Module Name
Juniper Networks SRX300, SRX340, and SRX345 Services Gateways
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Juniper Networks® SRX300 line of services gateways delivers a next-generation security and networking solution that supports the changing needs of cloud-enabled enterprise networks. By consolidating security, switching and routing in a single device, enterprises can protect against advanced security threats, overcome network complexity and improve application performance while reducing total cost of ownership. Customers can further enable secure SD-WAN capabilities that reduce band-width costs, simplify management and automate their WAN infrastructure.
Approved Algorithms
AES |
Certs. #4345, #4347, #4348 and #4362 |
CKG |
vendor affirmed |
CVL |
Certs. #1051 and #1071 |
DRBG |
Cert. #1398 |
ECDSA |
Certs. #1038, #1040 and #1041 |
HMAC |
Certs. #2885, #2887, #2888 and #2902 |
KTS |
AES Cert. #4345 and HMAC Cert. #2885; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
AES Cert. #4362 and HMAC Cert. #2902; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
Triple-DES Cert. #2349 and HMAC Cert. #2885; key establishment methodology provides 112 bits of encryption strength |
KTS |
Triple-DES Cert. #2358 and HMAC Cert. #2902; key establishment methodology provides 112 bits of encryption strength |
RSA |
Certs. #2358, #2360 and #2361 |
SHS |
Certs. #3582, #3584, #3585, #3586 and #3600 |
Triple-DES |
Certs. #2349, #2351, #2352 and #2358 |
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides
112 bits of encryption strength); EC Diffie-Hellman (key agreement; key
establishment methodology provides 128 or 192 bits of encryption
strength); NDRNG
Hardware Versions
SRX300, SRX340, and SRX345 with JNPR-FIPS-TAMPER-LBLS (P/N 520-052564)
Firmware Versions
JUNOS 15.1X49-D60