FortiGate-201E/301E/401E/501E/601E

Certificate #4609

Webpage information

Status active
Validation dates 27.09.2023
Sunset date 16-05-2026
Standard FIPS 140-2
Security level 2
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy with the tamper evident seals installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role.
Exceptions
  • Roles, Services, and Authentication: Level 3
Description The FortiGate-201E/301E/401E/501E/601E are multiple chip, standalone cryptographic modules consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.
Version (Hardware) FortiGate-201E (C1AE64), FortiGate-301E (C1AG46), FortiGate-401E (C1AH76), FortiGate-501E (C1AG44) and FortiGate-601E (C1AH71) with Tamper Evident Seal Kit: FIPS-SEAL-RED
Version (Firmware) FortiOS 6.2 build 5203
Vendor Fortinet, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES-256, AES, HMAC, HMAC-SHA-256
Asymmetric Algorithms
ECDH, ECDSA, ECC, Diffie-Hellman, DH
Hash functions
SHA-1, SHA1, SHA-224, SHA-256, SHA-384, SHA-512
Schemes
Key agreement
Protocols
SSH, SSL, TLS 1.1, TLS, TLS 1.2, IKE, IKEv2, IKEv1, IPsec, VPN
Randomness
DRBG, RBG
Elliptic Curves
P-256, curve P-256, curve P-384, curve P-521, P-384, P-521, secp256r1, secp384r1, secp521r1, brainpoolP224r1, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, Curve25519
Block cipher modes
CBC, CTR, GCM

Trusted Execution Environments
SSC

Security level
Level 2, level 3

Standards
FIPS 140-2, SP 800-90B, NIST SP 800-90A, SP 800-52, SP 800-133, SP 800-90A, PKCS 1, RFC 7296, RFC 5246, RFC 5288

File metadata

Title FortiOS 6.x FG-X01E Models FIPS 140-2 Level 2 Security Policy
Author Fortinet Technical Documentation
Creation date D:20230906130649-04'00'
Modification date D:20230906130649-04'00'
Pages 33
Producer madbuild

