Juniper Networks EX4650, QFX5120 and QFX5210 Ethernet Switches

Certificate #4661

Webpage information

Status active
Validation dates 28.11.2023
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode
Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Description The Juniper Networks QFX series switches are high performance, high density data center switches. The QFX switches provide high performance, wire speed switching with low latency and jitter. The QFX series switches provide the universal building blocks for multiple data center fabric architectures.
Version (Hardware) EX4650-48Y-AFI, EX4650-48Y-AFO, EX4650-48Y-DC-AFI, EX4650-48Y-DC-AFO, QFX5120-32C-AFI , QFX5120-32C-AFO , QFX5120-32C-DC-AFI , QFX5120-32C-DC-AFO, QFX5120-48T-AFI, QFX5120-48T-AFO, QFX5120-48T-DC-AFI, QFX5120-48T-DC-AFO, QFX5120-48Y-AFI2, QFX5120-48Y-AFO2 , QFX5120-48Y-DC-AFI2, QFX5120-48Y-DC-AFO2, QFX5210- 64C-AFI , QFX5210- 64C-AFO, QFX5210-64C-DC-AFI, QFX5210-64C-DC-AFO
Version (Firmware) JUNOS OS 20.2R1-S1
Vendor Juniper Networks, Inc
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy

Symmetric Algorithms
AES, CAST, Triple-DES, TDEA, Blowfish, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
Asymmetric Algorithms
RSA 2048, RSA 4096, RSA 3072, ECDH, ECDSA, DH, Diffie-Hellman, DSA
Hash functions
SHA-1, SHA-256, SHA-512, SHA-384, MD5
Schemes
MAC, Key Exchange, AEAD
Protocols
SSH, SSHv2, IKE, IPsec
Randomness
DRBG, RNG
Libraries
OpenSSL
Elliptic Curves
P-256, P-384, P-521
Block cipher modes
CBC, CTR, GCM

Security level
Level 1, level 1

Standards
FIPS 140-2, FIPS140-2, FIPS PUB 140-2, SP 800-135, SP 800-90A, RFC 4253, X.509

File metadata

Creation date D:20231120151210-05'00'
Modification date D:20231120151210-05'00'
Pages 25

References

Incoming
  • 4879 - active - Samsung NVMe TCG Opal SSC SEDs PM1743/PM1745 Series

Heuristics

Automated inference - use with caution

All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.

References

Loading...

