The TOE is comprised of the SonicWall SonicOS/X v7.0.1 software running on purpose built NSsp 15700 series hardware appliance platforms.
\r\nThe appliance firewall capabilities include stateful packet inspection. Stateful packet inspection maintains the state of network connections, such as Transmission Control Protocol (TCP) streams and User Datagram Protocol (UDP) communication, traveling across the firewall. The firewall distinguishes between legitimate packets and illegitimate packets for the given network deployment. Only packets adhering to the administrator-configured access rules are permitted to pass through the firewall; all others are rejected.
\r\nThe appliance capabilities include deep-packet inspection (DPI) used for intrusion prevention and detection. These services employ stream-based analysis wherein traffic traversing the product is parsed and interpreted so that its content might be matched against a set of signatures to determine the acceptability of the traffic. Only traffic adhering to the administrator-configured policies is permitted to pass through the TOE.
\r\nThe appliances support Virtual Private Network (VPN) functionality, which provides a secure connection between the device and the audit server. The appliances support authentication and protect data from disclosure or modification during transfer.
\r\nThe appliances are managed through a web based Graphical User Interface (GUI). All management activities may be performed through the web management GUI via a hierarchy of menu buttons. Administrators may configure policies and manage network traffic, users, and system logs. The appliances also have local console access where limited administrative functionality to configure the network, perform system updates, and view logs.
","evaluation_configuration":"This section provides an overview of the TOE architecture, including physical boundaries, security functions, and relevant TOE documentation and references.
The TOE supports secure connectivity with several other IT environment devices as described below.
Component | Required | Usage/Purpose Description |
Management Workstation | Yes | This includes any IT Environment Management workstation |
Audit Server | Yes | An audit server supporting the syslog protocol with an IPsec peer supporting IKEv2 and ESP in the cryptographic protocols defined in 5.2.2 of this document. |
Management Console | Yes | Any computer that provides a supported browser may be used to access the GUI |
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Sonicwall SonicOS/X v7.0.1 with VPN and IPS on NSsp 15700 was evaluated is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product, when delivered and configured as identified in the Common Criteria Administrator Guidance, satisfies all of the security functional requirements stated in the ST. The project underwent CCEVS Validator review. The evaluation was completed in April 2025. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
","environmental_strengths":"The TOE provides the security functions required by the Collaborative Protection Profile for Network Devices, hereafter referred to as NDcPP v2.2e or NDcPP, collaborative Protection Profile Module for Stateful Traffic Filter Firewall, hereafter referred to as MOD_CPP_FW v1.4e or MOD_CPP_FW, PP-Module for VPN Gateways Version 1.3 hereafter referred to as MOD_VPNGW v1.3 or MOD_VPNGW, PP-Module for Intrusion Protection Systems (IPS) Version 1.0, hereafter referred to as MOD_IPS v1.0 or MOD_IPS.
\r\nThe TOE generates audit records for administrative activity, security related configuration changes, cryptographic key changes and startup and shutdown of the audit functions. The audit events are associated with the administrator who performs them, if applicable. The audit records are transmitted over an IPsec VPN tunnel to an external audit server in the IT environment for storage.
\r\nThe TOE provides cryptographic functions (key generation, key establishment, key destruction, cryptographic operation) to secure remote administrative sessions over Hypertext Transfer Protocol Secure (HTTPS)/Transport Layer Security (TLS), and to support Internet Protocol Security (IPsec) to provide VPN functionality and to protect the connection to the audit server.
\r\nThe TOE ensures that data cannot be recovered once deallocated.
\r\nThe TOE provides a password-based logon mechanism. This mechanism enforces minimum strength requirements and ensures that passwords are obscured when entered. The TOE also validates and authenticates X.509 certificates for all certificate use.
\r\nThe TOE provides management capabilities via a Web-based GUI, accessed over HTTPS. Management functions allow the administrators to configure and update the system, manage users and configure the Virtual Private Network (VPN) and Intrusion Prevention System (IPS) functionality.
\r\nThe TOE prevents the reading of plaintext passwords and keys. The TOE provides a reliable timestamp for its own use. To protect the integrity of its security functions, the TOE implements a suite of self-tests at startup and shuts down if a critical failure occurs. The TOE verifies the software image when it is loaded. The TOE ensures that updates to the TOE software can be verified using a digital signature.
\r\nThe TOE monitors local and remote administrative sessions for inactivity and either locks or terminates the session when a threshold time period is reached. An advisory notice is displayed at the start of each session.
\r\nThe TSF provides IPsec VPN tunnels for trusted communication between itself and an audit server. The TOE implements HTTPS for protection of communications between itself and the Management Console.
\r\nThe TOE performs analysis of IP-based network traffic and detects violations of administratively defined IPS policies. The TOE inspects each packet header and payload for anomalies and known signature-based attacks and determines whether to allow traffic to traverse the TOE.
\r\nThe TOE restricts the flow of network traffic between protected networks and other attached networks based on addresses and ports of the network nodes originating (source) and/or receiving (destination) applicable network traffic, as well as on established connection information.
\r\nThe TOE performs packet filtering on network packets.
","features":[{"id":2695,"feature_name":"Asymmetric Key Generation"},{"id":2679,"feature_name":"Auditing"},{"id":2685,"feature_name":"Certificate Authentication"},{"id":2686,"feature_name":"Certificate Validation"},{"id":2702,"feature_name":"Cryptographic Hashing"},{"id":2696,"feature_name":"Cryptographic Key Establishment"},{"id":2701,"feature_name":"Cryptographic Signature Verification"},{"id":2694,"feature_name":"DRBG"},{"id":2678,"feature_name":"Firewall"},{"id":2714,"feature_name":"HTTPS Server without Mutual Authentication"},{"id":2720,"feature_name":"IKEv2"},{"id":2690,"feature_name":"Intrusion Prevention"},{"id":2684,"feature_name":"IPsec"},{"id":2680,"feature_name":"Key Destruction"},{"id":2704,"feature_name":"Keyed-hash message authentication"},{"id":2721,"feature_name":"TLS 1.2"},{"id":2710,"feature_name":"TLS Server without Mutual Authentication"},{"id":2683,"feature_name":"VPN Gateway"}]}