Cisco PIX Security Appliances 515, 515E, 525, 535 and Cisco ASA Adaptive Security Appliances 5510, 5520 and 5540

Product type: Network and Network Related Devices and Systems
Product Status: Completed
Assurance Level: EAL4+ CC EAL4+ ALC_FLR.1

Version: 7.2(4)30

Product Details

Product Description

Certification Country: UNITED STATES (2007)
Certificate Details: CCEVS-VR-07-0017
Certification Method: CC
Crypt Evaluation: Not Required
Evaluation Facility: Arca CCTL
Manufacturer/Vendor/Distributor: Cisco Systems


Cisco Systems Inc
Global Certifications

Phone: + 1 410 309 4862
Email: [email protected]

Kylie Pratt

Phone: +61 2 6216 0660
Email: [email protected]


Consumer Guide
Security Target
Certification Report
Maintenance Report - Nov 2008
Maintenance Report - May 2009

The Cisco PIX Security Appliance and the Cisco ASA Adaptive Security Appliance are stateful packet filtering firewalls. A stateful packet filtering firewall controls the flow of IP traffic by matching information contained in the headers of connection-oriented or connectionless IP packets against a set of rules specified by the firewall\\\'s authorised administrator. This header information includes source and destination host (IP) addresses, source and destination port numbers, and the transport service application protocol (TSAP) held within the data field of the IP packet. Depending upon the rule and the results of the match, the firewall either passes or drops the packet. The stateful firewall remembers the state of the connection from information gleaned from prior packets flowing on the connection and uses it to regulate current packets. The packet will be denied if the security policy is violated. In addition to IP header information,Cisco PIX and ASA appliances mediate information flows on the basis of other information, such as the direction (incoming or outgoing) of the packet on any given firewall network interface. For connection-oriented transport services, the firewall either permits connections and subsequent packets for the connection or denies the connection and subsequent packets associated with the connection.