Module Name
FortiGate Next-Generation Firewalls with FortiOS 6.4/7.0
Caveat
When operated in FIPS mode with the tamper evident seals and entropy token installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role. No assurance of the minimum strength of generated keys
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
Embodiment
Multi-Chip Stand Alone
Description
The FortiGate Next-Generation Firewalls with FortiOS 6.4/7.0 are multiple chip, standalone cryptographic modules consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.
Approved Algorithms
AES |
Certs. #A2225, #A2229, #A2240, #A2242, #A2269 and #A2270 |
CVL |
Certs. #A2240, #A2242, #A2269 and #A2270 |
DRBG |
Certs. #A2225 and #A2229 |
ECDSA |
Certs. #A2240, #A2242, #A2269 and #A2270 |
ENT |
P |
HMAC |
Certs. #A2225, #A2229, #A2240, #A2242, #A2269 and #A2270 |
KAS |
KAS-SSC Certs. #A2269 and #A2270, CVL Certs. #A2269 and #A2270 |
KAS-SSC |
Certs. #A2269 and #A2270 |
KTS |
AES Certs. #A2269 and #A2270 and HMAC Certs. #A2269 and #A2270; key establishment methodology provides 128 or 256 bits of encryption strength |
KTS |
AES Certs. #A2269 and #A2270; key establishment methodology provides 128 or 256 bits of encryption strength |
RSA |
Certs. #A2240, #A2242, #A2269 and #A2270 |
SHS |
Certs. #A2225, #A2229, #A2240, #A2242, #A2269 and #A2270 |
Hardware Versions
FortiGate-40F (C1AJ53) [1] [2], FortiGateRugged-60F (C1AJ89) [1] [2], FortiGate-60F (C1AJ22) [1] [2], FortiGate-61F (C1AJ23) [1] [2], FortiWiFi-60F (C1AJ24) [1] [2], FortiWiFi-61F (C1AJ25) [1] [2], FortiGate-80F (C1AK17) [1] [2], FortiGate-81F (C1AK18) [1] [2], FortiGate-100F (C1AJ43) [1] [2], FortiGate-101F (C1AJ44) [1] [2], FortiGate-200F (C1AJ87) [1] [2], FortiGate-201F (C1AJ88) [1] [2], FortiGate-600E (C1AH98) [1] [2], FortiGate-601E (C1AH71) [1] [2], FortiGate-1100E (C1AJ67) [1] [2], FortiGate-1101E (C1AJ13) [1] [2], FortiGate-1800F (C1AJ82) [1], FortiGate-1801F (C1AJ83) [1], FortiGate-2600F (C1AK55) [1], FortiGate-2601F (C1AK56) [1], FortiGate-3300E (C1AJ42) [1] [2], FortiGate-3301E (C1AJ38) [1] [2], FortiGate-3400E (C1AH84) [1] [2], FortiGate-3401E (C1AH85) [1] [2], FortiGate-3600E (C1AH86) [1] [2], FortiGate-3601E (C1AH57) [1] [2], FortiGate-4200F (C1AH81) [1], FortiGate-4201F (C1AJ94) [1], FortiGate-4400F (C1AH79) [1], FortiGate-4401F (C1AJ45) [1], FortiGate-6300F (C1AG83) [1], FortiGate-6301F (C1AG85) [1], FortiGate-6500F (C1AG84) [1] and FortiGate-6501F (C1AG86) [1] with Tamper Evident Seal Kit: FIPS-SEAL-RED
Firmware Versions
FortiOS 6.4 (FIPS-CC-64-5) [1] and FortiOS 7.0 (FIPS-CC-70-6) [2]