Australasian Information Security
Evaluation Program
Certification Report
Juniper Junos OS 20.2R1 for SRX345,
SRX345-DUAL-AC, SRX380 and SRX1500
Version 1.0, 03 December 2020
ii
Table of contents
Executive summary 1
Introduction 3
Overview 3
Purpose 3
Identification 3
Target of Evaluation 5
Overview 5
Description of the TOE 5
TOE Functionality 5
TOE physical boundary 5
Architecture 8
Clarification of scope 9
Evaluated functionality 9
Non-TOE hardware/software/firmware 9
Non-evaluated functionality and services 9
Security 9
Usage 10
Evaluated configuration 10
Secure delivery 10
Installation of the TOE 11
Version verification 11
Documentation and guidance 11
Secure usage 11
iii
Evaluation 13
Overview 13
Evaluation procedures 13
Functional testing 13
Entropy testing 13
Penetration testing 13
Certification 14
Overview 14
Assurance 14
Certification result 14
Recommendations 14
Annex A – References and abbreviations 16
References 16
Abbreviations 17
1
Executive summary
This report describes the findings of the IT security evaluation of Juniper Networks Junos OS 20.2R1 for SRX345,
SRX345-DUAL-AC, SRX380 and SRX1500 appliances against Common Criteria approved Protection Profiles (PPs).
Each Juniper Networks SRX Services Gateway appliance is a security system that supports a variety of high-speed
interfaces for medium/large networks and network applications. Juniper Networks appliances share common Junos
firmware, features, and technology for compatibility across platforms.
This report concludes that the Target of Evaluation (TOE) has complied with the following PPs [4]:
 collaborative Protection Profile for Network Devices, version 2.1, 24 September 2018 (NDcPP)
 PP-Module for Stateful Traffic Filter Firewalls, Version 1.3, 27 September 2019 (FW_MOD)
 PP-Module for Virtual Private Network (VPN) Gateways, version 1.0, 17 September 2019 (MOD_VPNGW)
 collaborative Protection Profile for Network Devices/collaborative Protection Profile for Stateful Traffic Filter
Firewalls Extended Package (EP) for Intrusion Prevention Systems (IPS), version 2.11, dated 15 June 2017 (IPS EP).
Additionally, some of the above PPs can be grouped together using certified PP-Configurations. This evaluation was
used to exercise the following PP-Configurations [4] that were certified concurrently with this task:
 PP-Configuration for Network Device and Stateful Traffic Filter Firewalls, Version 1.3, 27-September-2019
(CFG_NDcPP-FW_V1.3) [4.e]
 PP-Configuration for Network Devices, Stateful Traffic Filter Firewalls, and Virtual Private Network (VPN)
Gateways, Version: 1.0, 2020-03-06 (CFG_NDcPP-FW-VPNGW_V1.0) [4.f]
The evaluation was conducted in accordance with the Common Criteria and the requirements of the Australasian
Information Security Evaluation Program (AISEP). The evaluation was performed by Teron Labs with the final Evaluation
Technical Report (ETR) submitted on 9 November 2020.
With regard to the secure operation of the TOE, the Australasian Certification Authority recommends that
administrators:
 ensure that the TOE is operated in the evaluated configuration and that assumptions concerning the TOE security
environment are understood
 configure and operate the TOE according to the vendor’s product administrator guidance and pay attention to all
security warnings
 verify the hash of any downloaded software, as present on the Juniper website
 the system auditor should review the audit trail generated and exported by the TOE periodically
 After configuration changes relating to Internet Key Exchange/Internet Protocol Security (IKE/IPsec) are made on
the TOE, the user should restart the IKE key-management process using the command:
restart ike-key-management
This will ensure that the configuration parameters are available for immediate use.
Potential purchasers of the TOE should review the intended operational environment and ensure that they are
comfortable that the stated security objectives for the operational environment can be suitably addressed.
This report includes information about the underlying security policies and architecture of the TOE, and information
regarding the conduct of the evaluation.
2
It is the responsibility of the user to ensure that the TOE meets their requirements. For this reason, it is recommended
that a prospective user of the TOE refer to the Security Target and read this Certification Report prior to deciding
whether to purchase the product.
3
Introduction
Overview
This chapter contains information about the purpose of this document and how to identify the Target of Evaluation
(TOE).
