Juniper Networks SRX1500, SRX4100, SRX4200 and ... ... Juniper Networks SRX1500, SRX4100, SRX4200 and

  • View
    0

  • Download
    0

Embed Size (px)

Text of Juniper Networks SRX1500, SRX4100, SRX4200 and ... ... Juniper Networks SRX1500, SRX4100, SRX4200...

  • Copyright Juniper, 2020 Version 1.1 Page 1 of 35 Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).

    Juniper Networks SRX1500, SRX4100, SRX4200 and SRX4600 Services Gateways

    Non-Proprietary FIPS 140-2 Cryptographic Module Security Policy

    Version: 1.1

    Date: July 30, 2020

    Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net

  • Copyright Juniper, 2020 Version 1.1 Page 2 of 35 Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).

    Table of Contents

    1 Introduction .................................................................................................................. 5

    1.1 Hardware and Physical Cryptographic Boundary ......................................................................... 7 1.2 Mode of Operation ....................................................................................................................... 8 1.3 Zeroization ..................................................................................................................................10

    2 Cryptographic Functionality ......................................................................................... 11

    2.1 Approved Algorithms .................................................................................................................11 2.2 Allowed Algorithms ....................................................................................................................14 2.3 Allowed Protocols ......................................................................................................................14 2.4 Disallowed Algorithms................................................................................................................16 2.5 Critical Security Parameters .......................................................................................................16

    3 Roles, Authentication and Services .............................................................................. 18

    3.1 Roles and Authentication of Operators to Roles .......................................................................18 3.2 Authentication Methods ............................................................................................................18 3.3 Services .......................................................................................................................................19 3.4 Non-Approved Services ..............................................................................................................20

    4 Self-tests ..................................................................................................................... 22

    5 Physical Security Policy ................................................................................................ 24

    5.1 General Tamper Evident Label Placement and Application Instructions ...................................24 5.2 SRX1500 (10 seals) .....................................................................................................................24 5.3 SRX4100 & SRX4200 (13 seals) ...................................................................................................27 5.4 SRX4600 (15 seals) .....................................................................................................................30

    6 Security Rules and Guidance ........................................................................................ 33

    7 References and Definitions .......................................................................................... 34

  • Copyright Juniper, 2020 Version 1.1 Page 3 of 35 Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).

    List of Tables

    Table 1 – Cryptographic Module Configurations .......................................................................................... 5

    Table 2 – Security Level of Security Requirements ....................................................................................... 6

    Table 3 – Ports and Interfaces ...................................................................................................................... 8

    Table 4 – Data Plane Approved Cryptographic Functions .......................................................................... 11

    Table 5 – Control Plane QuickSec Approved Cryptographic Functions ...................................................... 11

    Table 6 – OpenSSL Approved Cryptographic Functions .............................................................................. 12

    Table 7 – OpenSSH Approved Cryptographic Functions ............................................................................. 13

    Table 8 – LibMD Approved Cryptographic Functions ................................................................................. 14

    Table 9 – Kernel Approved Cryptographic Functions ................................................................................. 14

    Table 10 – Allowed Cryptographic Functions ............................................................................................. 14

    Table 11 – Protocols Allowed in FIPS Mode................................................................................................ 14

    Table 12 – Critical Security Parameters (CSPs) ........................................................................................... 16

    Table 13 – Public Keys ................................................................................................................................. 17

    Table 14 – Authenticated Services .............................................................................................................. 19

    Table 15 – Unauthenticated traffic ............................................................................................................. 19

    Table 16 – CSP Access Rights within Services ............................................................................................. 20

    Table 17 – Authenticated Services .............................................................................................................. 21

    Table 18 – Unauthenticated traffic ............................................................................................................. 21

    Table 19 – Physical Security Inspection Guidelines .................................................................................... 24

    Table 20 – References ................................................................................................................................. 34

    Table 21 – Acronyms and Definitions ......................................................................................................... 35

    Table 22 – Datasheets ................................................................................................................................. 35

  • Copyright Juniper, 2020 Version 1.1 Page 4 of 35 Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).

    List of Figures

    Figure 1 - SRX1500 ........................................................................................................................................ 7

    Figure 2 - SRX4100 ........................................................................................................................................ 7

    Figure 3 - SRX4200 ........................................................................................................................................ 7

    Figure 4 - SRX4600 ........................................................................................................................................ 7

    Figure 5 - SRX1500 Front View: TEL 1 - 6 .................................................................................................... 25

    Figure 6 - SRX1500 Top-Front View: TEL 1 & 2 ........................................................................................... 25

    Figure 7 - SRX1500 Rear View: TEL 7 & 8 .................................................................................................... 25

    Figure 8 - SRX1500 Top - Rear View: TEL 7 ................................................................................................. 26

    Figure 9 - SRX1500 Bottom View: TEL 8, 9 & 10 ......................................................................................... 26

    Figure 10 - SRX1500 Right Side View: TEL 9 ................................................................................................ 27

    Figure 11 - SRX1500 Left Side View: TEL 10 ................................................................................................ 27

    Figure 12 - SRX4100 & SRX4200 Top View: TEL 1, 2, 6, 8 & 10 ................................................................... 28

    Figure 13 - SRX4100 & SRX4200 Left-Side View: TEL 1 ............................................................................... 28

    Figure 14 - SRX4100 & SRX4200 Right-Side View: TEL 2 ............................................................................. 28

    Figure 15 - SRX4100 & SRX4200 Bottom View: TEL 3, 4, 5 .......................................................