Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Aruba Networks Virtual Mobility Controller (hardened Chassis running VMware ESXi)

ArubaOS - 1.3 FIPS
Product Type
Network and Network Related Devices and Systems
Product Status
Assurance Level
Protection Profile
Product Description

The Aruba Networks Virtual Mobility Controller (VMC) is a virtualised network device encompassing stateful traffic filter firewall and VPN gateway. It serves as a gateway between wired and wireless networks and provides command-and-control over Access Points (APs) within an Aruba dependant wireless network. ArubaOS VMC - 1.3 FIPS is the underlying operating system of the Virtual Mobile Controller (VMC), which runs on top of VMware ESXi and was evaluated on the following platforms:


PacStar 451 Small Server Module (Intel 4th-Generation Core i5 or Core i7)
Information Assurance Specialists IAS Router MICRO Extreme network appliance (contains the IAS VPN Gateway Module CLASSIC using Intel 4th-Generation Core i5)
Klas Telecom Voyager VMm (Intel 5th-Generation Core i3)
DTECH Labs M3-SE-SVR3Q (Intel 3rd-Generation Core i7)


 The TOE provides the following security functions:

  • Protected communications. The TOE protects the following communication flows:
    • WebUI. Communication with the administrative web user interface (WebUI) is protected using TLS/HTTPS
    • CLI. Remote administration via the Command Line Interface (CLI) is protected using SSHv2
    • Syslog. Syslog messages are protected using IPSec
    • Radius. Radius authentication messages are protected using IPSec
    • Verifiable updates. Updates are digitally signed and verified upon installation utilising digital signatures.
  • System monitoring. The TOE maintains an audit log of administrative and security relevant events. Logs can optionally be delivered to a Syslog server
  • Secure administration. The TOE provides administration interfaces for configuration and monitoring. The TOE authenticates administrators and implements session timeouts
  • Residual information clearing. The TOE ensures that network packets sent from the TOE do not include data "left over" from the processing of previous network information
  • Self-test. The TOE performs both power-up and conditional self-tests to verify correct and secure operation
  • Firewall. The TOE performs stateful packet filtering. Wireless clients connecting through APs are placed into user-roles. Stateful packet filter policies are applied to these user-roles to allow fine grained control over wireless traffic
  • VPN gateway. The TOE may be used as a VPN gateway – a device at the edge of a private network that terminates an IPsec tunnel, which provides device authentication, confidentiality, and integrity of information traversing a public or untrusted network.