Purpose
The purpose of this Certification Report is to:
 report the certification of results of the IT security evaluation of the TOE against the requirements of the Common
Criteria and Protection Profiles [4]
 provide a source of detailed security information about the TOE for any interested parties.
This report should be read in conjunction with the TOE’s Security Target [8] which provides a full description of the
security requirements and specifications that were used as the basis of the evaluation.
Identification
The TOE is Junos OS 20.2R1 for SRX345, SRX345-DUAL-AC, SRX380 and SRX1500 appliances
Description Version
Evaluation scheme Australasian Information Security Evaluation Program
TOE Junos OS 20.2R1 for SRX345, SRX345-DUAL-AC, SRX380 and SRX1500
Software version 20.2R1
Hardware platforms SRX345, SRX345-DUAL-AC, SRX380 and SRX1500 appliances
Security Target Security Target Junos OS 20.2R1 for SRX345, SRX345-DUAL-AC, SRX380
and SRX1500, Version 1.4, 02 November 2020
Evaluation Technical Report Evaluation Technical Report v1.0, dated 06 November 2020
Document reference EFT-T013-ETR 1.0
Criteria Common Criteria for Information Technology Security Evaluation Part 2
Extended and Part 3 Conformant, April 2017, Version 3.1 Rev 5
Methodology Common Methodology for Information Technology Security, April 2017
Version 3.1 Rev 5
Conformance collaborative Protection Profile for Network Devices Version 2.1 dated
24 September 2018
4
PP-Module for Stateful Traffic Filter Firewalls, Version 1.3 dated 23
October 2019
PP-Module for Virtual Private Network (VPN) Gateways, Version 1.0
dated 27 September 2019
collaborative Protection Profile for Network Devices/collaborative
Protection Profile for Stateful Traffic Filter Firewalls Extended Package
(EP) for Intrusion Prevention Systems (IPS), Version 2.11, dated 15 June
2017
PP-Configuration for Network Device and Stateful Traffic Filter Firewalls,
Version 1.3, 27-September-2019
PP-Configuration for Network Devices, Stateful Traffic Filter Firewalls,
and Virtual Private Network (VPN) Gateways, Version: 1.0, 2020-03-06
Developer Juniper Networks, Inc. 1133 Innovation Way, Sunnyvale California
94089 United States of America
Evaluation facility Teron Labs
Unit 3, 10 Geils Court
Deakin ACT 2600
Australia
5
Target of Evaluation
Overview
This chapter contains information about the Target of Evaluation (TOE), including a description of functionality
provided, its architectural components, the scope of evaluation, its security policies and its secure usage.
Description of the TOE
The TOE is Juniper Networks, Inc. Junos OS 20.2R1 Services Gateway appliances:
 SRX345
 SRX345-DUAL-AC
 SRX380
 SRX1500
The Services Gateway appliances primarily support the definition of, and enforce, information flow policies among
network nodes. The Services Gateway appliances provide for stateful inspection of every packet that traverses the
network and provide central management to manage the network security policy. All information flow from one
network node to another passes through an instance of the TOE. Information flow is controlled on the basis of network
node addresses, protocol, type of access requested, and services requested. In support of the information flow security
functions, the TOE ensures that security-relevant activity is audited, that their own functions are protected from
potential attacks, and provides the security tools to manage all of the security functions. The TOE provides multi-site
virtual private network (VPN) gateway functionality. The TOE also implements Intrusion Prevention System (IPS)
functionality, capable of monitoring information flows to detect potential attacks based on pre-defined attack signature
and anomaly characteristics in the traffic.
All the SRX Services Gateway appliance models run the same Juniper Networks Junos operating system (Junos OS),
Junos OS 20.2R1.
The appliances are physically self-contained, housing the software, firmware and hardware necessary to perform all
router functions. The hardware has two components: the Services Gateway appliance itself and various PIC/PIMs
(interface cards or modules), which allow the appliances to communicate with the different types of networks that may
be required within the environment where the Services Gateway appliances are used.
TOE Functionality
The TOE functionality that was evaluated is described in section 1.6 of the Security Target [8].
TOE physical boundary
The TOE is the Junos OS 20.2R1 firmware running on the appliance chassis listed in the table below. The TOE is
contained within the physical boundary of the specified appliance chassis.
