Certified Product: Fortinet FortiWeb 5.6

Fortinet FortiWeb 5.6 (hereafter referred to as the Target of Evaluation, or TOE) from Fortinet Inc.  was the subject of a Common Criteria evaluation performed by the Common Criteria Evaluation Facility at EWA-Canada. The evaluation was completed in December 2017.

The TOE is a network device that protects web-based applications and internet-facing data from attack and security breaches. Using advanced techniques, the TOE provides bidirectional protection against malicious sources, denial of service attacks and sophisticated threats such as SQL injection, cross-site scripting, buffer overflows, file inclusion, and cookie poisoning.

The scope of this evaluation is defined in the Security Target, which identifies assumptions made during the evaluation, the intended environment for the TOE, the security requirements to be met, and the level of confidence to which it is asserted that the TOE satisfies its IT security requirements.

The evaluation of the TOE determined that this Information Technology (IT) product implements the security functional requirements specified in the Security Target, and satisfies the requirements of collaborative Protection Profile for Network Devices Version 1.0.

Consumers are advised to carefully review the Certification Report to gain an understanding of the security functionality, the evaluated configuration, and the intended operating environment for the TOE.