CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

The TOE is Juniper Networks, Inc. Junos OS 20.3R3 for NFX350 Network Services Platform.  The NFX350 is a network device that integrates routing, switching, and security functions on a single platform. 

The NFX350 supports the definition of, and enforces, information flow policies among network nodes, also providing for stateful inspection of every packet that traverses the network and central management to manage the network security policy. All information flow from one network node to another passes through an instance of the TOE. Information flow is controlled on the basis of network node addresses, protocol, type of access requested, and services requested. In support of the information flow security functions, the TOE ensures that security-relevant activity is audited, that their own functions are protected from potential attacks, and provides the security tools to manage all of the security functions. The TOE provides multi-site virtual private network (VPN) gateway functionality, and also implements Intrusion Prevention System functionality, capable of monitoring information flows to detect potential attacks based on pre-defined attack signature and anomaly characteristics in the traffic.

The deployment of the Junos OS 20.3R3 for NFX350 TOE includes a hypervisor, which runs a virtual machine (VM) on an NFX350 series hardware model:

·       NFX350-S1

·       NFX350-S2

·       NFX350-S3

The TOE includes a Linux Operating System (OS), Junos Control Plane (JCP), a Juniper Device Manager (JDM) and an Open vSwitch (OVS) bridge. NFX350 supports the installation of 3rd party VMs and containers, but installation of 3rd party VMs and containers is not allowed in the evaluated configuration. Figure 1 below shows the general architecture for the NFX350.

Figure 1 NFX350 Architecture

1.1.1         Linux OS

NFX350 is running on Wind River Linux 8 as its host OS. The host OS functions as a hypervisor and runs natively on an Intel Xeon D processor.

1.1.2         Junos Control Plane

Junos Control Plane (JCP) is the Junos VM running on the host OS. JCP is used to configure the network ports of the NFX350 device, and JCP runs by default as vjunos0 on NFX350. The JCP functions as the single point of management for all the components. The JCP supports:

·       Layer 2 to Layer 3 routing services

·       Layer 3 to Layer 4 security services

·       Layer 4 to Layer 7 advanced security services

In addition, the JCP enables virtualized network functions (VNF) lifecycle management. VNF is a virtualized implementation of a network device and its functions. In the NFX350 NextGen architecture, Linux functions as the hypervisor, and it creates and runs the VNFs. The VNFs include functions such as firewalls, routers, and WAN accelerators.

The JCP VM is the single administration point for the NFX350 platform. It is the front-end for all functionality provided by the NFX350 software. Logging in via console of SSH take the user to a CLI prompt on the JCP VM. This CLI is the single point of configuration for all NFX350 services.

1.1.2.1         L2 Data Plane

L2 data plane manages the Layer 2 traffic. The L2 data plane forwards the LAN traffic to the OVS bridge. The L2 data plane is mapped to the virtual FPC0 on the JCP.

1.1.2.2          L3 Data Plane

L3 data plane provides data path functions for the Layer 3 to Layer 7 services. The L3 data plane is mapped to the virtual FPC1 on the JCP.

1.1.3         Juniper Device Manager (JDM)

JDM is an application container that manages VNFs and provides infrastructure services. The JDM functions in the background. JDM is a low-footprint Linux container that provides these functions:

·       Virtual Machine (VM) lifecycle management

·       Device management and isolation of host OS from user installations

·       NIC, single-root I/O virtualization (SR-IOV), and virtual input/output (VirtIO) interface provisioning

·       Inventory and resource management

·       Internal network and image management

·       Service chaining—provides building blocks such as virtual interfaces and bridges for users to implement service chaining polices

·       Virtual console access to VNFs including vSRX and vjunos

1.1.4         Open vSwitch (OVS) Bridge

The OVS bridge is a VLAN-aware system bridge that acts as the network functions virtualization backplane to which the VNFs, FPC1, and FPC0 connect.

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Junos OS 20.3R3 NFX350 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the Common Criteria Configuration Guide for NFX350 Network Services Platform, satisfies all of the security functional requirements stated in the Security Target (ST) for Junos OS 20.3R3 NFX350. The project underwent CCEVS Validator review.  The evaluation was completed in June 2022.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

The logical boundary of the TOE includes the following security functionality:

                                      Table 1– TOE Logical Boundary Security Functionality

Vendor Information