Chassis Model Network Ports Firmware (Operating System)
SRX345 • Four Mini PIM slots
• Sixteen 1Gbps Ethernet LAN ports (RJ-45)
Junos OS 20.2R1
6
• One Management RJ-45 port + mini-USB
• One USB 3.0 port
SRX345-DUAL-AC • Four Mini PIM slots
• Sixteen 1Gbps Ethernet LAN ports (RJ-45)
• One Management RJ-45 port + mini-USB
• One USB 3.0 port
Junos OS 20.2R1
SRX380 • Four Mini PIM slots
• Sixteen 1Gbps Ethernet LAN ports (RJ-45)
• Four 10Gbps SFP+ ports
• One Management RJ-45 port + mini-USB
• One USB 3.0 port
Junos OS 20.2R1
SRX1500 • Two PIM slots
• Twelve 1Gbps Ethernet LAN ports (RJ-45)
• Four 10Gbps SFP+ ports
• One Management RJ-45 port + mini-USB
• One USB 2.0 Type A port
Junos OS 20.2R1
Abbreviations:
Mini-PIM – Mini Physical Interface Module
mini-USB – mini Universal Serial Bus
PIM – Physical Interface Module
RJ-45 – 8-pin copper connection
SFP+ - enhanced Small Form factor Pluggable
USB – Universal Serial Bus
The physical boundary of the TOE is the entire chassis of the Services Gateway appliance, and includes both the
hardware and firmware of the network device. The TOE is the Junos OS 20.2R1 firmware running on the appliance
chassis listed in the table above. This includes the firmware implementing the Routing Engine and the ASICs
implementing the Packet Forwarding Engine. Hence the TOE is contained within the physical boundary of the specified
appliance chassis. The install package for the SRX345, SRX345-DUAL-AC and SRX380 is junos-srxsme-20.2R1.10.tgz. For
the SRX1500 appliance the install package is junos-srxentedge-x86-64-20.2R1.10.tgz.
7
The physical boundary for the SRX345, SRX345-DUAL-AC and SRX380 is shown in the figure below.
The physical boundary for the SRX1500 is shown in the figure below.
The TOE interfaces comprise the following:
 network interfaces which pass traffic
 management interface which handles administrative actions.
The firmware version reflects the detail reported for the components of the Junos OS when the ‘show version’
command is executed on the appliance.
The guidance document included as part of the TOE for the SRX345 and SRX380 models is Junos OS Common Criteria
Guide for SRX345 and SRX380 Devices, Release 20.2R1, Date 2020-09-03 and for the SRX1500 model is Junos OS
Common Criteria Guide for SRX1500 Devices, Release 20.2R1, Date 2020-09-30 [7].
8
Architecture
Each instance of the TOE consists of the following major architectural components:
 the Routing Engine (RE) runs the Junos firmware and provides Layer 3 routing services and network management
for all operations necessary for the configuration and operation of the TOE and controls the flow of information
through the TOE, including Network Address Translation (NAT) and all operations necessary for the
encryption/decryption of packets for secure communication via the IPsec protocol
 the Packet Forwarding Engine (PFE) provides all operations necessary for transit packet forwarding.
The Routing Engine and Packet Forwarding Engine perform their primary tasks independently, while constantly
communicating through a high-speed internal link. This arrangement provides streamlined forwarding and routing
control and the capability to run Internet-scale networks at high speeds.
The Services Gateway appliances support numerous routing standards for flexibility and scalability as well as IETF IPsec
protocols. These functions can all be managed through the Junos firmware, either from a connected terminal console
or via a network connection. Network management can be secured using IPsec and SSH protocols. All management,
whether from a user connecting to a terminal or from the network, requires successful authentication. In the evaluated
deployment network management is secured using the SSH protocol, which can be tunnelled over IPsec.
The TOE supports intrusion detection and prevention functionality, which allows it to detect and react to potential
attacks in real time. The detection component of the IPS can be based on attack signatures which specify the
characteristics of the potentially malicious traffic based on a variety of packet headers payload data attributes. Anomaly
detection based on deviation of the monitored traffic from expected values is also supported.
9
Clarification of scope
The evaluation was conducted in accordance with the Common Criteria and associated methodologies.
The scope of the evaluation was limited to those claims made in the Security Target [8].
