U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #3227


Module Name
FortiGate-1200D[1], FortiGate-1500D[2], FortiGate-2000E[3] and FortiGate-2500E[4]
FIPS 140-2
 Historical Reason
SP 800-56Arev3 transition
Overall Level
When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. No assurance of the minimum strength of generated keys
Security Level Exceptions
  • Cryptographic Module Ports and Interfaces: Level 3
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
Module Type
Multi-Chip Stand Alone
The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities.
Tested Configuration(s)
  • N/A
Approved Algorithms
AES Certs. #4602, #4604, #4607 and #4628
CKG vendor affirmed
CVL Certs. #1272, #1287, #1288 and #1329
DRBG Cert. #1543
ECDSA Certs. #1129, #1130 and #1137
HMAC Certs. #3050, #3052, #3053 and #3063
KTS AES Cert. #4628 and HMAC Cert. #3063; key establishment methodology provides 128 or 256 bits of encryption strength
RSA Certs. #2510, #2512 and #2526
SHS Certs. #3777, #3779, #3781 and #3792
Allowed Algorithms
Diffie-Hellman (CVL Certs. #1272 and #1287, key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1272 and #1287, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (CVL Certs. #1272 and #1287, key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
C1AC57 [1], C1AA64 [2], C1AF49 [3] and C1AF51 [4] with Tamper Evident Seal Kits: FIPS-SEAL-RED
Firmware Versions
FortiOS 5.4, b9791, 170802 [1,2], FortiOS 5.4, b3145, 170602 [3,4]


Fortinet, Inc.
1826 Robertson Road
Ottawa, ON K2H 5Z6

Alan Kaye
Phone: 613-225-9381 x87416
Fax: 613-225-2951

Validation History

Date Type Lab
7/12/2018 Initial CGI Information Systems & Management Consultants Inc