FIPS 140-2 Security Policy FortiGate-3016B/3600A/3810A-E4 CONSOLE MGMT1 1 3 5 7 9 11 13 15 ASM Esc Enter POWER STATUS USB AUX MGMT2 2 4 6 8 10 12 14 16 1 3 5 7 9 PWR Esc Enter STATUS 2 4 6 8 10 CONSOLE AUX USB ASM1 ADM1 ASM2 ADM2 USB 1 2 3 4 5 6 7 8 9 10 Esc Enter CONSOLE AUX STATUS POWER FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy Document Version: 3.4 Publication Date: February 19, 2009 Description: Documents FIPS 140-2 Security Policy issues, compliancy and requirements for FIPS compliant operation. Hardware Models: FortiGate-3016B (C4XA14) FortiGate-3600A (V3BU94) FortiGate-3810A-E4 (C3GV75) Firmware Version: FortiOS 3.00, build8785, 080605 www.fortinet.com FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy v3.4 February 19, 2009 01-00000-0416-20081008 This document may be copied without Fortinet Incorporated's explicit permission provided that it is copied in it's entirety without any modification. Trademarks Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat Management System, FortiGuard, FortiGuard-Antispam, FortiGuard- Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Regulatory compliance FCC Class A Part 15 CSA/CUS Caution: If you install a battery that is not the correct type, it could ! explode. Dispose of used batteries according to local regulations. Contents Contents References .................................................................................................... 3 Security Level Summary ................................................................................... 4 FIPS-CC Mode of Operation.............................................................................. 4 FortiGate Module Description .......................................................................... 4 Cryptographic Module Description ................................................................ 5 Cryptographic Module Ports and Interfaces .................................................. 6 Web-Based Manager .................................................................................. 11 Command Line Interface ............................................................................. 12 Control Panel and LCD ............................................................................... 12 Roles, Services and Authentication ............................................................ 13 Physical Security......................................................................................... 16 Operational Environment ............................................................................ 20 Cryptographic Key Management................................................................. 20 Alternating Bypass Feature ......................................................................... 23 Key Archiving .............................................................................................. 23 Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) ... 23 Mitigation of Other Attacks............................................................................. 24 IPS Signature Protection ............................................................................. 25 IPS Attack Protection .................................................................................. 25 Antivirus Protection ..................................................................................... 25 Antispam Protection .................................................................................... 25 Web Filtering ............................................................................................... 26 FortiGuard Services .................................................................................... 26 FIPS 140-2 Compliant Operation .................................................................... 26 Overview of FIPS 140-2 compliant operation.............................................. 27 Initial configuration of the FortiGate module ............................................... 28 Enabling FIPS-CC mode ............................................................................. 30 Self-Tests .................................................................................................... 31 Effects of FIPS-CC compliant mode ........................................................... 32 Remote access requirements ..................................................................... 33 Disabling FIPS-CC mode ............................................................................ 34 Error mode ....................................................................................................... 34 FIPS Error Mode ......................................................................................... 34 CC Error Mode ............................................................................................ 35 Non-FIPS Approved Services ......................................................................... 35 FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 1 Contents FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 2 01-00000-0416-20081008 References This document is a FIPS 140-2 Security Policy for Fortinet Incorporated's FortiGate-3016B, 3600A, and 3810A-E4 Multi-Threat Security Systems. This policy describes how the FortiGate-3016B, 3600A, and 3810A-E4 models (hereafter referred to as the `module' or `modules') meet the FIPS 140-2 security requirements and how to operate the modules in a FIPS compliant manner. This policy was created as part of the Level 2 FIPS 140-2 validation of the modules. This document contains the following sections: · Security Level Summary · FIPS-CC Mode of Operation · FortiGate Module Description · Mitigation of Other Attacks · FIPS 140-2 Compliant Operation · Error mode · Non-FIPS Approved Services The Federal Information Processing Standards Publication 140-2 - Security Requirements for Cryptographic Modules (FIPS 140-2) details the United States Federal Government requirements for cryptographic modules. Detailed information about the FIPS 140-2 standard and validation program is available on the NIST (National Institute of Standards and Technology) website at http://csrc.nist.gov/groups/STM/cmvp/index.html. References This policy deals specifically with operation and implementation of the FortiGate module in the technical terms of the FIPS 140-2 standard and the associated validation program. Other FortiGate product manuals, guides and technical notes can be found at the Fortinet technical documentation website at http://docs.forticare.com. Additional information on the entire FortiGate product line can be obtained from the following sources: · Find general product information in the product section of the Fortinet corporate website at http://www.fortinet.com/products. · Find on-line product support for registered products in the technical support section of the Fortinet corporate website at http://www.fortinet.com/support · Find contact information for technical or sales related questions in the contacts section of the Fortinet corporate website at http://www.fortinet.com/contact. · Find security information and bulletins in the FortiGuard Center of the Fortinet corporate website at http://www.fortinet.com/FortiGuardCenter. