Sorry, you need to enable JavaScript to visit this website.
Skip to main content

FortiGate NGFW appliances running FortiOS

Product Type
Network and Network Related Devices and Systems
Product Status
Assurance Level
Protection Profile
Assurance Level Notes
Product Description

The Target of Evaluation (TOE) is FortiGate NGFW appliances running FortiOS 5.4.

The TOE is designed to provide next-generation firewall services ensuring network protection for Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) networks. The TOE is capable of robust filtering based on information contained in IPv4, IPv6, ICMPv4, ICMPv6, TCP and UDP headers as specified by their respective RFC’s. Additionally the TOE is capable of content inspection of FTP and H.323 protocols to work with the dynamic nature of these protocols.

ASD Cryptographic Evaluation
The ASD Crypt Evaluation covers the VPN functionality of FortiOS 5.4.4 only.

The supported platforms are :


FortiGate-50E; FortiWiFi-50E; FortiGate-51E; FortiWiFi-51E; FortiGate-52E; FortiGate-60E; FortiGate-60E-PoE; FortiWiFi-60E; FortiGate-61E; FortiWiFi-61E; FortiGate-80E; FortiGate-81E; and FortiGate-81E-PoE.


FortiGate-100E; FortiGate-101E; FortiGate-200D; FortiGate-200E; FortiGate-201E; FortiGate-300D; FortiGate-400D; FortiGate- 500D; FortiGate-600D; FortiGate-800D; FortiGate-900D; FortiGate-1000D; FortiGate-1200D;   FortiGate-1500D; FortiGate-2000E; and FortiGate-2500E.


FortiGate-3000D; FortiGate-3100D; FortiGate-3200D; FortiGate-3700D; FortiGate-3810D; and FortiGate-3815D.

The FortiGate 5000-series chassis are modular enclosures for blade systems. The following blade systems are capable of running in the evaluated configuration:


Virtual models

FortiGate-VM01; FortiGate-VM02; FortiGate-VM04; and FortiGate-VM08

When operating on the following hypervisors and hardware platforms:

FortiHypervisor-500D (KVM 64-bit)


The Security Functions provided by the TOE are listed in the table below.

Security Functions Description

Security audit

The TOE generates logs for auditable events. These logs can be stored locally in protected storage and/or exported to an external audit server via a secure channel.

Cryptographic support

The TOE implements a variety of key generation and cryptographic methods to provide protection of data both in transit and at rest within the TOE.

User data protection

The TOE ensures that data cannot be recovered once deallocated.

Identification and authentication

The TOE implements mechanisms to ensure that users are both identified and authenticated before any access to TOE functionality or TSF data is granted.

Security management

The TOE provides a suite of management functionality, allowing for full configuration of the TOE by an authorised administrator.

Protection of the TSF

The TOE implements a number of protection mechanisms (including authentication requirements, self-tests and trusted update) to ensure the protection of the TOE and all TSF data.

TOE access

The TOE provides session management functions for local and remote administrative sections.

Trusted path/channels

The TOE provides secure channels between itself and local/remote administrators and other devices to ensure data security during transit.

Stateful traffic and packet filtering

The TOE allows for the configuration and enforcement of stateful packet filtering/firewall rules on all traffic traversing the TOE.

Intrusion prevention

The TOE allows for the enforcement of pre-defined or custom attack signatures, as part of a comprehensive intrusion prevention suite.