There is a contradiction between FDP_IFC_EXT.1 and FMT_SMF_EXT.1 Function 3. FDP_IFC_EXT.1 states that all traffic (other than the traffic required to establish the VPN connection) must travel through the VPN. FMT_SMF_EXT.1 Function 3 mandates that the VPN can be configured across the device and (optionally) on a per-app basis. The Assurance Activity for the per-app VPN conflicts with FDP_IFC_EXT.1 because it states that traffic destined for the specific application uses the VPN, but other traffic is sent outside the VPN, thus all traffic does not travel through the VPN.

It is mandatory that a VPN can be configured across the device that does not split tunnel, meaning all traffic (other than the traffic required to establish the VPN) must travel through the VPN. If the VPN is configured per-application, all traffic destined for the specific application must travel through the VPN. Traffic not destined for that application can be sent outside the VPN and does not cause a failure for FDP_IFC_EXT.1.

The following App Note was added to FMT_SMF_EXT.1:

Function 3 optionally allows the VPN to be configured on a per-app basis. If this configuration is selected, it does not void FDP_IFC_EXT.1, rather FDP_IFC_EXT.1 is applied to the application the VPN is applied to. Meaning that all traffic destined for the VPN-enabled application, must travel through the VPN, but traffic not destined for that application can travel outside the VPN. When the VPN is configured across the device FDP_IFC_EXT.1 applies to all traffic and the VPN must not split tunnel.

Clarification of requirements