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 3 References Security Level Summary The Fortinet FortiGate-3016B, 3600A, and 3810A-E4 modules meets the overall requirements for a Level 2 FIPS 140-2 certification. . Table 1: Summary of FIPS Security Requirements and Compliance Levels Security Requirement Compliance Level Cryptographic Module Specification 2 Cryptographic Module Ports and Interfaces 3 Roles, Services and Authentication 3 Finite State Model 2 Physical Security 2 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 2 Self-Tests 2 Design Assurance 3 Mitigation of Other Attacks 2 FIPS-CC Mode of Operation To operate the FortiGate modules in a FIPS compliant manner, the modules must be configured to run in the FIPS-CC mode of operation. Enabling the FIPS-CC mode of operation sets default values, disables some features and performs additional configuration procedures. See "FIPS 140-2 Compliant Operation" on page 26 for complete details on configuring the modules in the FIPS-CC mode of operation. FortiGate Module Description The FortiGate family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. They detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time -- without degrading network performance. In addition to providing application level firewall protection, the FortiGate module deliver a full range of network-level services -- VPN, intrusion prevention, web filtering, antivirus, antispam and traffic shaping -- in dedicated, easily managed platforms. All FortiGate Multi-Layered Security Systems employ Fortinet's unique FortiASICTM content processing chip and the powerful, secure, FortiOSTM operating system to achieve breakthrough price/performance. The unique, ASIC- based architecture analyzes content and behavior in real time, enabling key applications to be deployed right at the network edge, where they are most effective at protecting enterprise networks. As the only systems in the world that are certified by ICSA for firewall, IPSec VPN, SSL VPN, antivirus, and intrusion FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 4 01-00000-0416-20081008 Cryptographic Module Description prevention functionality, the FortiGate modules deliver the highest level of security available. They provide a critical layer of real-time, network-based antivirus protection that complements host-based antivirus software and supports "defense-in-depth" strategies without compromising performance or cost. They can be easily configured to provide antivirus protection, antispam protection and content filtering in conjunction with existing firewall, VPN, and related devices, or as complete network protection systems. FortiGate modules support the IPSec industry standard for VPN, allowing VPNs to be configured between a FortiGate module and any client or gateway/firewall that supports IPSec VPN. FortiGate modules also provide SSL VPN services. This section contains the following information: · Cryptographic Module Description · Cryptographic Module Ports and Interfaces · Roles, Services and Authentication · Physical Security · Operational Environment · Cryptographic Key Management · Alternating Bypass Feature · Key Archiving · Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) Cryptographic Module Description The FortiGate-3016B, 3600A, and 3810A-E4 are multiple chip, standalone cryptographic modules consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements. The modules support one or more optional Advanced Mezzanine Card (AMC) components. The AMC components can provide hard disk support or additional input/output interfaces. However, use of the AMC components is not part of the validated module boundary. Blank faceplates are used to cover the AMC slot(s). The modules are Internet devices that provide integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping capabilities. This FIPS 140-2 Security Policy specifically covers the firewall, IPSec and SSL- VPN capabilities of the modules. The antivirus, antispam, intrusion prevention, content filtering and traffic shaping capabilities of the module can be used without compromising the FIPS-CC mode of operation. The modules have a similar appearance and perform the same functions, but have different numbers and types of network interfaces in order to support different network configurations: · The FortiGate-3016B has 18 network interfaces with a status LED for each network interface (2 10/100/1000 Base-T, 16 1000 Base-SX) · The FortiGate-3600A chassis has 10 network interfaces with a status LED for each network interface (8 10/100/1000 Base-T, 2 1000 Base-SX) · The FortiGate-3810A-E4 has 18 network interfaces with a status LED for each network interface (8 10/100/1000 Base-T, 2 1000 Base-SX) All of the modules have two, dual core, x86 compatible CPUs. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 5 Cryptographic Module Ports and Interfaces All of the modules are 2u rackmount devices. All of the modules have multiple external fans for ventilation and cooling: · The FortiGate-3016B has 6 external ventilation fans on the back panel of the chassis. · The FortiGate-3810A-E4 has 8 external ventilation fans on the back panel of the chassis. · The FortiGate-3600A has 9 external ventilation fans on the back panel of the chassis and 3 external ventilation fans on the front panel of the chassis. All of the modules have at least 1 slot for an AMC component: · The FortiGate-3016B and 3600A modules have 1 slot for a single width, full size, AMC component. · The FortiGate-3810A-E4 has 4 slots for 2 single width, full size, AMC components and 2 double width, full size, AMC components. Cryptographic Module Ports and Interfaces FortiGate-3016B Chassis Module Figure 1: FortiGate-3016B Front and Rear Panels Front CONSOLE MGMT1 1 3 5 7 9 11 13 15 ASM Esc Enter POWER STATUS USB AUX MGMT2 2 4 6 8 10 12 14 16 USB LCD Display Console and Control Buttons Modem Connections Fiber Ports Copper Management Ports Back Power Connections FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 6 01-00000-0416-20081008 Cryptographic Module Ports and Interfaces Table 2: FortiGate-3016B Status LEDs LED State Description Power Green The Fortinet module is powered on. Off The Fortinet module is powered off. Status Green The FortiGate module is running normally. Off The FortiGate module is powered off. MGMT 1 and Green The correct cable is in use, and the connected MGMT 2 equipment has power. (Right LED) Flashing green Network activity at this interface. Off No link established. MGMT 1 and Green Connection in 1000MB MGMT 2 Amber Connection at 100MB (Left LED) Off Connection at 10MB Ports 1 to 16 Green The correct cable is in use, and the connected equipment has power. Flashing Green Network activity at this interface. Table 3: FortiGate-3016B Front Panel Connectors and Ports Connector Type Speed Supported Logical Description Interfaces MGMT 1 and RJ-45 10/100/1000 Data input, data Copper gigabit MGMT 2 Base-T output, control input connection to and status output 10/100/1000 copper networks. Ports 1 to 16 LC SFP 1000Base-SX Data input, data Multimode fiber optic output, control input connections to gigabit and status output optical networks. CONSOLE RJ-45 9600 bps Control input, status Optional connection to output the management computer. Provides access to the command line interface (CLI). USB USB N/A Key loading and Optional connection archiving, for FortiUSB token. configuration backup and restore Modem (AUX) N/A N/A N/A Future use. Table 4: FortiGate-3016B Rear Panel Connectors and Ports Connector Type Speed Supported Logical Description Interfaces POWER N/A N/A Power 120/240VAC power connection. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 7 Cryptographic Module Ports and Interfaces FortiGate-3600A Chassis Module Figure 2: FortiGate-3600A Front and Rear Panels Front 1 3 5 7 9 PWR Esc Enter STATUS 2 4 6 8 10 CONSOLE AUX USB 9/10 USB LCD Fiber Ports Display 1-8 Copper Ports Control Console and Buttons Modem Connections Back Power Connections Table 5: FortiGate-3600A Status LEDs LED State Description Power Green The FortiGate module is powered on. Off The FortiGate module is powered off. Status Green The FortiGate module is running normally. Off The FortiGate module is powered off. Ports 1 to 8 Green The correct cable is in use, and the connected (Right LED) equipment has power. Flashing green Network activity at this interface. Off No link established. Ports 1 to 8 Green Connection in 1000MB (Left LED) Amber Connection at 100MB Off Connection at 10MB Ports 9 and 10 Green The correct cable is in use, and the connected equipment has power. Flashing Green Network activity at this interface. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 8 01-00000-0416-20081008 Cryptographic Module Ports and Interfaces Table 6: FortiGate-3600A Front Panel Connectors and Ports Connector Type Speed Supported Logical Description Interfaces Ports 1 to 8 RJ-45 10/100/1000 Data input, data Copper gigabit Base-T output, control input connection to and status output 10/100/1000 copper networks. Ports 9 and 10 LC SFP 1000Base-SX Data input, data Multimode fiber optic output, control input connections to gigabit and status output optical networks. CONSOLE RJ-45 9600 bps Control input, status Optional connection to output the management computer. Provides access to the command line interface (CLI). USB USB N/A Key loading and Optional connection archiving, for FortiUSB token. configuration backup and restore Modem (AUX) N/A N/A N/A Future use. Table 7: FortiGate-3600A Rear Panel Connectors and Ports Connector Type Speed Supported Logical Description Interfaces POWER N/A N/A Power 120/240VAC power connection. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 9 Cryptographic Module Ports and Interfaces FortiGate-3810A-E4 Chassis Module Figure 3: FortiGate-3810A-E4 Front and Rear Panels Front ASM1 ADM1 ASM2 ADM2 USB 1 2 3 4 5 6 7 8 9 10 Esc Enter CONSOLE AUX STATUS POWER USB LCD Console and 10/100/1000 Gigabit Ports Display Control Modem Ports Connections Buttons Back Power Connections Table 8: FortiGate-3810A-E4 Status LEDs LED State Description Power Green The Fortinet module is powered on. Off The Fortinet module is powered off. Status Green The FortiGate module is running normally. Off The FortiGate module is powered off. Ports 1 to 8 Green The correct cable is in use, and the connected (Right LED) equipment has power. Flashing green Network activity at this interface. Off No link established. Ports 1 to 8 Green Connection in 1000MB (Left LED) Amber Connection at 100MB Off Connection at 10MB Ports 9 and 10 Green The correct cable is in use, and the connected equipment has power. Flashing Green Network activity at this interface. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 10 01-00000-0416-20081008 Web-Based Manager Table 9: FortiGate-3810A-E4 Front Panel Connectors and Ports Connector Type Speed Supported Logical Description Interfaces Ports 1 to 8 RJ-45 10/100/01000 Data input, data Copper gigabit Base-T output, control input connection to and status output 10/100/1000 copper networks. Ports 9 and 10 LC SFP 1000Base-SX Data input, data Multimode fiber optic output, control input connections to gigabit and status output optical networks. CONSOLE RJ-45 9600 bps Control input, status Optional connection to output the management computer. Provides access to the command line interface (CLI). USB USB N/A Key loading and Optional connection archiving, for FortiUSB token. configuration backup and restore Modem (AUX) N/A N/A N/A Future use. Table 10: FortiGate-3810A-E4 Rear Panel Connectors and Ports Connector Type Speed Supported Logical Description Interfaces POWER N/A N/A Power 120/240VAC power connection. Web-Based Manager The FortiGate web-based manager provides GUI based access to the modules and is the primary tool for configuring the modules. The manager requires a web browser on the management computer and an Ethernet connection between the FortiGate modules and the management computer. A web-browser that supports Transport Layer Security (TLS) 1.0 is required for remote access to the web-based manager when the modules are operating in FIPS-CC mode. HTTP access to the web-based manager is not allowed in FIPS- CC mode and is disabled. The web browser is not part of the validated module boundary. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 11 Command Line Interface Figure 4: The FortiGate web-based manager Command Line Interface The FortiGate Command Line Interface (CLI) is a full-featured, text based management tool for the FortiGate modules. The CLI provides access to all of the possible services and configuration options in the modules. The CLI uses a console connection or a network (Ethernet) connection between the FortiGate module and the management computer. The console connection is a direct serial connection. Terminal emulation software is required on the management computer using either method. For network access, a Telnet or SSH client that supports the SSH v2.0 protocol is required (SSH v1.0 is not supported in FIPS-CC mode). The Telnet or SSH client is not part of the validated module boundaries. Control Panel and LCD The front panel of the modules provide a control panel and an LCD. The control panel has 4 buttons. The buttons and LCD can be used to configure basic parameters such as the network interface addresses, and the default gateway address. To access advanced services and configurations the operator must use the web-based manager or the CLI. Use of the control panel is disabled in the FIPS-CC mode of operation. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 12 01-00000-0416-20081008 Roles, Services and Authentication Roles, Services and Authentication Roles When configured in FIPS-CC mode, the modules provide three roles for Crypto Officers (hereafter referred to as operators): Security Administrator, Crypto Administrator and Audit Administrator. These roles, or combinations of these roles, are assumed by an operator after authenticating to the modules remotely or through the console connection using a username/password combination. An operator assuming the Security Administrator role has read/write access to all of the administrative functions and services of the modules, including resetting or shutting down the modules. An operator with the Security Administrator role can also create accounts for additional operators and assign roles to those operators. However, the Security Administrator role has read only access to crypto and audit related functions and services. An operator assuming the Crypto Administrator role has read/write access to crypto related functions and services and read only access to all other functions and services. An operator assuming the Audit Administrator role has read/write access to audit related functions and services and read only access to all other functions and services. Operators can be assigned more than one role. An operator that assumes all three administrative roles has complete administrative access to the module. Multiple operator accounts can be created. Operator accounts are differentiated by the username during authentication. More than one operator can be connected to the module at any given time, however each operator session is authenticated separately. The modules provide a Network User role for end-users (Users). Network users can make use of the encrypt/decrypt services, but cannot access the modules for administrative purposes. Refer to the next section on Services for detailed information on what functions and services each role has access to. The modules do not provide a Maintenance role. FIPS Approved Services The following tables detail the types of FIPS approved services available to each role, the types of access for each role and the Keys or CSPs they affect. The role names are abbreviated as follows: Security Administrator SA Crypto Administrator CA Audit Administrator AA Network User NU The access types are abbreviated as follows: Read Access R Write Access W Execute Access E FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 13 Roles, Services and Authentication Table 11: FIPS approved services available by role via the CLI (console or SSH) Service SA CA AA Key/CSP authenticate to module E E E Operator Username, Operator Password show system status R N/A N/A N/A show FIPS-CC mode R N/A N/A N/A enabled/disabled enable FIPS-CC mode of WE N/A N/A FIPS-CC Mode Key operation (console only) set/reset operator passwords WE N/A N/A Operator Password execute factory reset (zeroize E N/A N/A All keys stored in Flash RAM keys, disable FIPS-CC mode) execute FIPS-CC on-demand E E E N/A self-tests (console only) add/delete operators RWE N/A N/A Operator Username, Operator Password set/reset own password WE N/A N/A Operator Password execute firmware download E N/A N/A N/A execute system reboot E N/A N/A N/A execute system shutdown E N/A N/A N/A backup configuration file WE N/A N/A All keys stored in Flash RAM restore system configuration RWE N/A N/A All keys stored in Flash RAM execute system diagnostics E E E N/A change system time WE N/A N/A N/A read/set/delete/modify RWE N/A N/A N/A system/network configuration read/set/delete/modify firewall RWE N/A N/A N/A policies. enable/disable alternating bypass mode read/set/delete/modify AV RWE N/A