Compliant Product - SonicWall SonicOS Enhanced V6.5.4 with VPN and IPS on TZ and SOHO Appliances
Certificate Date: 2020.04.16CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11028-2020
Product Type: Firewall
Virtual Private Network
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Stateful Traffic Filter Firewalls Version 2.0 + Errata 20180314
Extended Package for Intrusion Prevention Systems Version 2.11
Extended Package for VPN Gateways Version 2.1
CC Testing Lab: Acumen Security
The TOE is a software and hardware TOE. It is a combination of a particular SOHO or TZ hardware appliance and the SonicOS v6.5.4 software. The SonicWall appliances are designed to filter traffic based on a set of rules created by a system administrator. The audit server provides a platform for sorting and viewing the log files that are produced by the appliance.
The following table lists all the instances of the TOE that operate in the evaluated configuration. All listed TOE instances offer the same core functionality but vary in number of processors, physical size, and supported connections.
Table 1 TOE Appliance Series and Models
The underlying platform that comprises the TOE has common hardware characteristics. These differing characteristics effect only non-TSF relevant functionality, such as throughput, processing speed, number and type of connections, and amount of internal storage.
In the evaluated configuration, the devices are placed in “Network Device Protection Profile (NDPP)” mode. “NDPP mode” is a configuration setting.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the SonicWall SonicOS Enhanced V6.5.4 with VPN and IPS on TZ and SOHO Appliances is evaluated as described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. Acumen Security determined that the evaluation is a Network Device Collaborative Protection Profile (NDcPP)/Stateful Traffic Filter Firewall Collaborative Protection Profile (FWcPP) Extended Package VPN Gateway v2.1 [VPNEP] and, Network Device Collaborative Protection Profile (NDcPP)/Stateful Traffic Filter Firewall Collaborative Protection Profile (FWcPP) Extended Package for Intrusion Prevention Systemsv2.11 [IPSEP]. The product, when delivered configured as identified in the SonicWall® SonicOS 6.5 Common Criteria Addendum, satisfies all the security functional requirements stated in the Security Target. The project underwent CCEVS Validator review. The evaluation was completed in April 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE is comprised of several security features. Each of the security features identified above consists of several security functionalities, as identified below.
The TOE generates audit records for administrative activity, security related configuration changes, cryptographic key changes and startup and shutdown of the audit functions. The audit events are associated with the administrator who performs them, if applicable. The audit records are transmitted over an IPsec VPN tunnel to an external audit server in the IT environment for storage.
The TOE provides cryptographic functions (key generation, key establishment, key destruction, cryptographic operation) to secure remote administrative sessions over Hypertext Transfer Protocol Secure (HTTPS)/Transport Layer Security (TLS), and to support Internet Protocol Security (IPsec) to provide VPN functionality and to protect the connection to the audit server.
Identification and Authentication
The TOE provides a password-based logon mechanism. This mechanism enforces minimum strength requirements and ensures that passwords are obscured when entered. The TOE also validates and authenticates X.509 certificates for all certificate use.
The TOE provides management capabilities via a Web-based GUI, accessed over HTTPS. Management functions allow the administrators to configure and update the system, manage users and configure the Virtual Private Network (VPN) and Intrusion Prevention System (IPS) functionality.
Protection of the TSF
The TOE prevents the reading of plaintext passwords and keys. The TOE provides a reliable timestamp for its own use. To protect the integrity of its security functions, the TOE implements a suite of self-tests at startup and shuts down if a critical failure occurs. The TOE verifies the software image when it is loaded. The TOE ensures that updates to the TOE software can be verified using a digital signature.
The TOE monitors local and remote administrative sessions for inactivity and either locks or terminates the session when a threshold time period is reached. An advisory notice is displayed at the start of each session.
The TSF provides IPsec VPN tunnels for trusted communication between itself and an audit server. The TOE implements HTTPS for protection of communications between itself and the Management Console.
The TOE performs analysis of IP-based network traffic and detects violations of administratively-defined IPS policies. The TOE inspects each packet header and payload for anomalies and known signature-based attacks and determines whether to allow traffic to traverse the TOE.
Stateful Traffic Filtering
The TOE restricts the flow of network traffic between protected networks and other attached networks based on addresses and ports of the network nodes originating (source) and/or receiving (destination) applicable network traffic, as well as on established connection information.
The TOE performs packet filtering on network packets.