NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: ep_vpn_gw_v2.1

Technology Type: Virtual Private Network

CC Version: 3.1

Date: 2017.03.08

Preceded By: pp_ndcpp_vpn_gw_ep_v2.0

Succeeded By: mod_vpngw_v1.0

Sunset Date: 2019.12.31

Conformance Claim: None

Protection Profile 

Control Mapping 

PP OVERVIEW

This Extended Package (EP) describes security requirements for a VPN Gateway. This is defined to be a device at the edge of a private network that terminates an IPsec tunnel, which provides device authentication, confidentiality, and integrity of information traversing a public or untrusted network. The EP is intended to provide a minimal, baseline set of requirements that are targeted at mitigating well defined and described threats to VPN Gateway technology. However, this EP is not complete in itself, but rather extends the collaborative Protection Profile for Network Devices (NDcPP) and the collaborative Protection Profile for Stateful Traffic Filter Firewalls (FWcPP).

Assigned to the following Validated Products

• Fortinet FortiGate 6000 Series w/ FortiOS 5.6
• Fortinet FortiGate/FortiOS 6.0.9

Archived Related Technical Decisions

• 0436 – IPsec protocol ESP algorithms
• 0356 – OE.CONNECTIONS added to VPN GW v2.1
• 0329 – IPSEC X.509 Authentication Requirements
• 0319 – Updates to FMT_SMF.1 in VPN Gateway EP
• 0317 – FMT_MOF.1/Services and FMT_MTD.1/CryptoKeys
• 0316 – Update to FPT_TST_EXT.2.1
• 0307 – Modification of FTP_ITC_EXT.1.1
• 0248 – FAU_GEN.1 Guidance Activity
• 0242 – FPF_RUL_EXT.1.7, Test 3 - Logging Dropped Packets
• 0209 – Additional DH Group added as selection for IKE Protocols
• 0179 – Management Capabilities in VPN GW EP 2.1