SonicWall, Inc. SonicWALL TZ 300/TZ 300W, TZ300P, TZ350/TZ350W,TZ 400/TZ 400W, TZ 500/TZ 500W, TZ 600,TZ600P, SOHO W, SOHO250/SOHO250W,SM 9200, SM 9400, SM 9600 and NSa 2650, NSa 3600, NSa 3650, NSa 4600, NSa 4650, NSa 5600, NSa 5650, NSa 6600, NSa 6650, NSa 9250, NSa 9450, NSa 9650 Non-Proprietary FIPS 140-2 Security Policy Document Version: 1.6 Date: May 11, 2020 Level 2 SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 2 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Copyright Notice Copyright © 2020 SonicWall, Inc. Public Material May be reproduced only in its original entirety (without revision). SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 3 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Table of Contents 1. Introduction ..................................................................................................................6 1.1 Module Description and Cryptographic Boundary ......................................................................8 1.2 Ports and Interfaces .....................................................................................................................8 1.3 Modes of Operation...................................................................................................................36 1.3.1 FIPS 140-2 Approved mode of Operation.....................................................................................36 1.3.2 Non-Approved mode of Operation...............................................................................................37 1.3.3 Non-Approved Algorithms with No Security Claimed ..................................................................37 2. Cryptographic Functionality ......................................................................................... 38 2.1 Critical Security Parameters.......................................................................................................42 2.2 Public Keys..................................................................................................................................42 3. Roles, Authentication and Services .............................................................................. 43 3.1 Assumption of Roles...................................................................................................................43 3.2 Authentication Methods............................................................................................................44 3.3 Services.......................................................................................................................................45 3.3.1 User Role Services.........................................................................................................................45 3.3.2 Crypto Officer Services..................................................................................................................45 3.3.3 Unauthenticated services .............................................................................................................46 4. Self-tests ..................................................................................................................... 51 5. Physical Security Policy................................................................................................ 52 6. Operational Environment ............................................................................................ 59 7. Mitigation of Other Attacks Policy................................................................................ 59 8. Security Rules and Guidance ........................................................................................ 59 8.1 Crypto-Officer Guidance ............................................................................................................60 9. References and Definitions .......................................................................................... 61 SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 4 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). List of Tables Table 1 – Cryptographic Module List ............................................................................................................6 Table 2 – Security Level of Security Requirements.......................................................................................7 Table 3 – Front Panel and Rear Panel Ports and Interfaces for TZ 300/TZ 300W, TZ 300P, TZ 350/TZ 350W, TZ 400/TZ 400W, TZ 500/TZ 500W, TZ 600, TZ 600P, SOHO W, SOHO 250, SOHO 250W models.............23 Table 4 – Front Panel Ports and Interfaces for SM9200/SM 9400/SM 9600..............................................24 Table 5 - Back Panel Ports and Interfaces for SM 9200/SM 9400/SM 9600...............................................26 Table 6 – Front Panel Ports and Interfaces for NSa 3600/NSa 4600/NSa 5600 and NSa 6600 mapped to Figures 5 and 6............................................................................................................................................27 Table 7 - Back Panel Ports and Interfaces for NSa 3600/NSa 4600/NSa 5600 and NSa 6600 mapped to Figures 7 and 8............................................................................................................................................29 Table 8 – Front Panel Ports and Interfaces for NSa 2650/NSa 3650/NSa 4650/NSa 5650/NSa 6650........32 Table 9 - Back Panel Ports and Interfaces for NSa 2650/3650/4650/5650/6650 mapped to Figure 9......33 Table 10 - NSa 9250/NSa 9450/NSa 9650 Front Panel ports and interfaces mapped to Figure 10 ...........34 Table 11 - Back Panel Ports and Interfaces for NSa 9250/NSa 9450/NSa 9650 mapped to Figures 11 .....35 Table 12 – Approved Algorithms ................................................................................................................38 Table 13 - Non-Approved but Allowed Cryptographic Functions...............................................................41 Table 14 - Security Relevant Protocols Used in FIPS Mode ........................................................................41 Table 15 – Role Description ........................................................................................................................43 Table 16 – Authentication Description .......................................................................................................44 Table 17 – Authenticated Services..............................................................................................................47 Table 18 – Unauthenticated Services .........................................................................................................47 Table 19 – Security Parameters Access Rights within Services and CSPs...................................................48 Table 20 – Security Parameters Access Rights within Services and Public Keys.........................................49 Table 21 – Number of Tamper Evident Seals..............................................................................................58 Table 22 - References..................................................................................................................................61 Table 23 – Acronyms and Definitions .........................................................................................................62 SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 5 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). List of Figures Figure 1 - TZ Series Ports.............................................................................................................................19 Figure 2 - SOHO Series Physical Ports.........................................................................................................23 Figure 3 - Super Massive Front Panel SM9200/SM 9400/SM 9600............................................................24 Figure 4 - Super Massive Back Panel for SM9200/SM 9400/SM 9600 .......................................................26 Figure 5 - NSa 3600/NSa 4600/NSa 5600 Front Panel................................................................................27 Figure 6 - NSa 6600 Front Panel..................................................................................................................27 Figure 7 - NSa 3600/NSa 4600/NSa 5600 Back Panel.................................................................................29 Figure 8 - NSa 6600 Back Panel...................................................................................................................29 Figure 9 - NSa 2650/NSa 3650/NSa 4650/NSa 5650/NSa 6650 Front and Back Panels .............................32 Figure 10 - NSa 9250/NSa 9450/NSa 9650 Front Panel..............................................................................34 Figure 11 - NSa 9250/NSa 9450/NSa 9650 Back Panel...............................................................................35 Figure 12 – SOHO W and SOHO 250/SOHO 250W (Left)............................................................................52 Figure 13 – SOHO W and SOHO 250/SOHO 250W (Right)..........................................................................52 Figure 14 - TZ 300 (Top, Left)......................................................................................................................53 Figure 15 – TZ 300P (Top) ...........................................................................................................................53 Figure 16 – TZ 350/ TZ 350W (Top).............................................................................................................53 