate-3100D; FortiGate-3200D; FortiGate-3700D; FortiGate-3810D; and FortiGate-3815D.

The FortiGate 5000-series chassis are modular enclosures for blade systems. The following blade systems are capable of running in the evaluated configuration:

FortiGate-5001D

Virtual models

FortiGate-VM01; FortiGate-VM02; FortiGate-VM04; and FortiGate-VM08

When operating on the following hypervisors and hardware platforms:

FortiHypervisor-500D (KVM 64-bit)

 

The Security Functions provided by the TOE are listed in the table below.

Security Functions Description

Security audit

The TOE generates logs for auditable events. These logs can be stored locally in protected storage and/or exported to an external audit server via a secure channel.

Cryptographic support

The TOE implements a variety of key generation and cryptographic methods to provide protection of data both in transit and at rest within the TOE.

User data protection

The TOE ensures that data cannot be recovered once deallocated.

Identification and authentication

The TOE implements mechanisms to ensure that users are both identified and authenticated before any access to TOE functionality or TSF data is granted.

Security management

The TOE provides a suite of management functionality, allowing for full configuration of the TOE by an authorised administrator.

Protection of the TSF

The TOE implements a number of protection mechanisms (including authentication requirements, self-tests and trusted update) to ensure the protection of the TOE and all TSF data.

TOE access

The TOE provides session management functions for local and remote administrative sections.

Trusted path/channels

The TOE provides secure channels between itself and local/remote administrators and other devices to ensure data security during transit.

Stateful traffic and packet filtering

The TOE allows for the configuration and enforcement of stateful packet filtering/firewall rules on all traffic traversing the TOE.

Intrusion prevention

The TOE allows for the enforcement of pre-defined or custom attack signatures, as part of a comprehensive intrusion prevention suite.