N/A N/A configuration read/set/delete/modify AS RWE N/A N/A N/A configuration read/set/delete/modify Web Filter RWE N/A N/A N/A configuration read/set/delete/modify IM/P2P RWE N/A N/A N/A configuration read/set/delete/modify VPN N/A RWE N/A IPSec Manual Authentication configuration Key, IPSec Manual Encryption Key, IKE Pre- Shared Key, IKE RSA Key read/set/delete/modify IPS RWE N/A N/A N/A configuration read/set/delete/modify logging RWE N/A N/A N/A configuration read log data R R R N/A delete log data N/A N/A WE N/A FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 14 01-00000-0416-20081008 Roles, Services and Authentication Table 12: FIPS approved services available by role via the web-manager Service SA CA AA Key/CSP authenticate to module E E E Operator Username, Operator Password show system status R N/A N/A N/A set/reset operator passwords WE N/A N/A Operator Password execute factory reset (zeroize E N/A N/A All keys stored in Flash RAM keys, disable FIPS-CC mode) add/delete operators RWE N/A N/A Operator Username, Operator Password set/reset own password WE N/A N/A Operator Password execute firmware download E N/A N/A N/A execute system reboot E N/A N/A N/A execute system shutdown E N/A N/A N/A backup configuration file WE N/A N/A All keys stored in Flash RAM restore system configuration RWE N/A N/A All keys stored in Flash RAM change system time WE N/A N/A N/A read/set/delete/modify RWE N/A N/A N/A system/network configuration read/set/delete/modify firewall RWE N/A N/A N/A policies. enable/disable alternating bypass mode read/set/delete/modify AV RWE N/A N/A N/A configuration read/set/delete/modify AS RWE N/A N/A N/A configuration read/set/delete/modify Web Filter RWE N/A N/A N/A configuration read/set/delete/modify IM/P2P RWE N/A N/A N/A configuration read/set/delete/modify VPN N/A RWE N/A IPSec Manual Authentication configuration Key, IPSec Manual Encryption Key, IKE Pre- Shared Key, IKE RSA Key read/set/delete/modify IPS RWE N/A N/A N/A configuration read/set/delete/modify logging RWE N/A N/A N/A configuration read log data R R R N/A manual AV/IPS signature E N/A N/A N/A download/update Table 13: VPN Cryptographic Services available to Network Users Service NU Key/CSP authenticate to module WE Network User Username, Network User Password encrypt/decrypt controlled by firewall E N/A policies FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 15 Physical Security Authentication Operators must authenticate with a user-id and password combination to access the modules remotely or locally via the console. Remote operator authentication is done over HTTPS or SSH. By default, Network User access to the modules is based on firewall policy and authentication by IP address or fully qualified domain names. Network Users can optionally be forced to authenticate to the modules using a username/password combination to enable use of the IPSec VPN encrypt/decrypt or bypass services. For Network Users invoking the SSL-VPN encrypt/decrypt services, the modules support authentication with a user-id/password combination. Network User authentication is done over HTTPS and does not allow access to the modules for administrative purposes. Note that for operator authentication using the Web-based manager and Network User authentication over HTTPS are subject to a limit of 3 failed authentication attempts in 1 minute. Operator authentication using the console is not subject to a failed authentication limit, but the number of authentication attempts per minute is limited by the bandwidth available over the serial connection. The minimum password length is 8 characters when in FIPS-CC mode. Using a strong password policy, where operator and network user passwords are at least 8 characters in length and use a mix of alphanumeric (printable) characters from the ASCII character set, the odds of guessing a password are 1 in 948. For Network Users invoking the IPSec encrypt/decrypt services, the module acts on behalf of the Network User and negotiates a VPN connection with a remote module. The strength of authentication for IPSec services is based on the authentication method defined in the specific firewall policy: IPSec manual authentication key, IKE pre-shared key or IKE RSA key (RSA certificate). The odds of guessing the authentication key for each IPSec method is: · 1 in 1640 for the IPSec Manual Authentication key (based on a 40 digit, hexadecimal key) · 1 in 948 for the IKE Preshared Key (based on an 8 character, ASCII printable key) · 1 in 21024 for the IKE RSA Key (based on a 1024bit RSA key size) Therefore the minimum odds of guessing the authentication key for IPSec is 1 in 948, based on the IKE Preshared key. Physical Security The modules meet FIPS 140-2 Security Level 2 requirements by using production grade components and an opaque, sealed enclosure. Access to the enclosure is restricted through the use of tamper-evident seals to secure the overall enclosure. The seals are blue wax/plastic with white lettering that reads "Fortinet Inc. Security Seal". The tamper seals are not applied at the factory prior to shipping. The required number of seals to secure each module are included in the product packaging. It is the responsibility of the customer to apply the seals before use to ensure full FIPS compliance. Once the seals have been applied, the customer must develop an inspection schedule to verify that the external enclosure of the module and the tamper seals have not been damaged or tampered with in any way. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 16 01-00000-0416-20081008 Physical Security The FortiGate-3016B uses 6 seals to secure: · the external enclosure (one seal, see Figure 5) · the removable power supplies (two seals, see Figure 6) · the blank faceplate covering the AMC slot (one seal, see Figure 7) · the removable fan units (two seals, see Figure 10) The FortiGate-3600A uses four seals to secure: · the external enclosure (one seal, see Figure 5) · the removable power supplies (two seals, see Figure 6) · the blank faceplate covering the AMC slot (one seal, see Figure 8) The FortiGate-3810A-E4 uses 6 seals to secure: · the external enclosure (one seal, see Figure 5) · the removable power supplies (two seals, see Figure 6) · the blank faceplates covering the AMC slots (three seals, see Figure 9) Figure 5: FortiGate-3016B, 3600A and 3810A-E4 external enclosure seal FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 17 Physical Security Figure 6: FortiGate-3016B, 3600A and 3810A-E4 power supply seals Figure 7: FortiGate-3016B AMC faceplate seal FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 18 01-00000-0416-20081008 Physical Security Figure 8: FortiGate-3600A AMC faceplate seal Figure 9: FortiGate-3810A-E4 AMC faceplate seals FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 19 Operational Environment Figure 10: FortiGate-3016B fan unit seals Operational Environment This section is not applicable to the modules. The modules utilize a firmware based, proprietary and non-modifiable operating system that does not provide a programming environment. Cryptographic Key Management Random Number Generation The modules use a firmware based, deterministic random number generator that conforms to ANSI X9.31 Appendix A.2.4. Key Zeroization All keys and CSPs except the ANSI X9.31 RNG AES Key are zeroized when the operator executes a factory reset via the web-manager, CLI or console and when enabling or disabling the FIPS-CC mode of operation via the console. The ANSI X9.31 RNG AES Key is zeroized by executing a factory reset followed by a firmware update. See Table 16 on page 21 for a complete list of keys and CSPs. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 20 01-00000-0416-20081008 Cryptographic Key Management Algorithms Table 14: FIPS Approved or Allowed Algorithms Algorithm NIST Certificate Number RNG (ANSI X9.31 Appendix A) 345 Triple-DES 582, 583, 584 AES 612, 613, 614 SHA-1 660, 661, 662 HMAC SHA-1 315, 316, 317 Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non- compliant less than 80-bits of encryption strength) RSA ANSI X9.31 (key generation, signature 284, 285 generation/verification) RSA PKCS1 (digital signature creation and 284, 285 verification, key wrapping; key establishment method provides 112 bits of encryption strength - only 2048 bit certificates are supported) Table 15: Non-FIPS Approved Algorithms Algorithm DES (disabled in FIPS-CC mode) MD5 (disabled in FIPS-CC mode except for use in the TLS protocol) HMAC MD5 (disabled in FIPS-CC mode) Cryptographic Keys and Critical Security Parameters The following table lists all of the cryptographic keys and critical security parameters used by the modules. The following definitions apply to the table: Key or CSP The key or CSP description. Storage Where and how the key is stored Usage How the key or CSP is used Table 16: FIPS Approved Cryptographic Keys and Critical Security Parameters Key or CSP Storage Usage Diffie-Hellman Keys SDRAM Key agreement and key establishment Plaintext IPSEC Manual Authentication Flash RAM Used as IPSec Session Authentication Key AES encrypted Key IPSec Manual Encryption Key Flash RAM Used as IPSec Session Encryption Key AES encrypted IPSec Session Authentication SDRAM IPSec peer-to-peer authentication using Key Plain-text HMAC SHA-1 IPSEC Session Encryption SDRAM VPN traffic encryption/decryption using Key Plain-text Triple-DES or AES FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 21 Cryptographic Key Management Table 16: FIPS Approved Cryptographic Keys and Critical Security Parameters Key or CSP Storage Usage IKE Pre-Shared Key Flash RAM Used to derive IKE protocol keys AES encrypted IKE Authentication Key SDRAM IKE peer-to-peer authentication using Plain-text HMAC SHA-1 (SKEYID_A) IKE Key Generation Key SDRAM IPSEC SA keying material (SKEYID_D) Plain-text IKE Session Encryption Key SDRAM Encryption of IKE peer-to-peer key Plain-text negotiation using Triple-DES or AES (SKEYID_E) IKE RSA Key Flash Ram X.509 certificate used to derive IKE Plain text protocol keys RNG Seed (ANSI X9.31 SDRAM Seed used for initializing the RNG Appendix A.2.4) Plain-text RNG AES Key (ANSI X9.31 SDRAM AES Seed key used with the RNG Appendix A.2.4) Plain-text Firmware Download Public Flash RAM Verification of firmware integrity for Key Plain-text download of new firmware versions using RSA public key TLS/SSH/SSL-VPN Flash RAM Remote Web manager and CLI Server/Host Key Plain-text authentication using HMAC SHA-1. Also used for encrypting TLS session key using RSA method. HTTPS Session Key SDRAM Remote Web manager session Plain-text encryption and authentication using AES or Triple-DES SSH Session Key SDRAM Remote CLI session encryption and Plain-text authentication using AES or Triple-DES SSL-VPN Session Key SDRAM SSL-VPN session encryption and Plain-text authentication using AES or Triple-DES Operator Username Flash RAM Used during operator authentication to Plain-text identify and assign roles to operators Operator Password Flash RAM Used to authenticate operator access to SHA-1 hash the module FIPS-CC Mode Key Flash RAM HMAC SHA-1 key used for Plain-text configuration, firmware and VPN integrity (bypass) test Configuration Encryption Key Flash RAM AES key used to encrypt CSPs on the Plain-text flash RAM and in the backup configuration file (except for operator passwords in the backup configuration file) Configuration Backup Key Flash RAM HMAC SHA-1 key used to encrypt Plain-text operator passwords in the backup configuration file Network User Name Flash RAM Used during network user Plaintext authentication Network User Password Flash RAM Used during network user SHA-1 hash authentication FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 22 01-00000-0416-20081008 Alternating Bypass Feature Alternating Bypass Feature The primary cryptographic function of the FortiGate modules is as a firewall and VPN device. Encrypt/decrypt operations are performed on outgoing/incoming traffic based on firewall policies. Firewall policies with an action of IPSec or SSL- VPN mean that the firewall is functioning as a VPN start/end point for the specified source/destination addresses and will encrypt/decrypt traffic accordingly. Firewall policies with an action of allow mean that the firewall is accepting/sending plaintext data for the specified source/destination addresses. The FortiGate implements an alternating bypass feature that is based on the firewall policies. A firewall policy with an action of accept means that the modules are operating in a bypass state for that policy. A firewall policy with an action of IPSec or SSL-VPN means that the modules are operating in a non-bypass state for that policy. Two independent actions must be taken by an SA to create bypass firewall policies: the SA must create the bypass policy and then specifically enable that policy. Key Archiving The modules support key archiving to a management computer or USB token as part of a module configuration file backup. Operator entered keys are archived as part of the module configuration file. The configuration file is stored in plain text, but keys in the configuration file are either AES encrypted with the configuration encryption key or stored as a SHA-1 hash. Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) The modules comply with EMI/EMC requirements for Class A (business use) devices as specified by Part 15, Subpart B, of the FCC rules. The following table lists the specific lab and FCC report information for the modules. Table 17: FCC Report Information Module Lab Information FCC Report Number FG-3016B Bay Area Compliance Laboratories R0711056-5 Corp 1274 Anvilwood Avenue Sunnyvale, CA 94089 408-732-9162 408-732-9164 FG-3600A Compliance Certification Services 06U10707-1 Inc. 47173 Benicia Street Fremont, CA 94538 510-771-1000 510-661-0888 FG-3810A-E4 Bay Area Compliance Laboratories R0711057-5 Corp 1274 Anvilwood Avenue Sunnyvale, CA 94089 408-732-9162 408-732-9164 FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 23 IPS Signature Protection Mitigation of Other Attacks The FortiGate modules include a real-time Intrusion Prevention System (IPS) as well as antivirus protection, antispam and content filtering. Use of these capabilities is optional. The FortiGate IPS has two components: a signature based component for detecting attacks passing through the FortiGate modules and a local attack detection component that protects the firewall from direct attacks. Functionally, signatures are similar to virus definitions, with each signature designed to detect a particular type of attack. The IPS signatures are updated through the FortiGuard IPS service. The IPS engine can also be updated through the FortiGuard IPS service. FortiGate antivirus protection removes and optionally quarantines files infected by viruses from web (HTTP), file transfer (FTP), and email (POP3, IMAP, and SMTP) content as it passes through the FortiGate modules. FortiGate antivirus protection also controls the blocking of oversized files and supports blocking by file extension. Virus signatures are updated through the FortiGuard antivirus service. The antivirus engine can also be updated through the FortiGuard antivirus service. FortiGate antispam protection tags (SMTP, IMAP, POP3) or discards (SMTP only) email messages determined to be spam. Multiple spam detection methods are supported including the FortiGuard managed antispam service. FortiGate web filtering can be configured to provide web (HTTP) content filtering. FortiGate web filtering uses methods such as banned words, address block/exempt lists, and the FortiGuard managed content service. Whenever a IPS, antivirus, antispam or filtering event occurs, the modules can record the event in the log and/or send an alert email to an operator. The rest of this section provides additional information on the IPS, antivirus, antispam and web and email filtering capabilities of the FortiGate module and the FortiGuard Service. For complete information refer to the FortiGate Installation Guide for the specific module in question, the FortiGate Administration Guide, and the FortiGate IPS Guide. This section contains the following information: · IPS Signature Protection · IPS Attack Protection · Antivirus Protection · Antispam Protection · Web Filtering · FortiGuard Services IPS Signature Protection The FortiGate IPS can detect a wide variety of suspicious network traffic and network-based attacks aimed at systems behind the FortiGate modules. Attack signatures are the core of the FortiGate IPS signature protection component. Signatures are transmission patterns and other codes that indicate that a system might be under attack. Functionally, signatures are similar to virus signatures, with each signature designed to detect a particular type of attack. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 24 01-00000-0416-20081008 IPS Attack Protection The FortiGate modules can be configured to automatically check for and download updated IPS packages from the FortiGuard servers, or they can be downloaded manually by the operator. Verification of the IPS download package is done using RSA. The IPS package is signed with the FortiGuard server's private key and verified by the FortiGuard module using the FortiGuard server's public key. User defined attack signatures are also supported. IPS Attack Protection The FortiGate IPS can also protect the modules themselves from direct attacks, such as TCP, ICMP, UDP, and IP attacks. Access is denied or packets are dropped when an attack is detected. Attack parameters can be modified by the operator to ensure that normal network traffic is not considered an attack. Antivirus Protection FortiGate antivirus protection scans for infected files in the protocols for which antivirus protection as been enabled. Supported protocols include HTTP, FTP, SMTP, POP3, IMAP, and IM. If a file is found to contain a virus it is removed from the content stream and replaced with a replacement message. FortiGate antivirus protection can also be configured to quarantine infected files. The quarantined files are stored on the module's hard disk. An operator can delete quarantined files from the hard disk or download them. Downloaded quarantine files can be submitted to Fortinet as virus samples for analysis. FortiGate antivirus protection is transparent to the end user. The FortiGate modules can be configured to automatically check for and download updated AV packages from the FortiGuard servers, or they can be downloaded manually by the operator. Verification of the AV download package is done using RSA. The AV package is signed with the FortiGuard server's private key and verified by the FortiGuard module using the FortiGuard server's public key. FortiGate antivirus protection also detects and removes grayware such as adware, spyware, etc. Antispam Protection FortiGuard antispam protection can detect spam in SMTP, POP3 or IMAP traffic. Spam email is tagged or discarded. Spam detection methods include banned words, black/white lists, return email DNS check and the FortiGuard antispam service. The FortiGuard Antispam Service provides IP checking, URI address checking and email checksum analysis. To prevent unintentional tagging of email from legitimate senders, an operator can add sender address patterns to an exempt list that overrides the email block and banned word lists. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 25 Web Filtering Web Filtering FortiGate web filtering can be configured to scan HTTP protocol streams for banned URLs or web page content. Web filtering methods include banned words, URLs and the FortiGuard web filtering service. The FortiGuard web filtering service is a managed service that uses a database of URLs to block access to banned web sites and URLs based on content categories. If a match is found between a URL in the URL block list, the FortiGuard web filtering service, or if a web page is found to contain a word or phrase in the content block list, the FortiGate module blocks the web page. The blocked web page is replaced with a message that an operator can edit using the web-based manager. An operator can configure URL blocking to block all or just some of the pages on a specific web site. This feature can be used to deny access to parts of a web site without denying access to it completely. To prevent unintentional blocking of legitimate web pages, an operator can add URLs to an Exempt List that overrides the URL blocking and content blocking. Web content filtering also includes a script filter feature that can be configured to block insecure web content such as Java Applets, Cookies, and ActiveX. FortiGuard Services The FortiGuard services are a family of managed services available to Fortinet customers. The FortiGuard services include: · IPS signature and engine updates · AV signature and engine updates · A managed antispam service · A managed web filtering service · Firmware updates Customers can purchase FortiGuard services for their FortiGate modules on a yearly basis. Use of the FortiGuard services is optional, but recommended. Communication between the FortiGate module and the FortiGuard servers is protected using TLS. FIPS 140-2 Compliant Operation To operate a FortiGate module in a FIPS compliant manner, organizations must follow the procedures explained in this section of the Security Policy. This section contains the following information: · Overview of FIPS 140-2 compliant operation · Initial configuration of the FortiGate module · Enabling FIPS-CC mode · Self-Tests · Effects of FIPS-CC compliant mode · Remote access requirements · Disabling FIPS-CC mode FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 26 01-00000-0416-20081008 Overview of FIPS 140-2 compliant operation Overview of FIPS 140-2 compliant operation FIPS 140-2 compliant operation requires both that you use the FortiGate Multi- Threat Security System in its FIPS-CC mode and that you follow secure procedures for installation and operation of the FortiGate module. You must ensure that: · The FortiGate module is installed in a secure physical location. · Physical access to the FortiGate module is restricted to authorized operators. · Administrative passwords are at least 8 characters long. · Administrative passwords are changed regularly. · Administrator account passwords must have the following characteristics: · One (or more) of the characters should be capitalized · One (or more) of the characters should be numeric · One (or more) of the characters should be non alpha-numeric (e.g. punctuation mark) · Administration of the FortiGate module is permitted using only validated administrative methods. These are: · Console connection · Web-based manager via HTTPS · Command line interface (CLI) access via SSH · Web browsers are configured to use TLS 1.0 only for use with the SSL VPN functionality (SSL v3.0 support must be disabled in the browser). · Diffie-Hellman key sizes of less than less than 1024 bits (Group 5) are not used. The FortiGate module can be used in either of its two operation modes: NAT/Route or Transparent. NAT/Route mode applies security features between two or more different networks (for example, between a private network and the Internet). Transparent mode applies security features at any point in a network. The current operation mode is displayed on the web-based manager Status page and in the output of the get system status CLI command. Also, on LCD- equipped modules, Transparent mode is indicated by "FIPS-CC-TP" and NAT/Route by "FIPS-CC-NAT" on the LCD display. Initial Inspection of the Modules The SO must inspect a module before installation to verify that it has not been tampered with during shipment. The packaging and external enclosure must be inspected for visible signs of damage or tampering. If a module displays signs of damage or tampering, the SO must contact Fortinet or their reseller to obtain a replacement module. Applying the Security Seals After completing the initial inspection of the module the SO must apply the security seals as explained in the section "Physical Security" on page 16 to ensure full compliance with the FIPS 140-2 standard. Initial configuration of the FortiGate module This section describes how to configure your FortiGate module in the FIPS-CC mode of operation. Proceed as follows: FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 27 Initial configuration of the FortiGate module · Install the module following the procedures in the documentation. · Register your FortiGate module with