Figure 17 - TZ 400 (Top, Left)......................................................................................................................53 Figure 18 - TZ 500 (Top, Left)......................................................................................................................53 Figure 19 -TZ 600 (Top, Left).......................................................................................................................53 Figure 20 - TZ 600P (Top)............................................................................................................................54 Figure 21 - TZ 300 Right, Bottom View .......................................................................................................54 Figure 22 - TZ 300P (Bottom View).............................................................................................................54 Figure 23 - TZ 350/TZ 350W (Bottom View) ...............................................................................................54 Figure 24 - TZ 400 Right, Bottom View .......................................................................................................54 Figure 25 - TZ 500 Right, Bottom View .......................................................................................................54 Figure 26 - TZ 600 Right, Bottom View .......................................................................................................55 Figure 27 - TZ 600P (Bottom View).............................................................................................................55 Figure 28 - NSa 6600/NSa 3600/NSa 4600/NSa 5600 Front and Back Seals ..............................................55 Figure 29 - SM 9600/SM 9400/SM 9200.....................................................................................................56 Figure 30 - NSa 2650/NSa 3650/NSa 4650/NSa 5650 Tamper Evident Seal placement ............................57 Figure 31 - NSa 6650/NSa 9250/NSa 9450/NSa 9650 Front, Rear, Right and Left Panels and Tamper Evident Seal placement............................................................................................................................................58 SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 6 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). 1. Introduction This document defines the Security Policy for the SonicWALL TZ 300/TZ 300W,TZ300P,TZ350/TZ350W,TZ 400/TZ 400W, TZ 500/TZ 500W, TZ 600,TZ600P, SOHO W, SOHO250/SOHO250W,SM 9200, SM 9400, SM 9600 and NSa 2650, NSa 3600, NSa 3650, NSa 4600, NSa 4650, NSa 5600, NSa 5650, NSa 6600, NSa 6650, NSa 9250, NSa 9450, NSa 9650 models, hereafter denoted the Module. The Module is an Internet security appliance, which provides stateful packet filtering firewall, deep packet inspection, virtual private network (VPN), and traffic shaping services. The Module is a multiple-chip standalone cryptographic module, in 29 configurations with hardware part numbers and versions as follows: Table 1 – Cryptographic Module List Module Hardware P/N and Version Firmware Version 1 TZ 300 101-500403-55 Rev. F SonicOS v6.5.4 2 TZ 300W 101-500404-54 Rev. E SonicOS v6.5.4 3 TZ 300P 101-500582-52 Rev A SonicOS v6.5.4 4 TZ 350 101-500622-52 Rev A SonicOS v6.5.4 5 TZ 350W 101-500621-51 Rev A SonicOS v6.5.4 6 TZ 400 101-500405-55 Rev. F SonicOS v6.5.4 7 TZ 400W 101-500406-54 Rev. E SonicOS v6.5.4 8 TZ 500 101-500411-56 Rev. G SonicOS v6.5.4 9 TZ 500W 101-500412-55 Rev. F SonicOS v6.5.4 10 TZ 600 101-500413-56 Rev. G SonicOS v6.5.4 11 TZ 600P 101-500581-51 Rev A SonicOS v6.5.4 12 SOHO W 101-500410-54 Rev. E SonicOS v6.5.4 13 SOHO 250 101-500624-51 Rev A SonicOS v6.5.4 14 SOHO 250W 101-500623-52 Rev A SonicOS v6.5.4 15 SM 9200 101-500455-54 Rev. E SonicOS v6.5.4 16 SM 9400 101-500454-54 Rev. E SonicOS v6.5.4 17 SM 9600 101-500453-54 Rev. E SonicOS v6.5.4 18 NSa 2650 101-500452-50 Rev. A SonicOS v6.5.4 19 NSa 3600 101-500459-54 Rev. E SonicOS v6.5.4 20 NSa3650 101-500514-50 SonicOS v6.5.4 21 NSa 4600 101-500458-54 Rev. E SonicOS v6.5.4 22 NSa4650 101-500451-50 SonicOS v6.5.4 23 NSa 5600 101-500457-54 Rev. E SonicOS v6.5.4 SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 7 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). 24 NSa 5650 101-500517-50 SonicOS v6.5.4 25 NSa 6600 101-500456-54 Rev. E SonicOS v6.5.4 26 NSa 6650 101-5005518-50 Rev A SonicOS v6.5.4 27 NSa 9250 101-500520-50 Rev A SonicOS v6.5.4 28 NSa 9450 101-500519-50 Rev A SonicOS v6.5.4 29 NSa 9650 101-500449-50 Rev A SonicOS v6.5.4 The Module firmware version for all models is SonicOS v6.5.4. Note that the different hardware versions vary only in form factor, CPU, number of ports, presence of wireless interfaces, and memory. The Module is intended for use by US Federal agencies and other markets that require FIPS 140-2 validated cryptographic modules. The appliance Encryption technology uses Suite B algorithms. Suite B algorithms are approved by the U.S. government for protecting both Unclassified and Classified data. The FIPS 140-2 security levels for the Module are as follows: Table 2 – Security Level of Security Requirements Security Requirement Security Level Cryptographic Module Specification 3 Cryptographic Module Ports and Interfaces 2 Roles, Services, and Authentication 2 Finite State Model 2 Physical Security 2 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 2 Self-Tests 2 Design Assurance 3 Mitigation of Other Attacks N/A Overall 2 The overall FIPS validation level for the module is Security Level 2. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 8 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). 1.1 Module Description and Cryptographic Boundary The physical form of the Module is depicted in Figure 1 through Figure 11. The Module is a multi-chip standalone embodiment. The cryptographic boundary is the surfaces and edges of the device enclosure, inclusive of the physical ports. 1.2 Ports and Interfaces The Module’s ports and associated FIPS defined logical interface categories are listed in the tables in this section. The images in Figure 1 and Figure 2 depict the physical ports for TZ 300/TZ 300W, TZ 300P, TZ 350/TZ 350W, TZ 400/TZ 400W, TZ 500/TZ 500W, TZ 600, TZ600P, SOHO W and SOHO 250/SOHO 250W. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 9 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). TZ 300 Physical Ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 10 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). TZ 300W Physical Ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 11 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). TZ 300P Physical ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 12 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). TZ 350 Physical ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 13 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). TZ 350W Physical ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 14 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). TZ 400 Physical Ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 15 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). TZ 400W Physical Ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 16 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). TZ 500 Physical Ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 17 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). TZ 500W Physical Ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 18 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). TZ 600 Physical Ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 19 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). TZ 600P Physical Ports Figure 1 - TZ Series Ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 20 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). SOHO W Physical Ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 21 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). SOHO 250 Physical Ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 22 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). SOHO 250W Physical Ports SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 23 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Figure 2 - SOHO Series Physical Ports Table 3 describes the physical ports (mapped to the figures above) and corresponding logical interfaces. Table 3 – Front Panel and Rear Panel Ports and Interfaces for TZ 300/TZ 300W, TZ 300P, TZ 350/TZ 350W, TZ 400/TZ 400W, TZ 500/TZ 500W, TZ 600, TZ 600P, SOHO W, SOHO 250, SOHO 250W models Physical Ports Qty. Description Logical Interfaces Front Panel Status LEDs Varies TZ 300W/TZ 400W/TZ 500W/SOHO-W/TZ 350W/ SOHO 250W – 6 status LEDs TZ 300/TZ 400/TZ 500/ TZ 350/TZ 300P/TZ 600P/ SOHO 250– 4 status LEDs (No wireless) TZ 600- 5 status LEDs Power: Indicate module is receiving power. Test: Indicates module is initializing and performing self- tests. Service: Unused; for future use Wireless: Unused in Approved mode. M0: Expansion Module (Only for TZ 600) Status output Ethernet LEDs 2/port Ethernet activity: 10/100 activity (top); 1G activity (bottom) Status output POE LEDs Varies TZ 300P – 2 POE LEDs TZ 600P – 4 POE LEDs Status output USB Varies TZ350/TZ350W,TZ300P,TZ300/TZ300W/TZ400/TZ 400W/SOHO W – 1 USB TZ 600P TZ 500/TZ 500W/TZ 600 – 2 USB SOHO 250/250W 1 USB Allows the attachment of an external device. Security Guidance is “not to be used in FIPS Mode” N/A Rear Panel Reset Button 1 Used to manually reset the appliance to Safe Mode. (Not functional on TZ 600) Control input Power Interface 1 AC power interfaces Power Console 