Module Name
Huawei USG 6000 Series Firewall
Historical Reason
186-2 transition
Caveat
When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy
Security Level Exceptions
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Huawei USG6000 Series Firewalls is designed for large- and medium sized enterprises and next-generation data centers. Provide fine-grained service access control and service acceleration through context awareness by Application, Content, Time, User, Attack, or location (ACTUAL). The USG6000 integrates application-layer protection functions, such as Intrusion Prevention System (IPS), anti-virus, and URL filtering with application identification technologies to improve the threat defense efficiency and accuracy.
Approved Algorithms
AES |
Certs. #4449 and #4451 |
CKG |
vendor affirmed |
CVL |
Certs. #1148, #1149, #1152 and #1153 |
DRBG |
Certs. #1440 and #1442 |
ECDSA |
Cert. #1084 |
HMAC |
Certs. #2952 and #2954 |
KTS |
AES Cert. #4451 and HMAC Cert. #2954; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
Triple-DES Cert. #2393 and HMAC Cert. #2954; key establishment methodology provides 112 bits of encryption strength |
RSA |
Certs. #2430 and #2432 |
SHS |
Certs. #3662 and #3664 |
Triple-DES |
Certs. #2391 and #2393 |
Allowed Algorithms
Diffie-Hellman (CVL Certs. #1148 and #1152, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1149 and #1153, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
USG6310S (P/N 50050064 Rev. G), USG6370 (P/N 0235G7LL Rev. P.4), USG6620 (P/N 02359519 Rev. G.3), USG6650 (P/N 0235G7G4 Rev. U.3) and USG6680 (P/N 0235G7G7 Rev. U.2); External Baffle: 99089JEB, Version A.2; Tamper Seal 4057-113016, Version A.3
Firmware Versions
V500R001C50