Fortinet. · If you are upgrading an existing FortiGate module to FIPS-CC firmware, download the appropriate firmware from Fortinet and install it on your module. · Verify the firmware version of your FortiGate module. · Enable FIPS-CC mode. Verifying the hardware version of the module Check the label on the back or underside of the module to determine the hardware version. Match the first 6 characters of the hardware version to the FIPS validated hardware versions listed in Table 18. Table 18: FIPS 140-2 validated hardware versions FortiGate Model Hardware Version FG-3016B C4XA14 FG-3600A V3BU94 FG-3810A-E4 C3GV75 Installing the module Both the Quick Start Guide and the Getting Started section of the Installation Guide for your FortiGate module provide instructions on the physical installation and initial configuration of your module. When you have completed these procedures you will be able to access both the web-based manager and Command Line Interface (CLI). Registering the module For information about registering your FortiGate module, see "Registering a FortiGate unit" in the System Maintenance chapter of the Administration Guide for your module. You need the user name and password Fortinet provides to you to download the FIPS-CC compliant firmware. Downloading and installing FIPS-CC compliant firmware Unless you purchased a FortiGate module with FIPS-CC firmware pre-installed, you need to download and install the appropriate firmware for your FortiGate module. The firmware can be obtained from the Fortinet support site after registering your module. The validated firmware build for the module is listed in Table 19. Table 19: Firmware builds for validated FortiGate models FortiGate Model Firmware Build FG-3016B FGT_3016B-v300-build8785-mr4_fips_cc_lr.out FG-3600A FGT_3600A-v300-build8785-mr4_fips_cc_lr.out FG-3810A-E4 FGT_3810A-v300-build8785-mr4_fips_cc_lr.out FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 28 01-00000-0416-20081008 Initial configuration of the FortiGate module To download the firmware 1 Determine the appropriate firmware build from Table 19. 2 With your web browser, go to https://support.fortinet.com and log in using the name and password you received when you registered with Fortinet Support. 3 Navigate to the version 3.00 FortiOS Images and Notes page. Select Download Page for the FIPS-CC compliant firmware build you need. Save the file on the management computer or on your network where it is accessible from the FortiGate module. Installing the FIPS-CC firmware You install the FIPS-CC compliant firmware as an upgrade from the standard firmware. To install the FIPS-CC firmware 1 Using the management computer, connect to the module's web-based manager. See the Quick Start Guide or the Installation Guide for information. 2 Type admin in the name field. If you have assigned a password, type it in the Password field. Select Login. 3 Go to System > Status. 4 Under System Information > Firmware version, select Update. 5 Type the path and filename of the firmware image file, or select Browse and locate the file. 6 Select OK. When the module attempts to load the new firmware build, the firmware load test is performed and verifies the integrity of the new firmware using a digital signature. If the load test fails, the firmware update is rejected and the message "File is not an update file" is displayed. If the firmware load test passes, the module uploads the new firmware image file, upgrades to the new firmware version, restarts, and displays the Login page. This process takes a few minutes. Verifying the firmware version of the module Execute the following command from the command line: get system status The version line of the status display shows the FortiGate model number, firmware version, build number and date: Version: FortiGate-3600A 3.00,build8785,080605 Verify that your firmware version, build number and date match those shown above for your specific model. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 29 Enabling FIPS-CC mode Enabling FIPS-CC mode If you have verified the firmware version, you are ready to enable FIPS-CC mode. As part of enabling FIPS-CC mode, you must define administrator account names and passwords. The default admin account is not available in FIPS-CC mode. You must use a console connection to enable FIPS-CC mode. If you try to use another type of connection, a "check permission failed" error occurs. Note: When you enable FIPS-CC mode, all of the existing configuration is lost. To enable FIPS-CC mode 1 Log in to the CLI and enter the following commands: config system fips-cc set status enable end 2 In response to the following prompt, enter the account name for the Security Administrator: Please enter SECURITY administrator name: 3 In response to the following prompt, enter the password for the Security Administrator: Please enter SECURITY administrator password: 4 When prompted, re-enter the Security Administrator password. 5 In response to the following prompt, enter the account name for the Audit Administrator: Please enter AUDIT administrator name: If you want the Security Administrator to also act as the Audit Administrator, enter the Security Administrator account name you defined in step 2. There will be no prompt for a password. (Skip step 6.) 6 In response to the following prompt, enter the password for the Audit Administrator: Please enter AUDIT administrator password: 7 When prompted, re-enter the Audit Administrator password. 8 In response to the following prompt, enter the account name for the Crypto Administrator: Please enter CRYPTO administrator name:CryptoAdmin If you want the Security Administrator to also act as the Crypto Administrator, enter the Security Administrator account name you defined in step 2. There will be no prompt for a password. (Skip step 9.) 9 In response to the following prompt, enter the password for the Cryptographic Administrator: Please enter CRYPTO administrator password: 10 When prompted, re-enter the Crypto Administrator password. The CLI displays the following message: Warning: most configuration will be lost, do you want to continue? (y/n) FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 30 01-00000-0416-20081008 Self-Tests 11 Enter y. The FortiGate module restarts and runs in FIPS-CC compliant mode. FIPS-CC mode status indicators There are two status indicators that show whether the FortiGate unit is running in the FIPS 140-2 compliant mode of operation: Table 20: FIPS-CC mode status indicators Location Indication Front panel LCD FIPS-CC-NAT or FIPS-CC-TP Output of get system status command FIPS-CC mode: enable Self-Tests The module executes the following self-tests during startup and initialization: · Firmware integrity test using HMAC SHA-1 · VPN bypass test using HMAC SHA-1 (VPN table integrity test) · Triple-DES, CBC mode, encrypt/decrypt known answer test · AES, CBC mode, encrypt/decrypt known answer test · HMAC SHA-1 known answer test · RSA signature generation/verification known answer test · RNG known answer test The results of the startup self-tests are displayed on the console during the startup process. The startup self-tests can also be initiated on demand using the CLI command execute fips kat all (to initiate all self-tests) or execute fips kat (to initiate a specific self-test). The module executes the following conditional tests when the related service is invoked: · Continuous RNG test · RSA pairwise consistency test · VPN bypass test using HMAC SHA-1 (VPN table integrity test) · Firmware download integrity test using RSA public/private keys Self-Test Status Indicators There are two types of self-test status indicators: the startup indicators and the on- demand indicators. The startup self-test status indicators are output through the console connection during the startup process. The on-demand self-test status indicators are output as a the result of a execute fips kat CLI command. The following output shows the successful completion of the startup self-tests: Initializing firewall... System is started. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 31 Effects of FIPS-CC compliant mode FIPS-CC mode: Starting self-tests. Running AES test... passed Running 3DES test... passed Running SHA1 HMAC test... passed Running RSA test... passed Running Firmware/VPN config integrity test... passed Running RNG test... passed Self-tests passed The following output shows the successful completion of the on-demand self-tests for all of the algorithm known answer tests: FortiGate-3600A # execute fips kat all Starting self-tests Running AES test... passed Running 3DES test... passed Running SHA1 HMAC test... passed Running RSA test... passed Running RNG test... passed Running Integrity test... passed Self-tests passed Effects of FIPS-CC compliant mode The following list describes, not necessarily in order, the effects of enabling FIPS- CC mode with respect to the normal mode of operation. · All previous configuration settings are lost (cleared or reset to defaults) except for the SA, AA and CA accounts created when enabling FIPS-CC mode. · All network interfaces are down by default. · The get system status CLI command display includes "FIPS-CC mode: enable". · Memory logging is enabled by default (including traffic logs). · Reaching 95% of the memory log storage capacity results in the FortiGate module entering a CC Error mode that shuts down all of the interfaces until the administrator intervenes. See "CC Error Mode" on page 35. · Failure of a self-test results in the FortiGate module entering a FIPS Error mode that halts the module until the administrator intervenes. See "FIPS Error Mode" on page 34. · Anomaly detection and protection is applied to traffic addressed to the FortiGate module. · TFTP communication is not permitted. · SNMP services are disabled. · Remote access clients must meet security requirements. See "Remote access requirements" on page 33. · All administrators must accept a disclaimer statement at logon. This disclaimer is configured in the Post Login replacement message. · The FortiGate module performs self-tests at startup. Also, the administrator can run some self-tests at any time. If any of these tests fail, the module goes into error mode and shuts down. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 32 01-00000-0416-20081008 Remote access requirements · There is an alarm capability. · The DES and MD5 algorithms are not available for VPN configurations. · Use of the AES or Triple-DES algorithms is enforced for IPSec and SSL VPN configurations. · The use of TLS is enforced for remote administration over HTTPS. · Support for large Diffie-Hellman groups 14 through 18 is added to IPSec VPN configurations and group 15 is the default. DH groups 15 through 18 use 3072 to 8192-bit keys. · ANSI X9.31 RSA signature is an optional authentication method for IPSec VPNs. This method is supported only on FortiGate modules in FIPS-CC mode. · When configuring passwords, the FortiGate module requires you to enter the password a second time as confirmation. · Blocking of spoofed TCP RST packets is enabled by default. · On a CLI session, when an administrator logs out or the session times out, the FortiGate module sends 100 carriage return characters to clear the screen. Remote access requirements In FIPS-CC mode, remote administration is not allowed via HTTP or Telnet, which are not secure. SSH and HTTPS access are permitted but must meet certain security requirements. Setting minimum DH primes size By default, in FIPS-CC mode the FortiGate module requires values at least 3072 bits long to be used in the Diffie-Hellman key exchange when an HTTPS session begins. Using the CLI, you can set this minimum to one of the following safe standard values specified in RFC 3526: 1024, 1536, 2048, 3072, 4096, 6144 or 8192 bits. For example, to use commercially available browsers, you might need to set the key size to 1024, as follows: config system global set dh-params 1024 end SSH client requirements To access the CLI through network interfaces in FIPS-CC mode, your SSH client must support the following: Authentication: · HMAC SHA-1 Encryption: · AES128, AES192, AES256 or Triple-DES Note that only SSH v2 is supported. Web browser requirements To use the web-based manager in FIPS-CC mode, your web browser application must meet the following requirements: FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 33 Disabling FIPS-CC mode · Authentication algorithm (one of the following, in descending order of preference): · RSA X9.31 · PKCS1 RSA · Connection security: · TLS 1.0 Enabling administrative access The network interfaces do not allow administrative access by default in FIPS-CC mode, preventing you from using the web-based manager. You can re-enable use of the web-based manager using CLI commands on the console. This example enables HTTPS administrative access on the Internal interface to allow use of the web-based manager: config system interface edit internal set allowaccess https end For detailed information about accessing the web-based manager, see "Connecting to the web-based manager" in the Installation Guide for your module. Disabling FIPS-CC mode The only way that you can return the FortiGate module to the normal mode of operation is to restore the factory default configuration. Enter the following CLI command: execute factoryreset Disabling FIPS-CC mode erases the current configuration. Error mode In FIPS-CC mode, there are two specific error modes: FIPS Error mode and CC Error mode. FIPS Error Mode The FortiGate module switches to FIPS Error mode when one or more of the self- tests fail. On entering FIPS Error mode the FortiGate module shuts down all interfaces (including the console) and blocks traffic. The module indicates FIPS Error mode by outputting an error message to the console. For example, if the startup AES self-test fails, the following error message would be displayed on the console: FIPS error: AES self-test failed Entering error mode... The system is going down NOW !! The system is halted. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 34 01-00000-0416-20081008 CC Error Mode To resume normal FIPS-CC mode operation, first attempt a reboot of the FortiGate module by power cycling the module. If the self-tests pass after the reboot, the module will resume normal FIPS-CC compliant operation. If a self-test continues to fail after rebooting, there is likely a serious firmware or hardware problem and the module should be removed from the network until the problem is solved. If the self-test failure persists across reboots, you can attempt to reload the firmware after resetting the module to the factory default configuration. If the self- test failure persists after reloading the firmware and re-enabling the FIPS-CC mode of operation, contact Fortinet technical support. CC Error Mode The FortiGate module switches to CC Error mode when the current and rolled log files consume more than 95% (the default setting) of log device capacity. On entering CC Error mode the FortiGate module shuts down the network interfaces and blocks traffic. Administrator access is restricted to the console when the module is in CC Error mode. The FortiGate module indicates CC Error mode by prepending "CC-ERR" to the console prompt: CC-ERR FortiGate-3600A$ To resume normal FIPS-CC mode operation, you must first reduce the logs to below 95% of the disk capacity. Only an Administrator with the Audit Administrator role can do this. Ideally you should reduce the logs to 50% or less of the device capacity. Once you have cleared space on the log device, use the following console command to clear error mode: execute error-mode exit The FortiGate module resumes normal FIPS-CC compliant operation unless there is still too little free space on the log device. Non-FIPS Approved Services The module also provides the following non-FIPS approved services: · Encrypted configuration backups using the backup configuration password · High Availability (HA) in both Active-Active (AA) and Active-Passive (AP) configurations If any of the above services are used, the module is not considered to be operating in the FIPS approved mode of operation. FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 01-00000-0416-20081008 35 CC Error Mode FortiGate-3016B/3600A/3810A-E4 FIPS 140-2 Security Policy 36 01-00000-0416-20081008