1 Serial console (local) interface. Control In, Status Out Ethernet Interfaces Varies SOHO250/SOHO250W(Qty5),TZ300P,TZ350,TZ350W,TZ 300/TZ 300W (Qty 5) TZ 400/TZ 400W (Qty 7) TZ 500/TZ 500W (Qty 8) TZ 600P,TZ 600 (Qty 10) Control In, Status Out, Data input, Data output SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 24 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Physical Ports Qty. Description Logical Interfaces Antenna Connectors 3 For Antennas (TZ350W, SOHO W, SOHO250W, TZ 300W, TZ400W, TZ500W models only; unused in Approved mode) N/A Expansion 1 (TZ 600 only) Expansion connector, unused, disconnected internally. N/A Figure 3 shows the locations of the physical ports on the front of the SM 9200, SM 9400, and SM 9600. Figure 3 - Super Massive Front Panel SM9200/SM 9400/SM 9600 Table 4 describes the physical ports (mapped to Figure 3) and corresponding logical interfaces. Table 4 – Front Panel Ports and Interfaces for SM9200/SM 9400/SM 9600 Physical Ports Qty. Description Logical Interfaces LCD display 1 LCD status display Status output LCD controls 4 Controls for scrolling thru the LCD display options Control input, status output Serial Console Interface 1 DB-9/RJ-45 serial connector. Provides a serial console which can be used for basic administration functions. Data input, control input and status output Control input and status output USB Interfaces 2 Allows the attachment of an external device. Security Guidance is “not to be used in FIPS Mode” N/A Reset (Safe Mode) Button Interface 1 Used to manually reset the appliance to Safe Mode. Control input Status LED Interface 6 Power LEDs: Indicate module is receiving power. Status output SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 25 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Physical Ports Qty. Description Logical Interfaces Test LED: Indicates module is initializing and performing self-tests. Alarm LED: Indicates alarm condition. M0: Indicates expansion module LAN Bypass LED: Indicates LAN bypass mode Secure Digital High Capacity Port 1 Currently not used and does not provide any service or function. N/A Ethernet Management Interface 1 1Gbps RJ45 interface labeled as MGMT, includes LINK and ACT LEDs Management interface is solely used for Outband management of the device. The management interface provides dedicated access for the system administration via HTTP/HTTPS/SSH/SNMP and is not shared with other types of network traffic. Control In, Status Out, data input and data output Ethernet Interfaces 8 10/100/1000 auto-sensing with an RJ-45/SX/SC multimode fiber connector. Labeled X#..., LAN/WAN/…. Each Ethernet interface includes LINK and ACT LEDs. Data input, data output, status output, and control input (via the external GUI Administration interface) Ethernet hot- pluggable SFP 8 1GbE SFP interfaces supporting RJ-45/SX/SC multimode fiber connector with LINK and ACT LEDs. Data input, data output, status output, and control input (via the external GUI Administration interface) Ethernet 10GE hot- pluggable SFP+ 4 10GbE SFP+ interfaces with LINK and ACT LEDs Data input, data output, status output, and control input (via the external GUI Administration interface) Figure 4 shows the locations of the physical ports on the back of the Super Massive modules. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 26 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Figure 4 - Super Massive Back Panel for SM9200/SM 9400/SM 9600 Table 5 describes the physical ports (mapped to Figure 4) and corresponding logical interfaces. Table 5 - Back Panel Ports and Interfaces for SM 9200/SM 9400/SM 9600 Physical Ports Qty. Description Logical Interfaces Power Interface 2 AC power interfaces Power Expansion Bay 1 Currently not used and does not provide any service or function. N/A Fan Interface 2 Dual removable fan components N/A Figure 5 and Figure 6 show the locations of the physical ports on the front of the NSa 3600/NSa 4600/NSa 5600 and NSa 6600 modules. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 27 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Figure 5 - NSa 3600/NSa 4600/NSa 5600 Front Panel Figure 6 - NSa 6600 Front Panel Table 6 – Front Panel Ports and Interfaces for NSa3600/NSa 4600/NSa 5600 and NSa 6600 mapped to Figures 5 and 6 Physical Ports Qty. Description Logical Interfaces Serial Console Interface 1 DB-9/RJ-45 serial connector. Provides a serial console which can be used for basic administration functions. Data input, control input and status output Control input and status output only USB Interfaces 2 Allows the attachment of an external device. Security Guidance is “not to be used in FIPS Mode” N/A Reset (Safe Mode) Button Interface 1 Used to manually reset the appliance to Safe Mode. Control input Status LED Interface Varies Power LED: Indicate module is receiving power. Test LED: Indicates module is initializing and performing self-tests. Alarm LED: Indicates alarm condition. M0: Indicates expansion module Bypass Status LED: Only on the NSa6600 Status output Secure Digital High Capacity Port 1 Currently not used and does not provide any service or function. N/A SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 28 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Physical Ports Qty. Description Logical Interfaces Ethernet Management Interface 1 1Gbps RJ45 interface labeled as MGMT, includes LINK and ACT LEDs Management interface is solely used for Outband management of the device. The management interface provides dedicated access for the system administration via HTTP/HTTPS/SSH/SNMP and is not shared with other types of network traffic. Control In, Status Out, Data input, Data output Ethernet Interfaces Varies NSa 6600: 8 x 1Gbe Eth interfaces NSa 5600/NSa 4600/NSa 3600: 12 x 1Gbe Eth interfaces 10/100/1000 auto-sensing with an RJ-45/SX/SC multimode fiber connector. Labeled X#..., LAN/WAN/…. Each Ethernet interface includes LINK and ACT LEDs. Data input, data output, status output, and control input (via the external GUI Administration interface) Ethernet hot- pluggable SFP Varies NSa 6600: 8 x 1Gbe SFP ports NSa 5600/NSa 4600/NSa 3600: 4 x 1Gbe SFP ports 1GbE SFP interfaces supporting RJ-45/SX/SC multimode fiber connector with LINK and ACT LEDs. Data input, data output, status output, and control input (via the external GUI Administration interface) Ethernet 10GE hot- pluggable SFP Varies NSa 6600: 4 x 10Gbe SFP+ interfaces NSa 5600/NSa 4600/NSa 3600: 2 x 10Gbe SFP+ interfaces 10GbE SFP+ interfaces with LINK and ACT LEDs Data input, data output, status output, and control input (via the external GUI Administration interface) Figure 7 and Figure 8 show the locations of the physical ports on the back of the NSa 3600/NSa 4600/NSa 5600 and NSa 6600 modules. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 29 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Figure 7 - NSa 3600/NSa 4600/NSa 5600 Back Panel Figure 8 - NSa 6600 Back Panel Table 7 - Back Panel Ports and Interfaces for NSa 3600/NSa 4600/NSa 5600 and NSa 6600 mapped to Figures 7 and 8 Physical Ports Qty. Description Logical Interfaces Power Interface 1 AC power interfaces Power Expansion Bay 1 Currently not used and does not provide any service or function. N/A Fan Interface 2 Dual hot swappable fans (NSa 6600) Dual Fans (NSa 5600/NSa 4600/NSa 3600) N/A SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 30 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 31 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 32 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Figure 9 - NSa 2650/NSa 3650/NSa 4650/NSa 5650/NSa 6650 Front and Back Panels Table 8 describes the physical ports (mapped in Figure 9) and corresponding logical interfaces for NSa2650/NSa 3650/NSa 4650/NSa 5650/NSa 6650 Table 8 – Front Panel Ports and Interfaces for NSa 2650/NSa 3650/NSa 4650/NSa 5650/NSa 6650 Physical Ports Qty. Description Logical Interfaces Console 1 DB-9/RJ-45 serial connector. Provides a serial console which can be used for basic administration functions. Data input, control input , status output. Control input and status output only USB 2 Allows the attachment of an external device. Security Guidance is “not to be used in FIPS Mode” N/A Reset (SafeMode) Button 1 Used to manually reset the appliance to Safe Mode. Control input Status LEDs Varies 2 Power LEDs: Indicate module is receiving power. Test LED: Indicates module is initializing and performing self-tests. Alarm LED: Indicates alarm condition. M0/M1: Expansion Module activity LAN Bypass LED: Only in NSa 4650/NSa 5650/NSa 6650 Status output MGMT 1 1Gbps RJ45 isolated out-of-band management (MGMT) port, with integral LINK and ACT LEDs Control input, status output, data input and data output SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 33 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Physical Ports Qty. Description Logical Interfaces Ethernet [1GE] Varies NSa 2650/NSa 3650: 12 x 1Gb Ethernet interfaces NSa 4650/NSa 5650: 16 x 1Gb Ethernet interfaces NSa 6650: 8 x 1Gb Ethernet Interfaces 10/100/1000 auto-sensing with an RJ-45/SX/SC multimode fiber connector. Labeled X#..., LAN/WAN/…. Each Ethernet interface includes LINK and ACT LEDs. Data input, data output, status output, control input Ethernet [1/2.5 GE] Varies NSa 6650: 8 x 1/2.5 Gb Ethernet Interfaces NSa 2650/NSa 3650/NSa 4650/NSa 5650: 4 x 1 / 2.5 Gb Ethernet Interfaces 1/2.5G auto-sensing with an RJ-45. Labeled X#..., LAN/WAN/…. Each Ethernet interface includes LINK and ACT LEDs. Data input, data output, status output, control input 1/2.5 GE SFP Varies NSa 2650/NSa 4650/NSa 5650/NSa 6650: 