Compliant Product - Motorola Network Gateways GGM 8000, S6000, and S2500

Certificate Date: 30 June 2012

Validation Report Number: CCEVS-VR-10378-2012

Product Type: Miscellaneous

Conformance Claim: EAL2 Augmented with ALC_FLR.2

PP Identifiers: None

CC Testing Lab: InfoGard Laboratories, Inc.


The Motorola Network Device models S2500, S6000, and GGM 8000 provide a flexible routing solution for integrated data, voice and virtual private network (VPN) applications.

These solutions feature the Motorola Enterprise OS software suite with a choice of three hardware platforms: S2500/S6000/GGM 8000 series. Each series provides different throughput and scalability capabilities. The common OS software provides Enterprise networking features including: traffic shaping and Quality of Service (QoS), WAN/LAN connectivity, Voice & Multi-Service and Network Management support. A comprehensive set of security features provide network and data protected through:

  • Firewall Features: Pre-defined attack types, custom traffic filters.
  • Encryption support: The TOE is FIPS 140-2 validated to Level 1 (S2500, S6000) or Level 2 (GGM 8000).
  • Secure Tunneling/VPN support: IPsec, FRF.17, and IKE.
  • Protocol Authentication: Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), and Protocol Independent Multicast (PIM) protocols.

The Network Device features a comprehensive Administrative-user interface that allows for the setup, configuration, monitoring and management of the device using a Command Line Interface (CLI) over a local console interface or secured over an SSHv2 secured connection. The TOE also supports encrypted SNMPv3 for a limited set of management functions.

Cryptographic operations provided by the TOE are FIPS 140-2 validated.

The TOE model S2500 and GGM 8000 platforms are suitable for use as edge routers for analog and digital voice systems as well as remote radio frequency (RF) site routers in digital voice systems. Both the S2500 and GGM 8000 may include up to 2 V.24 modules that allow the processing of digital voice, Voice over IP (VoIP). When combined with the analog conventional pluggable module (E&M), the S2500 and GGM 8000 are also suitable as a Conventional Channel Gateway (CCGW) in a Motorola ASTRO® 25 trunked radio communication network. In this role, the TOE exchanges call control traffic via communication with peer devices with ASTRO® 25 controllers.

The E&M pluggable module cannot be used with the S6000 platform.

The S6000 series is suitable as a Wide Area Network (WAN) interface for radio communications network transport systems or as a Core/Edge Network Device.

The S6000 series can also be used to maintain connectivity among small, midsize, and large Local Area networks via a wide variety of WAN services and accommodates extensive virtual port tunneling capabilities with data compression and high speed processing.

When used in the network core, the S6000 supplies high speed, scalable performance for WAN concentration, virtual private network (VPN) tunnel termination, and efficient bandwidth utilization. The S6000 concentrates T1/E1 or T3/E3 internet traffic at the network core, enabling multiple secure tunnels to be maintained through the public network to many remote locations simultaneously.






Authentication Server (optional)[1]

Syslog Host

Syslog host for offloading of audit records

NTP Server

NTP Server

SSHv2 client

SSHv2 client to support Administrative tunnels to the TOE

SNMPv3 Host

Supports SNMPv3 to the net-snmp client on the TOE

Serial Console

Console to perform local administration of the TOE.


The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 3 and National and International Interpretations effective 27 August 2009. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 3. InfoGard Laboratories determined that the TOE provides the security assurance required by Evaluation Assurance Level 2 (EAL2) and ALC_FLR.2.

The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by InfoGard. The evaluation was completed in June of 2012.



Vendor Information

Motorola Solutions, Inc.
Christy Garippo