Skip to main content
Version 7.1.070 Release 7624
Product Type
Network and Network Related Devices and Systems
Product Status
In evaluation
Assurance Level
Protection Profile
Assurance Level Notes
Collaborative Protection Profile for Network Devices, version 2.2e
Product Description

The Target of Evaluation (TOE) is a series of network appliance models from the HPE FlexFabric 5945 and FlexFabric 12900E switch series running HPE Comware Software, Version 7.1.070, Release 7624.

The following HPE FlexFabric 5945  Switch Series models are in the evaluated configuration:

  • HPE FlexFabric 5945 48SFP28 8QSFP28 Switch
  • HPE FlexFabric 5945 4-slot Switch
  • HPE FlexFabric 5945 2-slot Switch
  • HPE FlexFabric 5945 32QSFP28 Switch

The following HPE FlexFabric 12900E  Switch Series models are in the evaluated configuration:

  • HPE FlexFabric 12916E Switch Chassis with 12900E v2 Main Processing Unit
  • HPE FlexFabric 12908E Switch Chassis with 12900E v2 Main Processing Unit or 12900E Type X Main Processing Unit
  • HPE FlexFabric 12904E Switch Chassis with 12904E v2 Main Processing Unit or 12904E Type X Main Processing Unit
  • HPE FlexFabric 12902E Switch Chassis with 12902E Main Processing Unit
  • HPE FlexFabric 12901E Switch Chassis

Each series of switches included in the TOE comprises a set of distinct devices which vary primarily according to power delivery, performance and port density.  The 5945 series switches have a fixed number of ports.  In the evaluated configuration, they can be deployed as a single 5945 Series device or as a group of up to four 5945 Series devices using the Hewlett Packard Enterprise (HPE) Intelligent Resilient Framework (IRF) technology.  The IRF technology requires the devices to be directly connected to one another using an IRF stack utilizing one or more dedicated Ethernet connections used to coordinate the overall logical switch configuration and also to forward applicable network traffic as necessary between attached devices.

The 12900E Series support plug-in modules, which provide additional functionality (e.g., various numbers and types of network connection ports), and security blades, which offer additional advanced security functions (e.g., firewall). With the exception of pluggable security blades, all of the available optional plug-in modules extend the physically available ports and do not otherwise affect any of the claimed security functions. The security blades offer additional advanced (e.g., firewall) security functions not included in this evaluation.

As with the 5945 Series, 12900E Series switches can be deployed as a single device or as a group of devices connected using IRF technology to effectively form a logical switch device. For the 12900E Series devices, the IRF technology does not require that switches be co-located and can be part of a disaster recovery system. Switches can be attached using standard Link Aggregation Control Protocol (LACP) for automatic load balancing and high availability.

Each variant of the TOE implements the essential security functions of a secure network appliance. The TOE is to be deployed in a data centre and used by Security Administrators who may configure the TOE for the intended use case. The TOE is a complete network appliance which ensures that only authorized Security Administrators may access the TOE, that assets are protected by necessary cryptographic functions and protocols when stored within the TOE and when communicated outside the TOE, that the TOE only becomes operational if it can be asserted to be in an authentic state, that TOE software may be upgraded through a well-defined process, and that all critical functions generate an actionable audit record which is stored in a manner that allows dependable analysis of auditable events.