4x 1/2.5 Gb Ethernet interfaces NSa 3650: 8 x 1/2.5Gb Ethernet interfaces 1Gb Ethernet hot-pluggable SFP interfaces supporting RJ-45/SX/SC multimode fiber connector with LINK and ACT LEDs. Data input, data output, status output, control input 10/5/2.5 GE SFP+ 2 NSa 2650 : 0 NSa 3650/NSa 4650/NSa 5650:2 x 10/5/2.5G SFP+ interfaces NSa 6650: 6 x 10/5/2/5G SFP+ interfaces 10Gb Ethernet hot-pluggable SFP+ interfaces with LINK and ACT LEDs Data input, data output, status output, control input 10/5/2.5 GE copper Ports 2 NSa 2650/NSa 3650/NSa 4650: 0 NSa 5650: 2 x 10/5/2.5Gb copper Ethernet interfaces 10/5/2.5 Gb copper Ethernet auto-sensing with an RJ- 45. Labeled X#..., LAN/WAN/…. Each Ethernet interface includes LINK and ACT LEDs. Data input, data output, status output, control input Power 1 AC power input and switch Power Table 9 - Back Panel Ports and Interfaces for NSa 2650/3650/4650/5650/6650 mapped to Figure 9 Physical Ports Qty. Description Logical Interfaces Power Interface 1 AC power interfaces Power Redundant power 1 Slot for redundant power supply Power Storage module 1 M0 storage module (covered by a tamper evident seal) Storage Expansion Bay for storage 1 Currently not used and does not provide any service or function. N/A SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 34 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Physical Ports Qty. Description Logical Interfaces Fan Interface 2 Dual hot swappable fans (4650/5650/6650) Dual Fans (2650/3650) N/A Figure 10 - NSa 9250/NSa 9450/NSa 9650 Front Panel Table 10 - NSa 9250/NSa 9450/NSa 9650 Front Panel ports and interfaces mapped to Figure 10 Physical Ports Qty. Description Logical Interfaces LCD display 1 LCD status display Status output LCD controls 4 Controls for scrolling thru the LCD display options Control input, status output Console 1 DB-9/RJ-45 serial connector. Provides a serial console which can be used for basic administration functions. Data input, control input , status output. Control input and status output only USB 2 Allows the attachment of an external device. Security Guidance is “not to be used in FIPS Mode” N/A Reset (SafeMode) Button 1 Used to manually reset the appliance to Safe Mode. Control input Status LEDs 7 2 Power LEDs: Indicate module is receiving power. Test LED: Indicates module is initializing and performing self-tests. Alarm LED: Indicates alarm condition. M0/M1: Expansion Module activity LAN Bypass LED: Indicates LAN bypass mode Status output SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 35 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Physical Ports Qty. Description Logical Interfaces MGMT 1 1Gbps RJ45 isolated out-of-band management (MGMT) port, with integral LINK and ACT LEDs Control input, status output, data input and data output Ethernet [1GE] 8 10/100/1000 auto-sensing with an RJ-45/SX/SC multimode fiber connector. Labeled X#..., LAN/WAN/…. Each Ethernet interface includes LINK and ACT LEDs. Data input, data output, status output, control input Ethernet [1/2.5Gbe] 8 1G/2.5G auto-sensing with an RJ-45 connector. Labeled X#..., LAN/WAN/…. Each Ethernet interface includes LINK and ACT LEDs. Data input, data output, status output, control input 10/5/2.5/1GE SFP+ 10 10/5/2.5/1GE SFP+ interfaces 10GbE Ethernet hot-pluggable SFP+ interfaces with LINK and ACT LEDs Data input, data output, status output, control input 10/5/2.5GE copper Ports 2 2 x 10/5/2.5G copper Ethernet interfaces 10/5/2.5 Gbe copper Ethernet auto-sensing with an RJ- 45.Labeled X#..., LAN/WAN/…. Each Ethernet interface includes LINK and ACT LEDs. Data input, data output, status output, control input Power 1 AC power input and switch Power Figure 11 - NSa 9250/NSa 9450/NSa 9650 Back Panel Table 11 - Back Panel Ports and Interfaces for NSa 9250/NSa 9450/NSa 9650 mapped to Figures 11 Physical Ports Qty. Description Logical Interfaces Power Interface 1 AC power interfaces Power Redundant power 1 Slot for redundant power supply Power Storage module 1 M0 storage module (covered with tamper evident seal) Storage Expansion Bay for storage 1 SATA storage module N/A SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 36 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Physical Ports Qty. Description Logical Interfaces Fan Interface 3 Hot swappable fans N/A 1.3 Modes of Operation 1.3.1 FIPS 140-2 Approved mode of Operation The FIPS mode configuration can be determined by an operator, by checking the state of the “FIPS Mode” checkbox on the System/Settings page over the web interface or issuing “show fips” over the console. When the “FIPS Mode” checkbox is selected, the module executes a compliance checking procedure, examining all settings related to the security rules described below. The operator is responsible for updating these settings appropriately during setup and will be prompted by the compliance tool if a setting has been modified taking the module out of compliance. The “FIPS Mode” checkbox and corresponding system flag (“fips”) which can be queried over the console will not be set unless all settings are compliant. The “FIPS Mode” checkbox and fips system flag are indicators that the module is running in the FIPS Approved mode of operation. The module is not configured to operate in FIPS-mode by default. The following steps must be taken during set-up of the module to enable FIPS-mode of operation: 1. The default Administrator and User passwords shall be immediately changed and be at least eight (8) characters. 2. The RADIUS/TACACS+ shared secrets must be at least eight (8) characters. 3. Traffic between the module and the RADIUS/TACACS+ server must be secured via an IPSec tunnel. • Note: this step need only be performed if RADIUS or TACACS+ is supported. • LDAP cannot be enabled in FIPS mode without being protected by TLS • LDAP cannot be enabled in FIPS mode without selecting 'Require valid certificate from server' • LDAP cannot be enabled in FIPS mode without valid local certificate for TLS 4. IKE must be configured with 3rd Party Certificates for IPsec Keying Mode when creating VPN tunnels. o RSA Certificates lengths must be 2048-bit or greater in size 5. When creating VPN tunnels, ESP must be enabled for IPSec. 6. FIPS-approved algorithms must be used for encryption and authentication when creating VPN tunnels. 7. Group 14, 19, 20 or 21 must be used for IKE Phase 1 DH Group. SHA-256 and higher must be used for Authentication. 8. Bandwidth management must be set to “ON”. 9. “Advanced Routing Services” must not be enabled. 10. “Group VPN management” must not be enabled. 11. SNMP or SSH must not be enabled. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 37 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Note: Once FIPS mode of operation is enabled SonicOS enforces all of the above items. Operators will not be allowed to enable these features while in FIPS mode of operation. The module does not enforce but as a policy, a user should not enable the below features while in FIPS mode of operation: • Do not use USB interface • In case the module's power is lost and then restored, a new key for use with the AES GCM encryption/decryption must be established. 1.3.2 Non-Approved mode of Operation The Cryptographic Module provides the same set of services in the non-Approved mode as in the Approved mode but allows the following additional administration options and non FIPS-approved algorithms which are not used in the FIPS mode of operation. These services are not enabled by default, if operator selects to enable these services the system will transition to non-approved mode of operation. • 802.11i wireless security • AAA server authentication (the Approved mode requires operation of RADIUS or TACACS+ only within a secure VPN tunnel) • SSH1 • SNMP2 • Wireless interface usage 1.3.3 Non-Approved Algorithms with No Security Claimed The module supports the following non-Approved but allowed algorithms and protocols with no security claimed: • Triple-DES (non-compliant) • MD5 (non-compliant) • PBKDF (non-complaint) The operator must also follow the rules outlined in Section 1.3.1 and consult FIPS 140-2 IG 1.23 for further understanding of the use of functions where no security is claimed. Section 3.3 indicates the module services associated with these functions. 1 Keys derived using the SSH KDF are not allowed for use in the Approved mode. 2 Keys derived using the SNMP KDF are not allowed for use in the Approved mode. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 38 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). 2. Cryptographic Functionality The Module implements the FIPS Approved and Non-Approved but Allowed cryptographic functions listed in the tables below. Table 12 – Approved Algorithms Cert Algorithm Mode Description Functions/Caveats #C743 AES [197] CBC [38A] Key Sizes: 128, 192, 256 Encrypt, Decrypt CTR [38A] Key Sizes: 128, 192, 256 Encrypt ECB [38A] Key Sizes: 128, 192, 256 Encrypt, Decrypt GCM [38D]3 Key Sizes: 128, 192, 256 Tag Len: 128 Authenticated Encrypt, Authenticated Decrypt, Message Authentication Vendor Affirmed AES [IG A.3] AES-CBC Ciphertext Stealing (CBC-CS1) Key Sizes: 128, 192, 256 Encrypt, Decrypt Vendor Affirmed CKG [IG D.12] [133] Section 6.1 Asymmetric signature key generation using unmodified DRBG output Key Generation [133] Section 6.2 Asymmetric key establishment key generation using unmodified DRBG output [133] Section 7.1 Direct symmetric key generation using unmodified DRBG output [133] Section 7.3 Derivation of symmetric keys from a key agreement shared secret. [133] Section 7.4 Derivation of symmetric keys from a pre-shared key [133] Section 7.6 Combining multiple keys and other data #C743 CVL: All of SP800-56A except KDF [56A] FFC (Initiator, Responder)(Hybrid1, Ephem, Hybrid1Flow, OneFlow, Static) FB: Hash Algorithm: SHA2-512 FC: Hash Algorithm: SHA2-512 Key Agreement ECC (Initiator, Responder)(FullUnifi ed, EphemUnified, OnePassUnified, P-224, P-256, P-384, P-521 3 The module’s AES-GCM implementation conforms to IG A.5 scenario #1 following RFC 5288 for TLS. Per RFC 5246, if the module is the party that encounters this condition it will trigger a handshake to establish a new encryption key per. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 39 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Cert Algorithm Mode Description Functions/Caveats OnePassDH, StaticUnified) #C743 CVL: IKEv1 [135] DSA, PSK[135] SHA (256, 384, 512) Key Derivation CVL: IKEv2 [135] DH 224-521 bits SHA (256, 384, 512) CVL: TLS [135]4 v1.0, v1.1, v1.2 SHA (256, 384, 512) CVL: SSH [135] v2 SHA-1 CVL: SNMP [135] SHA-1 #C743 DRBG [90Arev1] Hash SHA-256 Deterministic Random Bit Generation #C743 DSA [186-4]5 (L = 2048, N = 224) (L = 2048, N = 256) (L = 3072, N= 256) KeyGen (L = 2048, N = 224) SHA(256, 384, 512) (L = 2048, N = 256) SHA(256, 384, 512) (L = 3072, N = 256) SHA(256, 384, 512) PQG Gen (L = 1024, N = 160) SHA(1, 256, 384, 512) (L = 2048, N = 224) SHA(256, 384, 512) (L = 2048, N = 256) SHA(256, 384, 512) (L = 3072, N = 256) SHA(256, 384, 512) PQG Ver (L = 1024, N = 160) SHA(1, 256, 384, 512) (L = 2048, N = 224) SHA(1, 256, 384, 512) (L = 2048, N = 256) SHA(1, 256, 384, 512) (L = 3072, N = 256) SHA(1, 256, 384, 512) SigVer #C743 ECDSA [186-4] P-224, P-256, P-384, P-521, KeyGen P-192, P-224, P-256, P-384, P-521 PKV 4 SSH, SNMP, TLS 1.0 and 1.1 KDFs were CAVP tested but are not supported/used in the Approved mode of operation. 5 DSA was CAVP tested but is only used as a pre-requisite for CVL Cert. #C743. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 40 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Cert Algorithm Mode Description Functions/Caveats P-224 6 SHA(256, 384, 512) P-256 SHA(256, 384, 512) P-384 SHA(256, 384, 512) P-521 SHA(256, 384, 512) SigGen P-192 SHA(1, 256, 384, 512) P-224 SHA(1, 256, 384, 512) P-256 SHA(1, 256, 384, 512) P-384 SHA(1, 256, 384, 512) P-521 SHA(1, 256, 384, 512) SigVer #C743 HMAC [198] SHA-1 Key Sizes: KS < BS λ = 12 Message Authentication, KDF Primitive, Password Obfuscation SHA-256 Key Sizes: KS = BS λ = 32 SHA-384 Key Sizes: KS = BS λ = 48 SHA-512 Key Sizes: KS = BS λ = 64 KTS [IG G.8] AES (Cert. #C743); HMAC (Cert. #C743) AES (Key Sizes: 128, 192, 256); HMAC SHA(1, 256, 384, 512) Encryption, Key Transport, Authentication using within TLS 1.2 #C743 RSA [186-4] X9.31 Key Generation Mode:B.3.4 n = 2048 n = 3072 KeyGen PKCS1_v1.5 n = 2048 SHA(256, 384, 512) n = 3072 SHA(256, 384, 512) SigGen PKCS1_v1.5 [186-2 Legacy] n = 1024 SHA-1 n = 1536 SHA-1 n = 2048 SHA-1 SigVer PKCS1_v1.5 [186-4] n = 1024 SHA(1, 256, 384, 512) n = 2048 SHA(1, 256, 384, 512) n = 3072 SHA(256, 384, 512) SigVer #C743 SHS [180-4] SHA-1 SHA-256 SHA-384 SHA-512 Message Digest Generation, Password Obfuscation 6 ECDSA P-224 was CAVP tested but is not supported/used in the Approved mode of operation. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 41 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Cert Algorithm Mode Description Functions/Caveats #C743 Triple-DES [67]7 TCBC [38A] Key Size: 192 Encrypt, Decrypt Note 1: There are few algorithms, modes, moduli and key sizes that have been CAVs tested but not implemented/used by the module. Table 13 - Non-Approved but Allowed Cryptographic Functions Algorithm Description DH Diffie-Hellman (CVL Certs. #C743 and #C743, key agreement; key establishment methodology provides 112 bits of encryption strength) EC DH EC Diffie-Hellman (CVL Certs. #C743 and #C743, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength) RSA RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) NDRNG (used only to seed the Approved DRBG) NDRNG (internal entropy source) for seeding the Hash_DRBG. The module generates a minimum of 256 bits of entropy for key generation. Table 14 - Security Relevant Protocols Used in FIPS Mode Protocol Key Exchange Auth Cipher Integrity IKEv1 DH Group 14, 19, 20, 21 RSA digital signature AES CBC 128/192/256 HMAC-SHA-256-128 HMAC-SHA-384-192 HMAC-SHA-512-256 IKEv2 DH Group 14, 19, 20, 21 RSA Digital Signature Shared Key Message Integrity Code AES CBC 128/192/256 HMAC-SHA-256-128 HMAC-SHA-384-192 HMAC-SHA-512-256 IPsec ESP IKEv1 or IKEv2 with optional: Diffie-Hellman (L=2048, N=224, 256) EC Diffie-Hellman P-256, P-384 IKEv1, IKEv2 AES CBC 128/192/256 HMAC-SHA-256-128 HMAC-SHA-384-192 HMAC-SHA-512-256 TLS 1.2 or SSL 3.1 RSA_WITH_AES_128_CBC_SHA RSA_WITH_AES_256_CBC_SHA RSA_WITH_AES_128_CBC_SHA256 RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Note: no parts of these protocols, other than the KDF, have been tested by the CAVP and CMVP. 7 Triple-DES was CAVP tested but is not used by any of the services implemented in the Approved mode of operation. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 42 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). 2.1 Critical Security Parameters All CSPs used by the Module are described in this section. All usage of these CSPs by the Module (including all CSP lifecycle states) is described in the services detailed in Section 3.3. The following Critical Security Parameters (CSP) are contained in the cryptographic module: • IKE Shared Secret – Shared secret used during IKE Phase 1 (length 4 ~ 128 bytes). • SKEYID – Secret value used to derive other IKE secrets. • SKEYID_d – Secret value used to derive keys for security associations. • SKEYID_a – Secret value used to derive keys to authenticate IKE messages. • SKEYID_e – Secret value used to derive keys to encrypt IKE messages. • IKE Session Encryption Key – AES (CBC) 128, 192, 256 key used to encrypt data. • IKE Session Authentication Key – HMAC-SHA-256, HMAC-SHA-384 and HMAC-SHA-512 bit key used for data authentication. • IKE Private Key –RSA 2048 bit key used to authenticate the module to a peer during IKE. • IPsec Session Encryption Key – AES (CBC) 128, 192, 256 key used to encrypt data. • IPsec Session Authentication Key – HMAC-SHA-256, HMAC-SHA-384 and HMAC-SHA-512 bit key used for data authentication for IPsec traffic. • TLS Master Secret– used for the generation of TLS Session Keys and TLS Integrity Key (384-bits). • TLS Premaster Secret – used for the generation of Master Secret (384 bits). • TLS Private Key– used in the TLS handshake (ECDSA P-256, P-384, P-521 and RSA 2048 bit). • TLS Session Key – AES 128 and 256 bit key used to protect TLS connection. • TLS Integrity Key – HMAC-SHA-1/256/384 bit key used to check the integrity of TLS connection. • Diffie-Hellman/EC Diffie-Hellman – Diffie-Hellman Private Key (N = 224, 256) or EC DH P-256/P- 384 used within IKE or TLS key agreement. • DRBG V and C values – Used to seed the Approved DRBG. • Entropy Input: 256 bits entropy (min) input used to instantiate the DRBG. • DRBG Seed: Seed material used to seed or reseed the DRBG . • RADIUS Shared Secret – Used for authenticating the RADIUS server to the module and vice versa. Type: A minimum of 8 characters for RADIUS authentication. • Passwords – Authentication data. Type: A minimum 8 ASCII characters. 2.2 Public Keys The following Public Keys are contained in the cryptographic module: • Root CA Public Key – Used for verifying a chain of trust for receiving certificates • Peer IKE Public Key –RSA 2048 bit key for verifying digital signatures from a peer device • IKE Public Key –RSA 2048 bit key for verifying digital signatures created by the module • Firmware Verification Key – P-256 ECDSA key used for verifying firmware during firmware load • Diffie-Hellman/EC Diffie-Hellman Public Key – Diffie-Hellman 2048-bit key, EC Diffie-Hellman P- 256/P-384 used within TLS key agreement • Diffie-Hellman/EC Diffie-Hellman Peer Public Key – Diffie-Hellman 2048-bit key, EC DH P-256/P- 384/P-521 8 used within IKE key agreement 8 P-521 curve only available for IKEv1 and IKEv2 SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 43 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). • Authentication Public Key – 2048-bit RSA public key used to authenticate the User • TLS Public Key – RSA – 2048-bit public key used in the TLS handshake 3. Roles, Authentication and Services 3.1 Assumption of Roles The cryptographic module provides the roles described in Table 15. The cryptographic module does not provide a Maintenance role. The “Administrator” user is a local account on the SonicWALL appliance, and the name used to login as this account may be configured by the Cryptographic Officer role; the default name for the “Administrator” account is “admin”. The User role is authenticated using the credentials of a member of the “Limited Administrators” user group. The User role can query status and non-critical configuration. The user group, “SonicWALL Read-Only Admins,” satisfies neither the Cryptographic Officer nor the User Role and should not be used in FIPS mode operations. The configuration settings required to enable FIPS mode are specified in Section 1.3.1 of this document. A built-in administrator which default name is “admin” has the full control privilege to query status and configure all firewall configurations including configure other user privilege There are two user groups have control privilege besides the built-in administrator., one is “SonicWALL Administrators”, the other is “Limited Administrators”.. Member of “SonicWALL Administrators” user group has the same full control