NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - SonicWall SonicOS Enhanced V6.5.4 with VPN and IPS on TZ and SOHO Appliances

CC Certificate [PDF] Security Target [PDF] * Security Target [PDF] *

Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Product Description

The TOE is a software and hardware TOE. It is a combination of a particular SOHO or TZ hardware appliance and the SonicOS v6.5.4 software. The SonicWall appliances are designed to filter traffic based on a set of rules created by a system administrator. The audit server provides a platform for sorting and viewing the log files that are produced by the appliance.

Evaluated Configuration

The following table lists all the instances of the TOE that operate in the evaluated configuration. All listed TOE instances offer the same core functionality but vary in number of processors, physical size, and supported connections.


Appliance Series

Hardware Model

Operational Environment


TZ 300P

Cavium Octeon III CN7020-800

TZ 350W

Cavium Octeon III CN7020-800

TZ 600P

Cavium Octeon III CN7130-1400


SOHO 250

Cavium Octeon III CN7020-800


Cavium Octeon III CN7020-800


Table 1 TOE Appliance Series and Models

The underlying platform that comprises the TOE has common hardware characteristics. These differing characteristics effect only non-TSF relevant functionality, such as throughput, processing speed, number and type of connections, and amount of internal storage.

In the evaluated configuration, the devices are placed in “Network Device Protection Profile (NDPP)” mode. “NDPP mode” is a configuration setting.

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the SonicWall SonicOS Enhanced V6.5.4 with VPN and IPS on TZ and SOHO Appliances is evaluated as described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.  Acumen Security determined that the evaluation is a Network Device Collaborative Protection Profile (NDcPP)/Stateful Traffic Filter Firewall Collaborative Protection Profile (FWcPP) Extended Package VPN Gateway v2.1 [VPNEP] and, Network Device Collaborative Protection Profile (NDcPP)/Stateful Traffic Filter Firewall Collaborative Protection Profile (FWcPP) Extended Package for Intrusion Prevention Systemsv2.11 [IPSEP].  The product, when delivered configured as identified in the SonicWall® SonicOS 6.5 Common Criteria Addendum, satisfies all the security functional requirements stated in the Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in April 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

The TOE is comprised of several security features. Each of the security features identified above consists of several security functionalities, as identified below.

  1. Security Audit
  2. Cryptographic Support
  3. Identification and Authentication
  4. Security Management
  5. Protection of the TSF
  6. TOE Access
  7. Trusted Path/Channels
  8. Intrusion Prevention
  9. Stateful Traffic Filtering
  10. Packet Filtering

Security Audit

The TOE generates audit records for administrative activity, security related configuration changes, cryptographic key changes and startup and shutdown of the audit functions. The audit events are associated with the administrator who performs them, if applicable. The audit records are transmitted over an IPsec VPN tunnel to an external audit server in the IT environment for storage.

Cryptographic Support

The TOE provides cryptographic functions (key generation, key establishment, key destruction, cryptographic operation) to secure remote administrative sessions over Hypertext Transfer Protocol Secure (HTTPS)/Transport Layer Security (TLS), and to support Internet Protocol Security (IPsec) to provide VPN functionality and to protect the connection to the audit server.

Identification and Authentication

The TOE provides a password-based logon mechanism. This mechanism enforces minimum strength requirements and ensures that passwords are obscured when entered. The TOE also validates and authenticates X.509 certificates for all certificate use.

Security Management

The TOE provides management capabilities via a Web-based GUI, accessed over HTTPS. Management functions allow the administrators to configure and update the system, manage users and configure the Virtual Private Network (VPN) and Intrusion Prevention System (IPS) functionality.

Protection of the TSF

The TOE prevents the reading of plaintext passwords and keys. The TOE provides a reliable timestamp for its own use. To protect the integrity of its security functions, the TOE implements a suite of self-tests at startup and shuts down if a critical failure occurs. The TOE verifies the software image when it is loaded. The TOE ensures that updates to the TOE software can be verified using a digital signature.

TOE Access

The TOE monitors local and remote administrative sessions for inactivity and either locks or terminates the session when a threshold time period is reached. An advisory notice is displayed at the start of each session.

Trusted Path/Channels

The TSF provides IPsec VPN tunnels for trusted communication between itself and an audit server. The TOE implements HTTPS for protection of communications between itself and the Management Console.

Intrusion Prevention

The TOE performs analysis of IP-based network traffic and detects violations of administratively-defined IPS policies. The TOE inspects each packet header and payload for anomalies and known signature-based attacks and determines whether to allow traffic to traverse the TOE.

Stateful Traffic Filtering

The TOE restricts the flow of network traffic between protected networks and other attached networks based on addresses and ports of the network nodes originating (source) and/or receiving (destination) applicable network traffic, as well as on established connection information.

Packet Filtering

The TOE performs packet filtering on network packets.

Vendor Information

SonicWall, Inc.
Larry Wagner
Site Map              Contact Us              Home