Evaluated functionality
Functional tests performed during the evaluation were taken from the Protection Profiles and Supporting Documents
and sufficiently demonstrate the security functionality of the TOE. Some of the tests were combined for ease of
execution.
Non-TOE hardware/software/firmware
Depending on the model, the SRX345, SRX345-DUAL-AC, SRX380 and SRX1500 appliances can be configured with
additional optional Mini-PIMs, PIMs and SFPs. SFP options are generic in nature (with some qualification) whilst the
PIMs and Mini-PIMs are model specific. The available options are detailed in Table 3 in Section 1.6.2 of the Security
Target [8].
The TOE relies on the provision of the following items in the network environment:
 Syslog server supporting SSHv2 connections to send audit logs
 SSHv2 client for remote administration
 serial connection client for local administration
 IPsec peer.
Non-evaluated functionality and services
Potential users of the TOE are advised that some functions and services have not been evaluated as part of the
evaluation. Potential users of the TOE should carefully consider their requirements for using functions and services
outside of the evaluated configuration.
Australian Government users should refer to the Australian Government Information Security Manual [5] for policy
relating to using an evaluated product in an unevaluated configuration. New Zealand Government users should consult
the New Zealand Information Security Manual [6].
The following components are considered outside of the scope of the TOE:
 use of telnet, since it violates the Trusted Path requirement set
 use of File Transfer Protocol, since it violates the Trusted Path requirement set
 use of Simple Network Management Protocol, since it violates the Trusted Path requirement set
 use of Secure Sockets Layer, including management via J-Web, JUNOScript and JUNOScope, since it violates the
Trusted Path requirement set
 use of Command Line Interface account super-user and junos root account.
Security
The TOE Security Policy is a set of rules that defines how information within the TOE is managed and protected. The
Security Target [8] contains a summary of the functionality that is evaluated.
10
Usage
Evaluated configuration
The evaluated configuration is based on the default installation of the TOE with additional configuration implemented
as per model specific guidance documents. For the SRX345 and SRX380 models see Junos OS Common Criteria Guide for
SRX345 and SRX380 Devices, Release 20.2R1, Date 2020-09-03 [7] and for the SRX1500 model see Junos OS Common
Criteria Guide for SRX1500 Devices, Release 20.2R1, Date 2020-09-30 [7].
Secure delivery
There are several mechanisms provided in the delivery process to ensure that a customer receives a product that has
not been tampered with. The customer should perform the following checks upon receipt of a device to verify the
integrity of the platform:
 shipping label - Ensure that the shipping label correctly identifies the correct customer name and address as well
as the device
 outside packaging - Inspect the outside shipping box and tape. Ensure that the shipping tape has not been cut or
otherwise compromised. Ensure that the box has not been cut or damaged to allow access to the device
 inside packaging - Inspect the plastic bag and seal. Ensure that the bag is not cut or removed. Ensure that the seal
remains intact.
If the customer identifies a problem during the inspection, they should immediately contact the supplier providing the
order number, tracking number and a description of the identified problem to the supplier.
Additionally, there are several checks that can be performed to ensure that the customer has received a box sent by
Juniper Networks and not a different company masquerading as Juniper Networks. The customer should perform the
following checks upon receipt of a device to verify the authenticity of the device:
 verify that the device was ordered using a purchase order. Juniper Networks devices are never shipped without a
purchase order
 when a device is shipped, a shipment notification is sent to the e-mail address provided by the customer when the
order is taken. Verify that this e-mail notification was received and contains the following information:
 purchase order number
 Juniper Networks order number used to track the shipment
 carrier tracking number used to track the shipment
 list of items shipped including serial numbers
 address and contacts of both the supplier and the customer
 verify that the shipment was initiated by Juniper Network, performing the following tasks:
 compare the carrier tracking number of the Juniper Networks order number listed in the Juniper Networks
shipping notification with the tracking number on the package received
 log on to the Juniper Networks online customer support portal at
https://www.juniper.net/customers/csc/management to view the order status
 compare the carrier tracking number or the Juniper Networks order number listed in the Juniper Networks
shipment notification with the tracking number on the package received.
11
Installation of the TOE
The Configuration Guides [7] contains all relevant information for the secure configuration of the TOE.
