If you are reading this message, Please click this link to reload this page. Do not use your browser's "Refresh" button. Please email us if you're running the latest version of your browser and you still see this message. Sold and Shipped by Newegg. The Fortinet FortiGate 50B security appliance delivers high performance, multi-threat protection at a compelling cost that is ideal for securing smaller locations.
|Country:||Saint Kitts and Nevis|
|Published (Last):||28 October 2019|
|PDF File Size:||8.98 Mb|
|ePub File Size:||1.2 Mb|
|Price:||Free* [*Free Regsitration Required]|
This certification report, and its associated certificate, apply only to the identified version and release of the product in its evaluated configuration.
The evaluation has been conducted in accordance with the provisions of the CCS, and the conclusions of the evaluation facility in the evaluation report are consistent with the evidence adduced. This report, and its associated certificate, are not an endorsement of the IT product by the Communications Security Establishment Canada, or any other organization that recognizes or gives effect to this report, and its associated certificate, and no warranty for the IT product by the Communications Security Establishment Canada, or any other organization that recognizes or gives effect to this report, and its associated certificate, is either expressed or implied.
A CCEF is a commercial facility that has been approved by the CCS Certification Body to perform Common Criteria evaluations; a significant requirement for such approval is accreditation to the requirements of ISO Standard , General requirements for the accreditation of calibration and testing laboratories.
By awarding a Common Criteria certificate, the CCS Certification Body asserts that the product complies with the security requirements specified in the associated security target.
A security target is a requirements specification document that defines the scope of the evaluation activities. The consumer of certified IT products should review the security target, in addition to this certification report, in order to gain an understanding of any assumptions made during the evaluation, the IT product's intended environment, its security requirements, and the level of confidence i. This certification report is associated with the certificate of product evaluation dated 28 November , and the security target identified in Section 4 of this report.
FortiGate secures a wide range of network environments, from the remote office and branch office to the enterprise and the service provider. FortiGate detects and eliminates damaging, content-based threats from email and Web traffic such as viruses, worms, intrusion attempts, and inappropriate Web content in real-time without degrading network performance.
FortiGate units can operate independently, as part of a cluster to provide high availability of services, or collectively with a centralized management system to provide multiple security enforcement points within large networks. Section 2 of the security target provides details on functionality included, and excluded, from this evaluation. The scope of the evaluation is defined by the security target, which identifies assumptions made during the evaluation, the intended environment for the FortiGate, the security requirements, and the level of confidence evaluation assurance level at which the product is intended to satisfy the security requirements.
Consumers are advised to verify that their operating environment is consistent with that specified in the security target, and to give due consideration to the comments, observations and recommendations in this certification report.
The results documented in the Evaluation Technical Report ETR Footnote 1 for this product provide sufficient evidence that it meets the EAL 4 augmented assurance requirements for the evaluated security functionality.
FortiGate secures a wide range of network environments, from the remote office and branch office ROBO to the enterprise and the service provider. The complete list of evaluated security functionality for the FortiGate is identified in Section 5 of the Security Target.
The following Government of Canada approved cryptographic algorithms were evaluated for correct implementation in FortiGate:. The FortiGate implements four information flow control policies. These policies govern the following:. A high level description of these security policies is found in Section 2 of the ST; a detailed description is found in Sections 5 and 6 of the ST.
In addition, FortiGate implements policies pertaining to security audit, self protection, identification and authentication, security administration, encryption and the use of trusted paths and channels. Consumers of FortiGate should consider assumptions about usage and environmental settings as requirements for the product's installation and its operating environment.
This will ensure the proper and secure operation of the TOE. The FortiGate units provide a wide variety of services, not all of which were subject to evaluation. In particular, the following capabilities were excluded from the evaluation:. For a complete list of the capabilities both included and excluded from the evaluation, refer to Section 2 of the ST.
Refer to Section 2 of the ST for interface detail. Further details about the system architecture are proprietary to the developer, and are not provided in this report. Each of these units may be used either as a stand alone unit or along with other units of the same model in a high availability cluster.
