Validated Product - FirePass 4100 Version 5.5.2 + Hotfix HF-552-10Certificate Date: 19 December 2007 Validation Report Number: CCEVS-VR-VID10190-2007 Product Type: VPN Conformance Claim: EAL2 Augmented with ADV_SPM.1,ALC_FLR.1 PP Identifiers: None CC Testing Lab: InfoGard Laboratories, Inc.
PRODUCT DESCRIPTIONThe TOE is a VPN Appliance that enables secure network access to remote Users. The FirePass Appliance provides SSL network access to corporate applications, intranet resources and file servers. The FirePass appliance supports simultaneous direct layer 3 connections to network resources utilizing Network Access mode and layer 7 (clientless) connections utilizing Web Applications (Portal) mode. Detailed connection rules evaluate client resources and determine access permitted through a series of endpoint security checks during session startup. Network Access Mode allows remote layer 3 access to corporate network resources through a VPN tunnel established using Point to Point (PPP) over SSL techniques. Network Access Mode sessions are established through a browser in conjunction with plug-in modules which are downloaded during the initial session. A series of configurable endpoint security checks may be executed on the external VPN client workstation prior to and during Network Access mode sessions, to assure required security settings are in place. Web Applications Mode allows for SSL secured access to corporate web portals and intranet applications especially suited for access from public (untrusted) resources. This connection mode features clientless layer 7 access to corporate web applications using only a supported browser. The FirePass appliance evaluates client machine security status during startup to ascertain if minimum security provisions are in place based on Administrator configured connection rules. EVALUATED CONFIGURATIONThe TOE evaluated configuration includes a network appliance (hardware and software) and client plug-ins (software) for the Network Access Mode capability. The Common Criteria evaluated configuration requires that the TOE be installed in a high availability pair (qty 2) configuration. SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. The TOE was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. ENVIRONMENTAL STRENGTHSThe F5 FirePass 4100 is a Virtual Private Networking (VPN) appliance that supports secure VPN sessions to corporate resources requiring only a browser. FirePass implement these features through the following security functions: Security Audit, Identification and Authentication, Endpoint Security, Network Access Mode, Web Applications Mode Access, Policy Based Resource Management, Security Management, Secure Communications and TOE protection. |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}