Heuristics

Automated inference - use with caution

All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4609,
  "dgst": "cf2e8ef59ca7a4e4",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "HMAC#C1575",
        "AES#C1549",
        "KAS#C1575",
        "RSA#A1187",
        "KAS-SSC#A1187",
        "RSA#C1576",
        "SHS#C1578",
        "KAS#C1578",
        "RSA#A1252",
        "CVL#C1578",
        "DRBG#C1573",
        "ECDSA#C1576",
        "SHS#C1576",
        "KAS#A1187",
        "KAS#C1576",
        "KTS#C1576",
        "ECDSA#C1575",
        "HMAC#C1578",
        "AES#C1578",
        "AES#C1576",
        "CVL#C1575",
        "SHS#C1575",
        "HMAC#C1576",
        "RSA#C1578",
        "SHS#A1187",
        "CVL#C1576",
        "ECDSA#C1578",
        "AES#C1575"
      ]
    },
    "cpe_matches": {
      "_type": "Set",
      "elements": [
        "cpe:2.3:h:fortinet:fortigate_301e:-:*:*:*:*:*:*:*"
      ]
    },
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "6.2"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDH": {
            "ECDH": 5
          },
          "ECDSA": {
            "ECDSA": 21
          }
        },
        "FF": {
          "DH": {
            "DH": 5,
            "Diffie-Hellman": 16
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "CTR": {
          "CTR": 1
        },
        "GCM": {
          "GCM": 10
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 35,
          "IKEv1": 1,
          "IKEv2": 3
        },
        "IPsec": {
          "IPsec": 30
        },
        "SSH": {
          "SSH": 17
        },
        "TLS": {
          "SSL": {
            "SSL": 3
          },
          "TLS": {
            "TLS": 23,
            "TLS 1.1": 4,
            "TLS 1.2": 1
          }
        },
        "VPN": {
          "VPN": 24
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key agreement": 2
        }
      },
      "device_model": {},
      "ecc_curve": {
        "Brainpool": {
          "brainpoolP224r1": 1,
          "brainpoolP256r1": 1,
          "brainpoolP384r1": 1,
          "brainpoolP512r1": 1
        },
        "Curve": {
          "Curve25519": 1
        },
        "NIST": {
          "P-256": 13,
          "P-384": 11,
          "P-521": 7,
          "curve P-256": 1,
          "curve P-384": 1,
          "curve P-521": 1,
          "secp256r1": 1,
          "secp384r1": 1,
          "secp521r1": 1
        }
      },
      "eval_facility": {
        "DEKRA": {
          "DEKRA Testing and Certification": 4
        }
      },
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES (128": 9,
          "AES 128": 2,
          "AES 256": 3,
          "AES-256": 1,
          "DRBG 128": 1,
          "HMAC SHA-1": 7,
          "HMAC SHA-256": 9,
          "HMAC SHA-384": 3,
          "HMAC SHA-512": 3,
          "HMAC-SHA-256": 4,
          "PKCS 1": 1,
          "RSA PKCS 1": 1,
          "SHA-1": 14,
          "SHA-224": 1,
          "SHA-256": 13,
          "SHA-384": 6,
          "SHA-512": 6,
          "SHA1": 1,
          "SHA2-256": 2,
          "SHA2-384": 2,
          "SHA2-512": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 2": 6,
          "level 3": 1
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 14,
            "SHA1": 1
          },
          "SHA2": {
            "SHA-224": 1,
            "SHA-256": 13,
            "SHA-384": 6,
            "SHA-512": 6
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 37
        },
        "RNG": {
          "RBG": 1
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 52
        },
        "NIST": {
          "NIST SP 800-90A": 1,
          "SP 800-133": 1,
          "SP 800-52": 1,
          "SP 800-90A": 1,
          "SP 800-90B": 1
        },
        "PKCS": {
          "PKCS 1": 1
        },
        "RFC": {
          "RFC 5246": 1,
          "RFC 5288": 1,
          "RFC 7296": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 29,
            "AES-256": 1
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 24,
            "HMAC-SHA-256": 2
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 1
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Fortinet Technical Documentation",
      "/CreationDate": "D:20230906130649-04\u002700\u0027",
      "/Keywords": "",
      "/ModDate": "D:20230906130649-04\u002700\u0027",
      "/Producer": "madbuild",
      "/Subject": "",
      "/Title": "FortiOS 6.x FG-X01E Models FIPS 140-2 Level 2 Security Policy",
      "pdf_file_size_bytes": 2116101,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://docs.fortinet.com/",
          "http://forticast.fortinet.com/",
          "http://www.fortinet.com/products",
          "https://video.fortinet.com/",
          "https://fortiguard.com/",
          "https://docs.fortinet.com/",
          "https://www.fortinet.com/doc/legal/EULA.pdf",
          "http://csrc.nist.gov/groups/STM/cmvp/index.html",
          "mailto:[email protected]",
          "https://blog.fortinet.com/",
          "http://www.fortinet.com/support",
          "https://support.fortinet.com/",
          "https://training.fortinet.com/",
          "https://www.fortinet.com/corporate/about-us/privacy.html",
          "http://www.fortinet.com/contact",
          "http://kb.fortinet.com/",
          "http://fortiguard.com/"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 33
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "26f8378eef40f8f3e24d3370f70d7a19ed00e1ab374f9ffde7c149b5b03c10fd",
    "policy_txt_hash": "7ce5a0a7a0ddb38750a048bc478b5138598494364566620672474c33db73cd48"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy with the tamper evident seals installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2023_101023_1100 signed (2).pdf",
    "date_sunset": "2026-05-16",
    "description": "The FortiGate-201E/301E/401E/501E/601E are multiple chip, standalone cryptographic modules consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, Services, and Authentication: Level 3"
    ],
    "fw_versions": "FortiOS 6.2 build 5203",
    "historical_reason": null,
    "hw_versions": "FortiGate-201E (C1AE64), FortiGate-301E (C1AG46), FortiGate-401E (C1AH76), FortiGate-501E (C1AG44) and FortiGate-601E (C1AH71) with Tamper Evident Seal Kit: FIPS-SEAL-RED",
    "level": 2,
    "mentioned_certs": {},
    "module_name": "FortiGate-201E/301E/401E/501E/601E",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-09-27",
        "lab": "Lightship Security, Inc.",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Fortinet, Inc.",
    "vendor_url": "http://www.fortinet.com"
  }
}