Version verification
The verification of the TOE is largely automatic, including the verification using hashes. The TOE cannot load a modified
image. Valid software images can be downloaded from https://www.juniper.net. In addition to the automated
verification, the site includes individual hashes for each image. The administrator should verify the hash of the software
before installing it into the hardware platform.
Security Administrators are able to query the current version of the TOE firmware using the CLI command ‘show
version’.
Documentation and guidance
It is important that the TOE is used in accordance with guidance documentation in order to ensure secure usage. The
following documentation is available to the consumer when the TOE is purchased. All guidance material is available for
download at https://www.juniper.net:
 Junos OS Common Criteria Guide for SRX345 and SRX380 Devices, Release 20.2R1, Pub. 2020-09-03
 Junos OS Common Criteria Guide for SRX1500 Devices, Release 20.2R1, Pub. 2020-09-30
 Intrusion Detection and Prevention User Guide, 24-Sep-2020
 IPsec VPN User Guide for Security Devices, 30-Sep-2020
 Junos OS CLI User Guide, Pub. 2020-09-21
 Software Installation and Upgrade Guide, 21-Sep-2020.
All Common Criteria guidance material is available at https://www.commoncriteriaportal.org.
The Australian Government Information Security Manual is available at https://www.cyber.gov.au/ism [5].
The New Zealand Information Security Manual is available at https://www.gcsb.govt.nz/ [6].
Secure usage
The evaluation of the TOE took into account certain assumptions about its operational environment. These
assumptions must hold in order to ensure the security objectives of the TOE are met.
The network device is assumed to be physically protected in its operational environment and not subject to physical
attacks that compromise the security and/or interfere with the device’s physical interconnections and correct
operation. This protection is assumed to be sufficient to protect the device and the data it contains.
The device is assumed to provide networking functionality as its core function and not provide functionality/services
that could be deemed as general purpose computing. For example, the device should not provide a computing platform
for general purpose applications (unrelated to networking functionality).
The administrator(s) for the network device are assumed to be trusted and to act in the best interest of security for the
organisation. This includes being appropriately trained, following policy and adhering to guidance documentation.
Administrators are trusted to ensure passwords/credentials have sufficient strength and entropy. The network device is
not expected to be capable of defending against a malicious administrator that actively works to bypass or compromise
the security of the device.
12
For TOEs supporting X.509v3 certificate-based authentication, the Security Administrator(s) are expected to fully
validate (e.g. offline verification) any CA certificate (root CA certificate or intermediate CA certificate) loaded into the
TOE’s trust store (aka 'root store', ' trusted CA Key Store', or similar) as a trust anchor prior to use (e.g. offline
verification).
The network device firmware and software is assumed to be updated by an administrator on a regular basis in response
to the release of product updates due to known security vulnerabilities.
The administrator’s credentials (private key) used to access the network device are protected by the platform on which
they reside.
The administrator must ensure that there is no unauthorised access possible for sensitive residual information (e.g.
cryptographic keys, keying material, PINs, passwords etc.) on networking equipment when the equipment is discarded
or removed from its operational environment.
It is assumed that the TOE is connected to distinct networks in a manner that ensures that the TOE security policies will
be enforced on all applicable network traffic flowing among the attached networks.
13
Evaluation
Overview
This chapter contains information about the procedures used in conducting the evaluation, the testing conducted as
part of the evaluation and the certification result.
Evaluation procedures
The criteria against which the Target of Evaluation (TOE) has been evaluated are contained in the relevant Protection
Profiles [4] and Common Criteria for Information Technology Security Evaluation Version 3.1 Revision 5, Parts 2 and 3
[1, 2].
Testing methodology was drawn from Common Methodology for Information Technology Security, April 2017 Version
3.1 Revision 5 [3], the relevant Supporting Documents [13] and Extended Package [4.d].
The evaluation was carried out in accordance with the operational procedures of the Australasian Information Security
Evaluation Program [11].
In addition, the conditions outlined in the Arrangement on the Recognition of Common Criteria Certificates in the field
of Information Technology Security [10] and the draft document CC and CEM addenda, Exact Conformance, Selection-
Based SFRs, Optional SFRs [14] were also upheld.
Functional testing
All functional tests performed by the evaluators were taken from the Protection Profiles [4] and Supporting Documents
[13]. The tests were designed to provide the required testing coverage for the security functions claimed by the TOE.
