NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Stonesoft Next Generation Firewall (NGFW)

Certificate Date:  2016.03.03

Validation Report Number:  CCEVS-VR-VID10669-2016

Product Type:    Firewall
   Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Network Device Protection Profile (NDPP) Extended Package Stateful Traffic Filter Firewall Version 1.0
  Protection Profile for Network Devices Version 1.1

CC Testing Lab:  Gossamer Security Solutions

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Target of Evaluation (TOE) is Stonesoft Next Generation Firewall (NGFW) version 5.10.  The Stonesoft Next Generation Firewall is a stateful packet filtering firewall.  Being a stateful packet filtering firewall, the NGFW filters network traffic optimized through the use of stateful packet inspection. The NGFW is intended to be used as a network perimeter security gateway that provides a controlled connection. The NGFW is centrally managed and generates audit records for security critical events.
The Stonesoft Next Generation Firewall (NGFW) system is composed of two physical appliances: the NGFW engine and the Security Management Center (SMC) Appliance:

·    The NGFW engine controls connectivity and information flow between internal and external connected networks. The NGFW engine also provides a means to keep the internal host’s IP-address private from external users. The NGFW is assumed to be installed and operated within a physically protected environment, administered by trusted and trained administrators over a trusted and separate management network. Multiple installations of the NGFW engine may be used in combination to provide a company with an overall network topology.  The NGFW engine runs on a hardened Linux operating system that is shipped with the product. The software (which is also part of the NGFW engine product) runs on a single or multi-processor Forcepoint platform.

·    The SMC appliance provides administrative functionality supporting the configuration and operation of one or more NGFW engines. The SMC appliance – a management system comprising a Management Server, Log Server and McAfee Linux Operating System (MLOS) to support the management and operation of the firewall – is included as part of the product. The MLOS that is used for the management server is the same underlying OS that is used in several other evaluated security products and has undergone prior evaluation as part of those products.

Evaluated Configuration

The evaluated software version is ForcepointTM Stonesoft Next Generation Firewall composed of the NGFW Engine (version 5.10.1) and Security Management Center (SMC) Appliance (version 5.10.0 with SMC Appliance patch 5.10.0P001).  The TOE consists of the SMC appliance and one or more of the following NGFW appliance models:

Firewall Appliances:

Rack Mounted Firewall models

·         1035

·         1065

·         1401

·         1402

·         3202 (2U)

·         3207 (2U)

·         3206 (2U)

·         3301 (2U)

·         5206 (3U)

Desktop Firewall models

·         320X-C1

·         321-C2

·         325-C2

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, July 2012.   The product, when delivered and configured as identified in the McAfee Next Generation Firewall 5.10.1 Common Criteria Evaluated Configuration Guide, Revision F, satisfies all of the security functional requirements stated in the Forcepoint LLC Stonesoft Next Generation Firewall (NDPP11e3/STFFEP10) Security Target, Version 0.6, February 29, 2016.  The project underwent CCEVS Validator review.  The evaluation was completed in March 2016.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10669-2016) prepared by CCEVS.

Environmental Strengths

The logical boundaries of the Forcepoint LLC Stonesoft Next Generation Firewall TOE are realized in the security functions that it implements. Each of these security functions is summarized below.

Cryptographic support: Both components of the TOE utilize cryptography to support use of the TLS protocol to protect network communication and to support verification of TOE updates.

User data protection: The TOE ensures that residual information is protected from potential reuse in accessible objects such as network packets.

Identification and authentication: The TOE requires users to be identified and authenticated before they can use functions mediated by the TOE, with the exception of reading the login banner and performing firewall packet filtering operations.  The TOE authenticates administrative users. In order for an administrative user to access the TOE, a user account including a user name and password must be created for the user. 

Security management: Security management commands are limited to authorized users (i.e., administrators) and available only after they have provided acceptable user identification and authentication data to the TOE.  Administrators access the TOE remotely using a TLS protected communication channel between the Management server and the Client GUI (which runs on a workstation in the IT environment).

Protection of the TSF: The TOE implements a number of features designed to protect itself to ensure the reliability and integrity of its security features.  The TOE performs self-tests that cover the correct operation of the TOE.  It provides functions necessary to securely update the TOE and a hardware clock to ensure reliable timestamps. The TOE protects sensitive data such as stored passwords and cryptographic keys so that they are not accessible through the TOE, even to an authorized administrator. The TOE also utilizes the TLS protocol to protect communication between distributed parts of the TOE.

TOE Access: The TOE can be configured to display a logon banner before a user session is established.  The TOE also enforces inactivity timeouts for local and remote sessions.

Trusted path/channels: The TOE protects interactive communication with administrators using TLS for GUI access, ensuring both integrity and disclosure protection.  If the negotiation of an encrypted session fails the attempted connection will not be established.

The TOE protects communication with network peers, such as an external syslog server, using TLS connections to prevent unintended disclosure or modification of logs.

The TOE also protects internal communication between components of the TOE using TLS connections which prevent unintended disclosure and modification of TSF communications.

Vendor Information

Forcepoint, LLC
Jorma Levomäki
Site Map              Contact Us              Home