Updates Feed

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4661,
  "dgst": "94ca7771bcbfb3a5",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "SHS#A866",
        "HMAC#A867",
        "HMAC#A866",
        "SHS#A867",
        "HMAC#A868",
        "DRBG#A866",
        "CVL#A867",
        "DRBG#A867",
        "ECDSA#A867",
        "AES#A867",
        "RSA#A867",
        "Triple-DES#A867",
        "SHS#A868"
      ]
    },
    "cpe_matches": {
      "_type": "Set",
      "elements": [
        "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*",
        "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*",
        "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
      ]
    },
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "20.2"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4879"
        ]
      },
      "directly_referencing": null,
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4879"
        ]
      },
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECDH": {
            "ECDH": 3
          },
          "ECDSA": {
            "ECDSA": 21
          }
        },
        "FF": {
          "DH": {
            "DH": 8,
            "Diffie-Hellman": 7
          },
          "DSA": {
            "DSA": 2
          }
        },
        "RSA": {
          "RSA 2048": 7,
          "RSA 3072": 4,
          "RSA 4096": 2
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 2
        },
        "CTR": {
          "CTR": 2
        },
        "GCM": {
          "GCM": 1
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 3
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 1
        },
        "IPsec": {
          "IPsec": 1
        },
        "SSH": {
          "SSH": 39,
          "SSHv2": 1
        }
      },
      "crypto_scheme": {
        "AEAD": {
          "AEAD": 1
        },
        "KEX": {
          "Key Exchange": 2
        },
        "MAC": {
          "MAC": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 26,
          "P-384": 12,
          "P-521": 14
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES CBC 128/192/256": 1,
          "AES [197": 1,
          "DRBG 3": 1,
          "DRBG 4": 1,
          "HMAC SHA 256": 1,
          "HMAC SHA-1": 1,
          "HMAC SHA-256": 2,
          "HMAC [198": 3,
          "HMAC-SHA-1": 6,
          "HMAC-SHA-256": 4,
          "HMAC-SHA-384": 2,
          "HMAC-SHA-512": 4,
          "RSA 2048": 7,
          "RSA 3072": 4,
          "RSA 4096": 2,
          "SHA 1, 256": 1,
          "SHA 256": 7,
          "SHA-1": 7,
          "SHA-256": 10,
          "SHA-384": 5,
          "SHA-512": 5,
          "SHS [180": 3
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2,
          "level 1": 1
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 1
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 7
          },
          "SHA2": {
            "SHA-256": 13,
            "SHA-384": 3,
            "SHA-512": 6
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 15
        },
        "RNG": {
          "RNG": 2
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 9,
          "FIPS PUB 140-2": 1,
          "FIPS140-2": 1
        },
        "NIST": {
          "SP 800-135": 1,
          "SP 800-90A": 3
        },
        "RFC": {
          "RFC 4253": 1
        },
        "X509": {
          "X.509": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 6
          },
          "CAST": {
            "CAST": 1
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "Triple-DES": 7
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 18,
            "HMAC-SHA-256": 3,
            "HMAC-SHA-384": 1,
            "HMAC-SHA-512": 1
          }
        },
        "miscellaneous": {
          "Blowfish": {
            "Blowfish": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20231120151210-05\u002700\u0027",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId": "15f92b67-224a-415d-a546-8cebb245dcaf",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application": "Microsoft Azure Information Protection",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled": "True",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method": "Automatic",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name": "Juniper Business Use Only",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner": "[email protected]",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate": "2019-06-28T05:46:17.5561117Z",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId": "bea78b3c-4cdb-4130-854a-1d193232e5f4",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_ActionId": "be1f6878-6aa4-41fd-9765-65bd138a380f",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_ContentBits": "0",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_Enabled": "true",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_Method": "Privileged",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_Name": "Unrestricted",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_SetDate": "2023-11-20T20:11:41Z",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_SiteId": "b64da4ac-e800-4cfc-8931-e607f720a1b8",
      "/ModDate": "D:20231120151210-05\u002700\u0027",
      "pdf_file_size_bytes": 1044689,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000639-en.pdf",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=33466",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=33465",
          "https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000640-en.pdf",
          "https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000633-en.pdf",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=33464"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 25
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.InternalState",
    "module": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "json_hash": null,
      "source_hash": null,
      "txt_hash": null
    },
    "policy": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "json_hash": null,
      "source_hash": "5861829b3744e18081e46eef4e1d9ba4140d77759fa94109dbd272840886b32e",
      "txt_hash": "7faa02e05a136e031d70b30540712f9cbce34b1c2b7e0deca8aea312c1f2f9a5"
    }
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/November 2023_111223_0648_signed.pdf",
    "date_sunset": "2026-09-21",
    "description": "The Juniper Networks QFX series switches are high performance, high density data center switches. The QFX switches provide high performance, wire speed switching with low latency and jitter. The QFX series switches provide the universal building blocks for multiple data center fabric architectures.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, Services, and Authentication: Level 3",
      "Design Assurance: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "JUNOS OS 20.2R1-S1",
    "historical_reason": null,
    "hw_versions": "EX4650-48Y-AFI, EX4650-48Y-AFO, EX4650-48Y-DC-AFI, EX4650-48Y-DC-AFO, QFX5120-32C-AFI , QFX5120-32C-AFO , QFX5120-32C-DC-AFI , QFX5120-32C-DC-AFO, QFX5120-48T-AFI, QFX5120-48T-AFO, QFX5120-48T-DC-AFI, QFX5120-48T-DC-AFO, QFX5120-48Y-AFI2, QFX5120-48Y-AFO2 , QFX5120-48Y-DC-AFI2, QFX5120-48Y-DC-AFO2, QFX5210- 64C-AFI , QFX5210- 64C-AFO, QFX5210-64C-DC-AFI, QFX5210-64C-DC-AFO",
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Juniper Networks EX4650, QFX5120 and QFX5210 Ethernet Switches",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-11-28",
        "lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Juniper Networks, Inc",
    "vendor_url": "http://www.juniper.net"
  }
}