Entropy testing
The entropy design description, justification, operation and health tests are assessed and documented in separate
reports [12].
Penetration testing
The evaluators performed the evaluation activities for vulnerability assessment specified by the NDcPP Supporting
Document [13.a] and FW_MOD Supporting Document [13.b] which follow a flaw hypothesis methodology. This effort
also met the requirements for the MOD_VPNGW Supporting Document [13.c]. The IPS_EP [4.d] does not explicitly
impose additional vulnerability assessment requirements. Accordingly, four types of flaw hypotheses have been
considered:
 public vulnerabilities
 NDFW-iTC (Network international Technical Community) sourced
 evaluation team generated
 tool generated.
Based on the results of this testing, the evaluators determined that the TOE is resistant to an attacker possessing a
basic attack potential.
14
Certification
Overview
This chapter contains information about the result of the certification, an overview of the assurance provided and
recommendations made by the certifiers.
Assurance
This certification is focused on the evaluation of product compliance with Protection Profiles that cover the technology
area of network devices with added security functionality including stateful traffic firewall functions, VPN gateway
functions and intrusion prevention functions. Organisations can have confidence that the scope of an evaluation against
an ASD-approved Protection Profile covers the necessary security functionality expected of the evaluated product and
known threats will have been addressed.
The analysis is supported by testing as outlined in the PP Supporting Documents and Extended Profile activities, and a
vulnerability survey demonstrating resistance to penetration attackers with a basic attack potential. Compliance also
provides assurance through evidence of secure delivery procedures. Certification is not a guarantee of freedom from
security vulnerabilities.
The effectiveness and integrity of cryptographic functions are also within the scope of product evaluations performed
in line with the Protection Profiles (PPs). PPs provide assurance by providing a full Security Target, and an analysis of the
Security Functional Requirements in that Security Target, guidance documentation, and a basic description of the
architecture of the TOE.
Certification result
Teron Labs has determined that the TOE upholds the claims made in the Security Target [8] and has met the
requirements of the Protection Profiles NDcPP V2.1 [4.a], FW_MOD [4.b], [MOD_VPNGW [4.c] and IPS_EP [4.d].
After due consideration of the conduct of the evaluation as reported to the certifiers, and of the Evaluation Technical
Report [9], the Australasian Certification Authority certifies the evaluation of the Juniper Junos OS 20.2R1 for SRX345,
SRX345-DUAL-AC, SRX380 and SRX1500 appliances performed by the Australasian Information Security Evaluation
Facility, Teron Labs.
The Australasian Certification Authority notes that Teron Labs evaluated this TOE concurrently with the certification of
the PP-Configurations CFG_NDcPP-FW_V1.3 [4.e] and CFG_NDcPP-FW-VPNGW_V1.0 [4.f] on a first-use basis. The
Australasian Certification Authority certifies that the Security Target [8] may thus claim to have met the requirements
of the more inclusive PP-Configuration CFG_NDcPP-FW-VPNGW_V1.0 [4.f].
Recommendations
Not all of the evaluated functionality present in the TOE may be suitable for Australian and New Zealand Government
users. For further guidance, Australian Government users should refer to the Australian Government Information
Security Manual [5] and New Zealand Government users should consult the New Zealand Information Security Manual
[6].
In addition to ensuring that the assumptions concerning the operational environment are fulfilled, and the guidance
document is followed, the Australasian Certification Authority also recommends that users and administrators:
 ensure that the TOE is operated in the evaluated configuration and that assumptions concerning the TOE security
environment are fulfilled
15
 configure and operate the TOE according to the vendor’s product administrator guidance and pay attention to all
security warnings
 maintain the underlying environment in a secure manner so that the integrity of the TOE Security Function is
preserved
 verify the hash of any downloaded software, as present on the https://www.juniper.net website
 the system auditor should review the audit trail generated and exported by the TOE periodically
 after configuration changes relating to IKE/IPsec are made on the TOE, the user should restart the IKE key-
management process using the command:
restart ike-key-management
This will ensure that the configuration parameters are available for immediate use.