privilege as built in administrator. Members of “limited Administrators” user group can query status and non-critical configuration. User is authenticated by username and password. User is granted privilege by the membership of user group after login Table 15 – Role Description Role ID Role Description Authentication Type Authentication Data CO Referred to as “Administrator” (individual user) and “SonicWALL Administrators” (user group) in the vendor documentation Role-based and identity-based Username and Password User Referred to as “Limited Administrators” (user group) in the vendor documentation Identity-based Username and Password or Digital Signature The Module supports concurrent operators. Separation of roles is enforced by requiring users to authenticate using either a username and password, or digital signature verification. The User role requires the use of a username and password or possession of a private key of a user entity belonging to the “Limited Administrators” group. The Cryptographic Officer role requires the use of the “Administrator” username and password, or the username and password of a user entity belonging to the “SonicWALL Administrators” group. Multiple users may be logged in simultaneously, but only a single user-session can have full configuration privileges at any time, based upon the prioritized preemption model described below: 1. The Admin user has the highest priority and can preempt any users. 2. A user that is a member of the “SonicWALL Administrators” user group can preempt any users except for the Admin. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 44 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). 3. A user that is a member of the “Limited Administrators” user group can only preempt other members of the “Limited Administrators” group. Session preemption may be handled in one of two ways, configurable from the System > Administration page, under the “On admin preemption” setting: 1. “Drop to non-config mode” – the preempting user will have three choices: a. “Continue” – this action will drop the existing administrative session to a “non-config mode” and will impart full administrative privileges to the preempting user. b. “Non-Config Mode” – this action will keep the existing administrative session intact, and will login the preempting user in a “non-config mode” c. “Cancel” – this action will cancel the login and will keep the existing administrative session intact. 2. “Log-out” – the preempting user will have two choices: a. “Continue” – this action will log out the existing administrative session and will impart full administrative privileges to the preempting user. b. “Cancel” – this action will cancel the login and will keep the existing administrative session intact. “Non-config mode” administrative sessions will have no privileges to cryptographic functions making them functionally equivalent to User role sessions. The ability to enter “Non-config mode” may be disabled altogether from the System > Administration page, under the “On admin preemption” setting by selecting “Log out” as the desired action. 3.2 Authentication Methods The cryptographic module provides authentication relying upon username/passwords or an RSA 2048- bit (at a minimum) digital signature verification. Table 16 – Authentication Description Authentication Method Probability Justification CO and User password The probability is 1 in 96^8, which is less than one in 1,000,000 that a random attempt will succeed or, a false acceptance will occur for each attempt (This is also valid for RADIUS shared secret keys). After three (3) successive unsuccessful password verification tries, the cryptographic module pauses for one second before additional password entry attempts can be reinitiated. This makes the probability approximately 180/96^8 = 2.5E-14, which is less than one in 100,000, that a random attempt will succeed or a false acceptance will occur in a one- minute period. Passwords must be at least eight (8) characters long each, and the password character set is ASCII characters 32-127, which is 96 ASCII characters, hence, the probability is 1 in 96^8. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 45 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Authentication Method Probability Justification User RSA 2048-bit (minimum) digital signature The probability that a random attempt will succeed or a false acceptance will occur is 1/2^112, which is less than 1 in 1,000,000. Due to processing and network limitations, the module can verify at most 300 signatures in a one minute period. Thus, the probability that a random attempt will succeed or a false acceptance will occur in a one minute period is 300/2^112 = 5.8E-32, which is less than 1 in 100,000. A 2048-bit RSA digital signature has a strength of 112-bits, hence the probability is 1/2^112. 3.3 Services 3.3.1 User Role Services • Show Status – Monitoring, pinging, traceroute, viewing logs. • Show Non-critical Configuration – “Show” commands that enable the User to view VPN tunnel status and network configuration parameters. • Session Management – Limited commands that allow the User to perform minimal VPN session management, such as clearing logs, and enabling some debugging events. This includes the following services: 1. Log On 2. Monitor Network Status 3. Log Off (themselves and guest users) 4. Clear Log 5. Export Log 6. Filter Log 7. Generate Log Reports 8. Configure DNS Settings • TLS – TLS used for the https configuration tool or network traffic over a TLS VPN • IPsec VPN – Network traffic over an IPsec VPN 3.3.2 Crypto Officer Services The Cryptographic Officer role is authenticated using the credentials of the “Administrator” user account (also referred to as “Admin”), or the credentials of a member of the “SonicWALL Administrators” user group. The use of the latter allows for identification of specific users (i.e., by username) upon whom is imparted full administrative privileges through their assigned membership to the “SonicWALL Administrators” group by the Admin user, or other user with full administrative privileges. The Cryptographic Officer role can show all status and configure cryptographic algorithms, cryptographic keys, certificates, and servers used for VPN tunnels. The Crypto Officer sets the rules by which the module encrypts, and decrypts data passed through the VPN tunnels. The authentication mechanisms are discussed in Section 3.1 and 3.2. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 46 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). • Show Status - Monitoring, pinging, traceroute, viewing logs. • Configuration Settings – System configuration9 , network configuration, User settings, Hardware settings, Log settings, and Security services including initiating encryption, decryption, random number generation, key management, and VPN tunnels. This includes the following services: 1. Configure VPN Settings 2. Set Content Filter 3. Import/Export Certificates 4. Upload Firmware10 5. Configure DNS Settings 6. Configure Access • Session Management – Management access for VPN session management, such as setting and clearing logs, and enabling debugging events and traffic management. This includes the following services: 1. Log On 2. Import/Export Certificates 3. Clear Log 4. Filter Log 5. Export Log 6. Setup DHCP Server 7. Generate Log Reports • Zeroize – Zeroizing cryptographic keys • TLS – TLS used for the https configuration tool or network traffic over a TLS VPN • IPsec VPN 11 – Network traffic over an IPsec VPN The cryptographic module also supports unauthenticated services, which do not disclose, modify, or substitute CSP, use approved security functions, or otherwise affect the security of the cryptographic module. 3.3.3 Unauthenticated services • Module Reset - Firmware removal with configuration return to factory state • NoAuth Function - Authenticates the operator and establishes secure channel • Show Status – LED activity and console message display • Self-test Initiation – power cycle Note 1: The same services are available in the non-Approved mode of operation. In the non-Approved mode of operation, the non-Approved functions listed in Section 1.3.2 can be utilized. 9 Non-compliant Triple-DES implementation associated with the configuration setting is used to encrypt/decrypt signature files (internal to the module only). This function is considered obfuscation and cannot be used to compromise the module or store/transmit sensitive information. 10 Note: Only validated firmware version shall be loaded using the firmware upload service. Any other firmware version that is not listed in the module certificate is considered out of scope and requires separate FIPS 140-2 certificate. 11 MD5 (no security claimed) and keys derived from the non-conformant PBKDF are always encapsulated by the IPsec VPN service. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 47 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Note 2: The module does not support a bypass capability. The cryptographic module provides several security services including VPN and IPsec. The cryptographic module provides the Cryptographic Officer role the ability to configure VPN tunnels and network settings. All services implemented by the Module are listed in the table(s) below. Table 17 – Authenticated Services Service Description CO U Status Information Viewing Logs, viewing network interface settings, viewing system flag to check whether the module is running in the FIPS Approved mode of operation (“Show fips”) and viewing status of the module (i.e module configuration) X X Configuration management Setting up VPN, setup filters, upload firmware, Auth directory configuration, creating user accounts X Session Management Audit configuration, Certificate management, DHCP setup X X Zeroize Destroys all Keys and CSPs. Upon system Zeroize all Keys and CSP which are permanent are erased X TLS TLS used for HTTPS management of the module/ network traffic over TLS X X IPsec VPN Module can configure/run traffic over IPsec VPN using certificates X X Table 18 – Unauthenticated Services Service Description Module Reset Reset the Module by activating the reset switch NoAuth Function Authenticates the operator and establishes secure channel. Show Status LCD Display available on only SM Series Self-test Initiation Power Cycle Note: The same services are available in the non-Approved mode of operation. In the non-Approved mode of operation, the non-Approved functions listed in Section 1.3.2 can be utilized. Table 19 defines the relationship between access to Security Parameters and the different module services. Table 20 defines the relationship between access to Public Keys and the different module services. The modes of access shown in the tables are defined as: • G = Generate: The module generates the CSP. • I = Import: The CSP is entered into the module from an external source. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 48 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). • R = Read: The module reads the CSP for output. • E = Execute: The module executes using the CSP. • W = Write: The module writes the CSP to persistent storage. • Z = Zeroize: The module zeroizes the CSP. In the tables below, TLS and IPsec listings are inclusive of functions that can be operated with IPsec or TLS communications active. Table 19 – Security Parameters Access Rights within Services and CSPs Service CSPs IKE Shared Secret SKEYID SKEYID_d SKEYID_a SKEYID_e IKE Session Encryption Key IKE Session Authentication Key IKE Private Key IPsec Session Encryption Key IPsec Session Authentication Key TLS Master Secret TLS Premaster Secret TLS Session Key TLS Integrity Key DH/EC DH Private Key DRBG V and C values RADIUS Shared Secret Entropy Input Passwords Show Status - - - - - - - - - - - - - - - - - - Show Non- critical Configuration - - - - - - - - - - - - - - - - - - Monitor Network Status - - - - - - - - - - - - - - - - - - Log On - - - - - - - - - - - - - - - - - E Log Off - - - - - - - - - - - - - - - - - - Clear Log - - - - - - - - - - - - - - - - - - Export Log - - - - - - - - - - - - - - - - - - Import/Export Certificates - - - - - - - - - - - - - - - - - - Filter Log - - - - - - - - - - - - - - - - - - Setup DHCP Server12 - - - - - - - - - - - - - - - - - - 12 DHCP setup does not use CSPs, but DHCP server setup is performed with IPsec active. See below for IPsec VPN CSP usage. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 49 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Service CSPs IKE Shared Secret SKEYID SKEYID_d SKEYID_a SKEYID_e IKE Session Encryption Key IKE Session Authentication Key IKE Private Key IPsec Session Encryption Key IPsec Session Authentication Key TLS Master Secret TLS Premaster Secret TLS Session Key TLS Integrity Key DH/EC DH Private Key DRBG V and C values RADIUS Shared Secret Entropy Input Passwords Generate Log Reports - - - - - - - - - - - - - - - - - - Configure VPN Settings - - - - - IE - - IG - - - - - - IG - - - IPsec VPN GERW GE GE GE GE - GE GE GERW GE GE - - - - GE GE GE - TLS - - - - - - - - - - GE GE GE GE GE GE - - Set Content Filter - - - - - - - - - - - - - - - - - - Upload Firmware - - - - - - - - - - - - - - - - - - Configure DNS Settings - - - - - - - - - - - - - - - - - - Configure Access - - - - - - - - - - - - - - - - - IEW Zeroize Z Z Z Z Z z Z Z Z Z Z Z Z Z Z Z Z Z Z Table 20 – Security Parameters Access Rights within Services and Public Keys Service Public Keys Root CA Public Key IKE Public Key TLS Public Key Peer IKE Public Key TLS Peer Public Key Authentication Public Key Firmware Verification Key TLS Public Key Show Status - - - - - - - - SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 50 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). 13 DHCP setup does not use CSPs, but DHCP server setup is performed with IPsec active. See below for IPsec VPN CSP usage. Show Non-critical Configuration - - - - - - - - Monitor Network Status - - - - - - - - Log On - - - - - - - - Log Off - - - - - - - - Clear Log - - - - - - - - Export Log - - - - - - - - Import/Export Certificates - - - - - - - - Filter Log - - - - - - - - Setup DHCP Server13 - - - - - - - - Generate Log Reports - - - - - - - - Configure VPN Settings I IG IG - - - - - IPsec VPN E E E IE IE IE - - TLS - - E - IE IE - E Set Content Filter - - - - - - - - Upload Firmware - - - - - - E - Configure DNS Settings - - - - - - - - Configure Access - - - - - - - - Zeroize - - - - - - - - SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 51 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). 4. Self-tests The module performs self-tests to ensure the proper operation of the module. Per FIPS 140-2 these are categorized as either power-up self-tests or conditional self-tests. Power up self–tests are available on demand by power cycling the module. The module performs the following algorithm KATs on power-up: • Firmware Integrity: 16-bit CRC performed over all code in EEPROM • AES: KATs: Encryption, Decryption; Modes: ECB and GCM; Key sizes: 128 bits • DRBG : KATs: HASH DRBG; Security Strengths: 256 bits • ECDSA: PCT: Signature Generation, Signature Verification; Curves/Key sizes: P-256 • HMAC: KATs: Generation, Verification; SHA sizes: SHA-1, SHA-256, SHA-384, SHA-512 • RSA: KATs: Signature Generation, Signature Verification; Key sizes: 1024, 2048, 3072 bits • SHA: KATs: SHA-1, SHA-256, SHA-384, SHA-512 • TDES: KATs: Encryption, Decryption; Modes: CBC; Key sizes: 2-key, 3-key14 • AES-CBC Ciphertext Stealing (CS): KATs: Encryption, Decryption; Modes: CBC-CS1; Key sizes: 128, 192, 256 bits • DSA: KATs: Signature Generation, Signature Verification; Key sizes: 1024, 2048, 3072bits • KDFs: IKEv1, IKEv2, TLS, SSH, SNMP15 • Diffie-Hellman Primitive "Z" Computation KAT • EC Diffie-Hellman Primitive "Z" Computation KAT The module performs the following conditional self-tests as indicated. • DRBG and NDRNG Continuous Random Number Generator Tests per IG 9.8 • SP 800-90A DRBG Section 11.3 Health Checks • RSA Pairwise Consistency Test on RSA key pair generation • ECDSA Pairwise Consistency Test on ECDSA key pair generation • Firmware Load Test: ECDSA (P-256) signed SHA-256 hash When a new firmware image is loaded, the cryptographic module verifies the ECDSA P-256 signed SHA- 256 hash of the image. If this verification fails, the firmware image loading is aborted. If any of the tests described above fail, the cryptographic module enters the error state. No security services are provided in the error state. Upon successful completion of the Diagnostic Phase, the 14 Triple-DES KATs are performed even if they are not implemented in any of the services that are available in Approved mode of operation 15 The SSH and SNMP KDF KATs are performed even if they are not supported in the Approved mode of operation SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 52 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). cryptographic module enters the Command and Traffic Processing State. Security services are only provided in the Command and Traffic Processing State. No VPN tunnels are started until all tests are successfully completed. This effectively inhibits the data output interface. When all tests are completed successfully, the Test LED is turned off. The module performs the following critical self-tests. These critical function tests are performed for the SP 800-90A DRBG: • SP 800-90A Instantiation Test • SP 800-90A Generate Test • SP 800-90A Reseed Test • SP 800-90A Uninstantiate Test 5. Physical Security Policy The chassis of all the modules are sealed with one (1) or two (2) tamper-evident seals, applied during manufacturing. The physical security of the module is intact if there is no evidence of tampering with the seal. The locations of the tamper-evident seals are indicated by the red rectangles below in Figures 12 – 31. The Cryptographic Officer shall inspect the tamper seals for signs of tamper evidence once every six months. If evidence of tamper is found, the Cryptographic Officer is requested to follow their internal IT policies which may include contacting the SonicWALL for replacing the unit. Figure 12 – SOHO W and SOHO 250/SOHO 250W (Left) Figure 13 – SOHO W and SOHO 250/SOHO 250W (Right) SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 53 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Figure 14 - TZ 300/ TZ300W (Top, Left) Figure 15 – TZ 300P (Top) Figure 16 – TZ 350/ TZ 350W (Top) Figure 17 - TZ 400/ TZ 400W (Top, Left) Figure 18 - TZ 500/ TZ 500W (Top, Left) Figure 19 -TZ 600 (Top, Left) SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 54 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Figure 20 - TZ 600P (Top) Figure 21 - TZ 300/ TZ 300W Bottom View Figure 22 - TZ 300P (Bottom View) Figure 23 - TZ 350/TZ 350W (Bottom View) Figure 24 - TZ 400/ TZ 400W Bottom View Figure 25 - TZ 500/ TZ 500W Bottom View SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 55 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Figure 26 - TZ 600 Right, Bottom View Figure 27 - TZ 600P (Bottom View) NSa3600/NSa 4600/NSa 5600 Back View NSa 6600 Back view NSa 3600/ NSa 4600/ NSa 5600/NSa 6600 Tamper- Evident Seal Location on Right Side NSa3600/NSa 4600/NSa 