The evaluation analysis activities involved a structured evaluation of the FortiGate, including the following areas:. An analysis of the FortiGate configuration management system and associated documentation was performed. The evaluators found that the FortiGate configuration items were clearly marked, and could be modified and controlled, and that the configuration management system supported generation of the TOE. The developer's configuration management system was observed during site visits, and it was found to be mature and well developed.
The evaluators examined the delivery documentation and determined that it described all of the procedures required to maintain the integrity of FortiGate during distribution to the consumer. The evaluators examined and tested the installation, generation and start-up procedures, and determined that they were complete and sufficiently detailed to result in a secure configuration.
The evaluators analysed the FortiGate functional specification, high-level design, low-level design, and a subset of the implementation representation; they determined that the documents were internally consistent, and completely and accurately instantiated all interfaces and security functions. The evaluators also independently verified that the correspondence mappings between the design documents were correct.
The evaluators examined the FortiGate user and administrator guidance documentation and determined that it sufficiently and unambiguously described how to securely use and administer the product, and that it was consistent with the other documents supplied for evaluation.
The evaluators examined the development security procedures during site visits and determined that they detailed sufficient security measures for the development environment to protect the confidentiality and integrity of FortiGate design and implementation. The evaluators determined that the developer has used a documented model of the TOE life-cycle and well-defined development tools that yield consistent and predictable results.
The evaluators reviewed the flaw remediation procedures used by Fortinet for the FortiGate. The evaluators determined that the procedures describe the tracking of security flaws, the identification of corrective actions, and the distribution of corrective action information to product users. Additionally, the evaluators determined that the developer's procedures provide for the corrections of security flaws, for the receipt of flaw reports from product users, and for assurance that the corrections introduce no new security flaws.
The FortiGate ST's strength of function claims were validated through independent evaluator analysis. The evaluators examined the developer's vulnerability analysis for FortiGate and found that it sufficiently described each of the potential vulnerabilities along with a sound rationale as to why it was not exploitable in the intended environment.
Additionally, the evaluators conducted an independent review of public domain vulnerability databases, and all evaluation deliverables to provide assurance that the developer has considered all potential vulnerabilities. Testing at EAL 4 consists of the following three steps: assessing developer tests, performing independent functional tests, and performing penetration tests.
The evaluators verified that the developer has met their testing responsibilities by examining their test evidence, and reviewing their test results, as documented in the ETR Footnote 2. The evaluators analyzed the developer's test coverage analysis and found it to be complete and accurate.
The correspondence between the tests identified in the developer's test documentation and the functional specification was complete. During this evaluation, the evaluator developed independent functional tests by examining design and guidance documentation, examining the developer's test documentation, executing a sample of the developer's test cases, and creating test cases that augmented the developer tests. All testing was planned and documented to a sufficient level of detail to allow repeatability of the testing procedures and results.
Resulting from this test coverage approach was the following list of EWA-Canada test goals:. Subsequent to the examination of the developer's vulnerability analysis, independent vulnerability analysis, and the independent review of public domain vulnerability databases and all evaluation deliverables, limited independent evaluator penetration testing was conducted. The penetration tests focused on:. The independent penetration testing did not uncover any exploitable vulnerabilities in the anticipated operating environment.
FortiGate was subjected to a comprehensive suite of formally documented, independent functional and penetration tests. The detailed testing activities, including configurations, procedures, test cases, expected results and observed results are documented in a separate Test Results document. The developer's tests and the independent functional tests yielded the expected results, giving assurance that the FortiGate behaves as specified in its ST and functional specification. The overall verdict for the evaluation is PASS.
These results are supported by evidence in the ETR. Fortinet employs a rigorous testing process that tests the changes and fixes in each release of the FortiGate. Comprehensive regression testing is conducted for all releases. Return to footnote 1 referrer. Return to footnote 2 referrer. Skip to main content Skip to footer.
Fortinet Fortigate-50B Firewall
Fortinet FortiGate 50B - security appliance Series Specs