16
Annex A – References and abbreviations
References
1. Common Criteria for Information Technology Security Evaluation Part 2: Security functional components April
2017, Version 3.1 Revision 5
2. Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components April
2017, Version 3.1 Revision 5
3. Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, April 2017,
Version 3.1 Revision 5
4. Protection Profiles:
a) collaborative Protection Profile for Network Devices (NDcPP), Version 2.1, 24 September 2018
b) PP-Module for Stateful Traffic Filter Firewalls (FW_MOD), Version 1.3, 27 September 2019
c) PP-Module for Virtual Private Network (VPN) Gateways (MOD_VPNGW), version 1.0, 17 September
2019
d) collaborative Protection Profile for Network Devices/collaborative Protection Profile for Stateful Traffic
Filter Firewalls Extended Package (EP) for Intrusion Prevention Systems (IPS), version 2.11, dated 15
June 2017 (IPS EP).
e) PP-Configuration for Network Device and Stateful Traffic Filter Firewalls, Version 1.3, 27-September-
2019 (CFG_NDcPP-FW_V1.3)
f) PP-Configuration for Network Devices, Stateful Traffic Filter Firewalls, and Virtual Private Network
(VPN) Gateways, Version: 1.0, 2020-03-06 (CFG_NDcPP-FW-VPNGW_V1.0)
5. Australian Government Information Security Manual: https://www.cyber.gov.au/ism
6. New Zealand Information Security Manual: https://www.nzism.gcsb.govt.nz/ism-document/
7. Guidance documentation:
a) Junos OS Common Criteria Guide for SRX345 and SRX380 Devices, Release 20.2R1, Pub. 2020-09-03
b) Junos OS Common Criteria Guide for SRX1500 Devices, Release 20.2R1, Pub. 2020-09-30
c) (Junos OS) Intrusion Detection and Prevention User Guide, 24-Sep-2020
d) (Junos OS) IPsec VPN User Guide for Security Devices, 30-Sep-2020
e) Junos OS CLI User Guide, Pub. 2020-09-21
f) (Junos OS) Software Installation and Upgrade Guide, 21-Sep-2020
8. Security Target for Junos OS 20.2R1 for SRX345, SRX345-DUAL-AC, SRX380 and SRX1500, Version 1.4, 02
November 2020
9. Evaluation Technical Report - Junos OS 20.2R1 for SRX345, SRX345-DUAL-AC, SRX380 and SRX1500 v1.0, dated
06 November 2020 (Document reference EFT-T013-ETR 1.0)
10. Arrangement on the Recognition of Common Criteria Certificates in the field of Information Technology
Security, 2 July 2014
11. AISEP Policy Manual (APM): https://www.cyber.gov.au/sites/default/files/2019-03/AISEP_Policy_Manual.pdf
17
12. Description and analysis of TOE random bit generation
a) Seeding of the Kernel RBG, Junos OS 20.2R1, SRX345, SRX345-DUAL-AC and SRX380, Version 1.2,
2020-09-27
b) Seeding of the Kernel RBG In SRX1500 Appliance Running Junos OS 20.2R1, Version 1.0, 2020-09-27
13. Protection Profile Supporting Documents
a) Supporting Document, Evaluation Activities for Network Device cPP, September 2018, version 2.1
(NDcPP-SD)
b) Evaluation Activities for Stateful Traffic Filter Firewalls PP-Module, September 2019, Version 1.3
(FW_MOD-SD)
c) Supporting Document, Mandatory Technical Document, PP-Module for Virtual Private Network (VPN)
Gateways, version 1.0, dated 2019-09-17, (MOD_VPNGW_SD)
14. CC and CEM addenda, Exact Conformance, Selection-Based SFRs, Optional SFRs May 2017, Version 0.5 CCDB-
2017-05-xx
Abbreviations
AISEP Australasian Information Security Evaluation Program
ASD Australian Signals Directorate
ASIC Application Specific Integrated Circuit
CCRA Common Criteria Recognition Arrangement
IETF Internet Engineering Task Force
IKE Internet Key Exchange
IPsec Internet Protocol Security
IPSEP Intrusion Prevention Systems Extended Package
NAT Network Address Translation
NDcPP CCRA-approved collaborative Protection Profile for Network Devices
NDFW iTC Network Device Fundamentals and Firewalls international Technical Community
PFE Packet Forwarding Engine
PP Protection Profile
RE Routing Engine
SSH Secure SHell
TOE Target of Evaluation
VPN Virtual Private Network