CSEC Homepage > About IT Security > IT Security Program, Products and Services > Common Criteria > FortiGate^TM-50B, 200A, 300A, 310B, 500A, 800, 1000A, 3016B, 3600, 3600A, 3810A-E4, 5001SX, 5001FA2, 5001A-DW and FortiWiFi-50B Unified Threat Management Solutions and FortiOS^TM 3.0 CC Compliant Firmware

FortiGate^TM-50B, 200A, 300A, 310B, 500A, 800, 1000A, 3016B, 3600, 3600A, 3810A-E4, 5001SX, 5001FA2, 5001A-DW and FortiWiFi-50B Unified Threat Management Solutions and FortiOS^TM 3.0 CC Compliant Firmware

Fortinet, Incorporated
1090 Kifer Road
Sunnyvale, CA 94086-5301
Telephone: (408) 235-7700

FortiGate^TM-50B, 200A, 300A, 310B, 500A, 800, 1000A, 3016B, 3600, 3600A, 3810A-E4, 5001SX, 5001FA2, 5001A-DW and FortiWiFi-50B Unified Threat Management Solutions and FortiOS^TM 3.0 CC Compliant Firmware (hereafter referred to as FortiGate), was the subject of a Common Criteria evaluation performed by the Common Criteria Evaluation Facility at EWA-Canada located in Ottawa, Ontario. The evaluation was completed in November 2008.

The evaluation of FortiGate determined that this Information Technology (IT) product can be trusted, at an assurance level of EAL 4 augmented with ALC_FLR.3, to conform to the requirements of the associated security target.

FortiGate secures a wide range of network environments, from the remote office and branch office to the enterprise and the service provider. FortiGate detects and eliminates damaging, content-based threats from email and Web traffic such as viruses, worms, intrusion attempts, and inappropriate Web content in real-time without degrading network performance. FortiGate units can operate independently, as part of a cluster to provide high availability of services, or collectively with a centralized management system to provide multiple security enforcement points within large networks.

FortiGate units support the IPSec industry standard for Virtual Private Networks (VPN), allowing VPNs to be configured between a FortiGate unit and any compatible Internet Protocol Security (IPSec) VPN client, gateway, or firewall. FortiGate also provide Secure Sockets Layer (SSL) VPN gateway and tunneling services.

Firewall, IPSec VPN, antivirus, and intrusion prevention functionality are included in this evaluation; antispam, Web filtering, traffic shaping, SSL VPN and centralized management capabilities are excluded. Section 2 of the security target provides details on functionality included, and excluded, from this evaluation.

FortiGate incorporates FIPS PUB 140-2 validated cryptography.

The scope of this evaluation is defined by the security target, which identifies assumptions made during the evaluation, the intended environment for FortiGate, the IT security requirements to be met, and the level of confidence (evaluation assurance level) to which it is asserted that FortiGate satisfies its IT Security Requirements.

Consumers are advised to carefully review the certification report to gain an understanding of the security functionality, the tested configuration, FIPS validation details, and the intended operating environment for FortiGate.

Product Type: Firewall

Security Target: * Accessibility Notice * Official Languages Notice

Protection Profile Identifiers: Intrusion Detection System Sensor Protection Profile (IDSS PP), Version 1.2, April 27, 2005.

Certification Report: HTML | PDF

Certificate of Evaluation: HTML | PDF