5600/NSa 6600 Left View Figure 28 - NSa 6600/NSa 3600/NSa 4600/NSa 5600 Front and Back Seals SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 56 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Super Massive with Tamper-Evident Seal (Right View) Super Massive with Tamper-Evident Seal (Bottom View) Figure 29 - SM 9600/SM 9400/SM 9200 SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 57 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Figure 30 – Back of NSa 2650/NSa 3650 (Top), Back of NSa 4650/NSa 5650 (Middle), Right of NSa 2650/NSa 3650 (Middle) and Right of NSa 4650/NSa 5650 (Bottom) Tamper Evident Seal placement Front Side of NSa 6650 Back of NSa 6650 with tamper seal placement Left Side of NSa 6650 Right of NSa 6650 with tamper seal placement Front view of NSa 9250 Back of NSa 9250/NSa 9450/NSa 9650 with Tamper seal placement Front view of NSa 9450 Left Side of the NSa 9250/NSa 9450/NSa 9650 SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 58 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Front view of NSa 9650 Right Side of the NSa 9250/NSa 9450/NSa 9650 with tamper seal placement Figure 31 - NSa 6650/NSa 9250/NSa 9450/NSa 9650 Front, Rear, Right and Left Panels and Tamper Evident Seal placement Table 21 below lists the number of tamper evident seals applied per module: Table 21 – Number of Tamper Evident Seals # Module Number of tamper evident seal(s)/module 1 TZ 300 1 2 TZ 300W 1 3 TZ 300P 1 4 TZ 350 1 5 TZ 350W 1 6 TZ 400 1 7 TZ 400W 1 8 TZ 500 1 9 TZ 500W 1 10 TZ 600 1 11 TZ 600P 1 12 SOHO W 2 13 SOHO 250 2 14 SOHO 250W 2 15 SM 9200 1 16 SM 9400 1 17 SM 9600 1 18 NSa 2650 2 19 NSa 3600 1 20 NSa3650 2 SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 59 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). 21 NSa 4600 1 22 NSa4650 2 23 NSa 5600 1 24 NSa 5650 2 25 NSa 6600 1 26 NSa 6650 2 27 NSa 9250 2 28 NSa 9450 2 29 NSa 9650 2 6. Operational Environment Area 6 of the FIPS 140-2 requirements does not apply to this module as the module only allows the loading of firmware through the firmware load test, which ensures the image is appropriately ECDSA signed by SonicWall, Inc. 7. Mitigation of Other Attacks Policy Area 11 of the FIPS 140-2 requirements do not apply to this module as it has not been designed to mitigate any specific attacks outside the scope of FIPS 140-2 requirements. 8. Security Rules and Guidance This section documents the security rules for the secure operation of the cryptographic module to implement the security requirements of FIPS 140-2. 1. The module provides two distinct operator roles: User and Cryptographic Officer. 2. The module provides role-based and identity-based authentication for the crypto-officer, and identity-based authentication for the user . 3. The module clears previous authentications on power cycle. 4. An operator does not have access to any cryptographic services prior to assuming an authorized role. 5. The module allows the operator to initiate power-up self-tests by power cycling power or resetting the module. 6. Power up self-tests do not require any operator action. 7. Data output are inhibited during key generation, self-tests, zeroization, and error states. 8. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 9. There are no restrictions on which keys or CSPs are zeroized by the zeroization service. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 60 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). 10. The module does not support a maintenance interface or role. 11. The module does not support manual key entry. 12. The module does not have any proprietary external input/output devices used for entry/output of data. 13. The module does not enter or output plaintext CSPs. 14. The module does not output intermediate key values. 8.1 Crypto-Officer Guidance The following steps must be performed by the crypto-officer (CO) to configure the required roles and place the module in the FIPS Approved mode of operation: 1. Apply power to the module's host appliance and observe that upon initial boot all power-up self-tests are executed automatically and successfully completed before the network interface drivers or a login prompt are available. 2. As the CO, log in using the vendor provided default login and password. 3. As the CO, configure the management IP address and Gateway for the module. 4. Over the web interface, proceed to system settings and enable FIPS mode using the corresponding checkbox. Then click OK. The system restarts automatically. 5. The module executes the self-tests automatically before a log in is possible. Verify in the system/settings page that FIPS mode was enabled. Update the settings to be consistent with Section 1.3.1 with the assistance of the compliance checking procedure. 6. As the CO (Administrator), create the roles specified in Section 3.1. Configure/install passwords and digital signatures required for authentication to each role as appropriate. Change the password for the default account and reboot the module. 7. Upon reboot the self-tests run automatically. Upon completion of the self-tests’ execution, log in using the newly created CO role. 8. Verify that the FIPS enabled checkbox is checked indicating that the module is in the Approved mode of operation. Note: When the "FIPS Mode" checkbox is selected, the module executes a compliance checking procedure, examining all settings related to the security rules described below. The operator is responsible for updating these settings appropriately during setup and will be prompted by the compliance tool if a setting has been modified taking the module out of compliance. The "FIPS Mode" checkbox and corresponding system flag ("fips") which can be queried over the console will not be set unless all settings are compliant. The "FIPS Mode" checkbox and fips system flag are indicators that the module is running in the FIPS Approved mode of operation. SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 61 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). 9. References and Definitions The following standards are referred to in this Security Policy. Table 22 - References Abbreviation Full Specification Name [FIPS140-2] Security Requirements for Cryptographic Modules, May 25, 2001 [IG] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [108] NIST Special Publication 800-108, Recommendation for Key Derivation Using Pseudorandom Functions (Revised), October 2009 [131A] Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, March 2019 [132] NIST Special Publication 800-132, Recommendation for Password-Based Key Derivation, Part 1: Storage Applications, December 2010 [133] NIST Special Publication 800-133, Recommendation for Cryptographic Key Generation, December 2012 [135] National Institute of Standards and Technology, Recommendation for Existing Application-Specific Key Derivation Functions, Special Publication 800-135rev1, December 2011. [186] National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-4, July, 2013. [186-2] National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-2, January 2000. [197] National Institute of Standards and Technology, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, November 26, 2001 [198] National Institute of Standards and Technology, The Keyed-Hash Message Authentication Code (HMAC), Federal Information Processing Standards Publication 198-1, July, 2008 [180] National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-4, August, 2015 [202] FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, FIPS PUB 202, August 2015 [38A] National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation, Methods and Techniques, Special Publication 800-38A, December 2001 [38B] National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, Special Publication 800-38B, May 2005 SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 62 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Abbreviation Full Specification Name [38C] National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, Special Publication 800-38C, May 2004 [38D] National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, Special Publication 800- 38D, November 2007 [56A] NIST Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), March 2007 [56Ar2] NIST Special Publication 800-56A Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, May 2013 [56Br1] NIST Special Publication 800-56A Revision 1, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, September 2014 [67] National Institute of Standards and Technology, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Special Publication 800-67, May 2004 [90A] National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A, June 2015. Table 23 – Acronyms and Definitions Acronym Definition AES Advanced Encryption Standard FIPS Federal Information Processing Standard CSP Critical Security Parameter VPN Virtual Private Network EMC Electromagnetic Compatibility EMI Electromagnetic Interference Triple-DES Triple Data Encryption Standard DES Data Encryption Standard CBC Cipher Block Chaining DSA Digital Signature Algorithm DRBG Deterministic Random Bit Generator RSA Rivest, Shamir, Adleman asymmetric algorithm IKE Internet Key Exchange RADIUS Remote Authentication Dial-In User Service SonicWALL FIPS 140-2 Security Policy Copyright SonicWall, Inc., 2020 Version 1.6 Page 63 of 63 SonicWall, Inc. Public Material – May be reproduced only in its original entirety (without revision). Acronym Definition IPSec Internet Protocol Security LAN Local Area Network DH Diffie-Hellman GUI Graphical User Interface SHA Secure Hash Algorithm HMAC Hashed Message Authentication Code