PRODUCT DESCRIPTION

Stonesoft StoneGate Firewall is a high availability firewall and Virtual Private Network (VPN) solution for securing data communication channels and enabling continuous network connectivity. The validated product is the StoneGate Firewall engine and VPN software application component of StoneGate.

The StoneGate Firewall engine is based on Multi-Layer Inspection technology that combines both stateful and application-level inspection technology to control connectivity and information flow between internal and external networks. It provides Network Address Translation (NAT) to keep internal network addresses private. The VPN security services are based on the IPSec standard and allow users multiple cryptographic support options. As part of a firewall cluster, the StoneGate Firewall engine provides a high availability feature, so that component firewall failures degrade the cluster to a fully functional and secure state.

Other StoneGate components support the Firewall engine. The StoneGate Firewall engine runs on a hardened Linux operating system that is integrated with the engine. StoneGate includes a distributed management system comprising a management server, a log server and a graphical management client for administering the engine via the two servers. These additional StoneGate components were not within the scope of the Firewall engine evaluation.

The evaluated security features of the StoneGate Firewall engine include:

• Information flow control
  • Stateful information flow control for IP packets
  • Filtering on network level through application level information
  • Connection redirection for FTP, HTTP, and SMTP traffic
• VPN
  • Confidentiality and integrity of information exchanged with security gateways
  • IPSec-based authentication of security gateways
  • FIPS 140-2 certified cryptographic functions
• Static NAT to protect internal network addresses from disclosure
• High Availability for engine security services through support of firewall clustering
• Auditing
• Management and protection of engine security functions.

SECURITY EVALUATION SUMMARY

The evaluation demonstrated that the Stonesoft StoneGate Firewall Version 2.0.5, when configured as specified in the installation guide, meets all the security requirements contained in its Security Target. The evaluation assurance level (EAL) for the product is EAL4 Augmented with ALC_FLR.1 (basic flaw remediation. Version 2.1 of the Common Criteria for Information Technology Security Evaluation was used as the source of requirements for the Security Target.

The evaluation team used the Common Methodology for Information Technology Security Evaluation, Version 1.0, to conduct the evaluation. CygnaCom Solutions conducted the evaluation in conformance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. Three validators on behalf of the CCEVS Validation Body provided oversight to the evaluation. The evaluation was completed in September 2003. Evaluation results are contained in the Stonesoft StoneGate Firewall Version 2.0.5 Common Criteria Evaluation Technical Report, dated 17 September 2003, prepared by CygnaCom Solutions.

ENVIRONMENTAL STRENGTHS

Through its support of firewall cluster configurations, the Stonesoft StoneGate Firewall engine adds high availability to a complete set of firewall filtering and routing functions. StoneGate provides a graphical management interface that allows controlling many firewalls from one management workstation. The Stonesoft StoneGate Firewall engine includes a FIPS 140-2 certified cryptographic module

Vendor Information

Stonesoft Corporation
Michael Fenton
571.435.0622
703.288.4811 (Fax)
michael.fenton@stonesoft.com

http://www.stonesoft.com