Aruba Networks Mobility Controller Range & Software version 6.5.0.0

Product type: Network and Network Related Devices and Systems
Product Status: Completed
Assurance Level: Protection Profile

Version: Software Version: 6.5.0.0 (previously 6.4.3.4-FIPS)
Components: Aruba appliance models: 7240, 7220, 7210, 7030, 7205, 7024, 7010, 7005, 6000, 3600, 3400, 3200, 650 and 620

Product Details

Product Description

Certification Country: AUSTRALIA/NEW ZEALAND (2016)
Certificate Details: 2016/94
Certification Method: CC
Crypt Evaluation: Completed, see consumer guide

PP Compliance: Security Requirements for Network Devices , v1.1 with Errata #3 applied Network Device Protection Profile (NDPP) Extended Package Stateful Traffic Filter Firewall, v1.0 Network Device Protection Profile (NDPP) Extended Package VPN Gateway, v1.1

Evaluation Facility: CSC
Manufacturer/Vendor/Distributor: Aruba Networks

Aruba Networks

Suite 303, 54 Miller Street
North Sydney NSW 2060 Australia
Website: http://www.arubanetworks.com
Product Website: http://www.arubanetworks.com

Contact


Steve Weingart
Public Sector Certifications
1344 CROSSMAN AVE SUNNYVALE
CA 94089 CA 94089 US
Phone: 830.580.1544
Mobile: 210.516.5736
Website: http://www.arubanetworks.com

Documents

Security Target
Certification Report
Consumer Guide
Maintenance Report

The Aruba Networks Mobility Controller a network device, stateful traffic filter firewall and VPN gateway It is a network device that serves as a gateway between wired and wireless networks and provides command-and-control over Access Points (APs) within an Aruba dependant wireless network. ArubaOS 6.4.3.4 FIPS is the underlying operating system of the Mobility Controller, which is available in modular chassis or network appliance models:

a) Aruba 7000 Series Mobility controller. (7240, 7220, 7205, 7210, 7030, 7024, 7010, 7005)

b) Aruba 6000 Series. The Aruba 6000 with M3 blades are designed for corporate headquarters and large campus deployments.

c) Aruba 3000 Series. The Aruba 3200, 3400 and 3600 are designed for small, medium and large enterprises.

d) Aruba 600 Series. The Aruba 620 and 650 are designed for branch offices and similar deployments.

 

The TOE provides the following security functions:

a) Protected communications. The TOE protects the following communication flows:

i) WebUI. Communication with the administrative web user interface (WebUI) is protected using TLS/HTTPS.

ii) CLI. Remote administration via the Command Line Interface (CLI) is protected using SSHv2.

iii) Syslog. Syslog messages are protected using IPSec.

iv) Radius. Radius authentication messages are protected using IPSec.

b) Verifiable updates. Updates are digitally signed and verified upon installation utilizing digital signatures.

c) System monitoring. The TOE maintains an audit log of administrative and security relevant events. Logs can optionally be delivered to a Syslog server.

d) Secure administration. The TOE provides administration interfaces for configuration and monitoring. The TOE authenticates administrators and implements session timeouts.

e) Residual information clearing. The TOE ensures that network packets sent from the TOE do not include data "left over" from the processing of previous network information.

f) Self-test. The TOE performs both power-up and conditional self-tests to verify correct and secure operation.

g) Firewall. The TOE performs stateful packet filtering. Wireless clients connecting through APs are placed into user-roles. Stateful packet filter policies are applied to these user-roles to allow fine grained control over wireless traffic.

h) VPN gateway. The TOE may be used as a VPN gateway – a device at the edge of a private network that terminates an IPsec tunnel, which provides device authentication, confidentiality, and integrity of information traversing a public or untrusted network.

Product Maintenance:  10 October 2016: Assurance Maintenance conducted on TOE Version 6.4.3.4-FIPS. There are a number of changes that aim to improve the overall useability of the TOE, such as providing traffic analysis and blocked sessions which provide a dashboard view of the sessions blocked via ACLS or system logs.