Aruba Networks Virtual Mobility Controller v 6.4

Product type: Network and Network Related Devices and Systems
Product Status: In Evaluation
Assurance Level: Protection Profile

Version: ArubaOS VMC 6.4
Components: ArubaOS VMC 6.4 is the underlying operating system of the Virtual Mobile Controller (VMC), which is on a PacStar 451 appliance running VMware ESXI Server

Cert Progress: Progressing
Estimated Approval: Q4 2016

Product Details

Product Description


PP Compliance Claimed:

U.S. Government Approved Protection Profile - Security Requirements for Network Devices , v1.1 with Errata #3 applied

U.S. Government Approved Protection Profile - Network Device Protection Profile (NDPP) Extended Package Stateful Traffic Filter Firewall, v1.0

U.S. Government Approved Protection Profile - Network Device Protection Profile (NDPP) Extended Package VPN Gateway, v1.1



Evaluation Facility: CSC
Manufacturer/Vendor/Distributor: Aruba Networks

Aruba Networks

Suite 303, 54 Miller Street
North Sydney NSW 2060 Australia
Website: http://www.arubanetworks.com

Contact


Steve Weingart
Public Sector Certifications
1344 CROSSMAN AVE SUNNYVALE
CA 94089 CA 94089 US
Phone: 830.580.1544
Mobile: 210.516.5736
Website: http://www.arubanetworks.com

The Aruba Networks Virtual Mobility Controller (VMC) is a virtualised network device, stateful traffic filter firewall and VPN gateway. It serves as a gateway between wired and wireless networks and provides command-and-control over Access Points (APs) within an Aruba dependant wireless network. ArubaOS VMC 6.4 is the underlying operating system of the Virtual Mobile Controller (VMC), which is on a PacStar 451 appliance running VMware ESXI Server.

 The TOE provides the following security functions:

  • Protected communications. The TOE protects the following communication flows:
    • WebUI. Communication with the administrative web user interface (WebUI) is protected using TLS/HTTPS
    • CLI. Remote administration via the Command Line Interface (CLI) is protected using SSHv2
    • Syslog. Syslog messages are protected using IPSec
    • Radius. Radius authentication messages are protected using IPSec
    • Verifiable updates. Updates are digitally signed and verified upon installation utilising digital signatures.
  • System monitoring. The TOE maintains an audit log of administrative and security relevant events. Logs can optionally be delivered to a Syslog server
  • Secure administration. The TOE provides administration interfaces for configuration and monitoring. The TOE authenticates administrators and implements session timeouts.
  • Residual information clearing. The TOE ensures that network packets sent from the TOE do not include data "left over" from the processing of previous network information
  • Self-test. The TOE performs both power-up and conditional self-tests to verify correct and secure operation.
  • Firewall. The TOE performs stateful packet filtering. Wireless clients connecting through APs are placed into user-roles. Stateful packet filter policies are applied to these user-roles to allow fine grained control over wireless traffic
  • VPN gateway. The TOE may be used as a VPN gateway – a device at the edge of a private network that terminates an IPsec tunnel, which provides device authentication, confidentiality, and integrity of information traversing a public or untrusted network.