This page was not yet optimized for use on mobile devices.

Juniper Networks EX4650, QFX5120 and QFX5210 Ethernet Switches

Certificate #4662

Webpage information

Status	historical
Historical reason	Moved to historical list due to sunsetting
Validation dates	28.11.2023
Standard	FIPS 140-2
Security level	1
Type	Hardware
Embodiment	Multi-Chip Stand Alone
Caveat	When operated in FIPS mode, installed, initialized and configured as specified in Sections 1.2 and 5 of the Security Policy
Exceptions	Roles, Services, and Authentication: Level 3 Design Assurance: Level 3 Mitigation of Other Attacks: N/A
Description	The Juniper Networks QFX series switches are high performance, high density data center switches. The QFX switches provide high performance, wire speed switching with low latency and jitter. The QFX series switches provide the universal building blocks for multiple data center fabric architectures.
Version (Hardware)	EX4650-48Y-AFI, EX4650-48Y-AFO, EX4650-48Y-DC-AFI, EX4650-48Y-DC-AFO, QFX5120-32C-AFI, QFX5120-32C-AFO, QFX5120-32C-DC-AFI, QFX5120-32C-DC-AFO, QFX5120-48Y-AFI2, QFX5120-48Y-AFO2, QFX5120-48Y-DC-AFI2, QFX5120-48Y-DC-AFO2, QFX5210-64C-AFI, QFX5210-64C-AFO, QFX5210-64C-DC-AFI and QFX5210-64C-DC-AFO
Version (Firmware)	Junos OS 19.3R1
Vendor	Juniper Networks, Inc
References	This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Certificate

Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms

AES, CAST, Triple-DES, TDEA, Blowfish, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512

Asymmetric Algorithms

RSA 2048, RSA 3072, RSA 4096, ECDH, ECDSA, DH, Diffie-Hellman, DSA

Hash functions

SHA-1, SHA-256, SHA-512, SHA-384, MD5

Schemes

MAC, Key Exchange, Key Agreement, AEAD

Protocols

SSH, SSHv2, IKE, IPsec

Randomness

DRBG, RNG

Libraries

OpenSSL

Elliptic Curves

P-256, P-384, P-521, P-512

Block cipher modes

CBC, CTR, GCM

Security level

Level 1, level 1

Standards

FIPS 140-2, FIPS140-2, FIPS PUB 140-2, SP 800-135, SP 800-90A, RFC 4253, X.509

File metadata

Subject	FIPS 140-2 Security Policy Template
Author	Juan Gonzalez
Creation date	D:20231114234000
Pages	23
Creator	Microsoft
Producer	Microsoft

Heuristics

Automated inference - use with caution

All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.

CPE matches

References

No references are available for this certificate.

Updates Feed

26.01.2026

The certificate data changed.
Certificate changed

The web extraction data was updated.

The status property was set to historical.

The historical_reason property was set to Moved to historical list due to sunsetting.

The date_sunset property was set to None.
15.12.2025

The certificate data changed.
Certificate changed

The state was updated.

The following values were inserted: {'policy_json_hash': None}.

The following properties were deleted: ['policy_convert_garbage'].
08.09.2025

The certificate data changed.
Certificate changed

The web extraction data was updated.

The validation_history property was updated.
04.04.2025

The certificate data changed.
Certificate changed

The PDF extraction data was updated.

The keywords property was updated, with the {'crypto_protocol': {'__update__': {'SSH': {'__insert__': {'SSHv2': 1}}}}} data.
02.01.2024

The certificate was first processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4662,
  "dgst": "d7238b16367eafcd",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "AES#C1543",
        "CVL#C1543",
        "RSA#C1543",
        "HMAC#C1543",
        "DRBG#C1541",
        "SHS#C1541",
        "HMAC#C1542",
        "SHS#C1542",
        "DRBG#C1543",
        "SHS#C1543",
        "Triple-DES#C1543",
        "ECDSA#C1543",
        "HMAC#C1541"
      ]
    },
    "cpe_matches": {
      "_type": "Set",
      "elements": [
        "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*",
        "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*",
        "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
      ]
    },
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "19.3"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECDH": {
            "ECDH": 4
          },
          "ECDSA": {
            "ECDSA": 21
          }
        },
        "FF": {
          "DH": {
            "DH": 5,
            "Diffie-Hellman": 6
          },
          "DSA": {
            "DSA": 2
          }
        },
        "RSA": {
          "RSA 2048": 7,
          "RSA 3072": 4,
          "RSA 4096": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "CTR": {
          "CTR": 2
        },
        "GCM": {
          "GCM": 1
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 3
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 1
        },
        "IPsec": {
          "IPsec": 1
        },
        "SSH": {
          "SSH": 38,
          "SSHv2": 1
        }
      },
      "crypto_scheme": {
        "AEAD": {
          "AEAD": 1
        },
        "KA": {
          "Key Agreement": 1
        },
        "KEX": {
          "Key Exchange": 2
        },
        "MAC": {
          "MAC": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 28,
          "P-384": 14,
          "P-512": 2,
          "P-521": 12
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES CBC 128/192/256": 1,
          "AES [197": 1,
          "HMAC SHA 256": 1,
          "HMAC SHA-1": 1,
          "HMAC SHA-256": 2,
          "HMAC [198": 3,
          "HMAC-SHA-1": 6,
          "HMAC-SHA-256": 4,
          "HMAC-SHA-384": 2,
          "HMAC-SHA-512": 4,
          "RSA 2048": 7,
          "RSA 3072": 4,
          "RSA 4096": 1,
          "SHA 1, 384": 1,
          "SHA 256": 5,
          "SHA-1": 7,
          "SHA-256": 10,
          "SHA-384": 5,
          "SHA-512": 5,
          "SHS [180": 3
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2,
          "level 1": 1
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 1
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 7
          },
          "SHA2": {
            "SHA-256": 13,
            "SHA-384": 3,
            "SHA-512": 6
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 11
        },
        "RNG": {
          "RNG": 2
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 9,
          "FIPS PUB 140-2": 1,
          "FIPS140-2": 1
        },
        "NIST": {
          "SP 800-135": 1,
          "SP 800-90A": 3
        },
        "RFC": {
          "RFC 4253": 1
        },
        "X509": {
          "X.509": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 6
          },
          "CAST": {
            "CAST": 1
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "Triple-DES": 5
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 17,
            "HMAC-SHA-256": 3,
            "HMAC-SHA-384": 1,
            "HMAC-SHA-512": 1
          }
        },
        "miscellaneous": {
          "Blowfish": {
            "Blowfish": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Juan Gonzalez",
      "/CreationDate": "D:20231114234000",
      "/Creator": "Microsoft",
      "/Producer": "Microsoft",
      "/Subject": "FIPS 140-2 Security Policy Template",
      "pdf_file_size_bytes": 2577722,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000639-en.pdf",
          "https://urldefense.com/v3/__https:/csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=32040__;!!NEt6yMaO-gk!SJ6fDARjzvqgwj9d-7trmxzrS1wz_FYs2QHyYt4ckfvEps0wNCRVCn4BMD0Xuh9E$",
          "https://urldefense.com/v3/__https:/csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=32039__;!!NEt6yMaO-gk!SJ6fDARjzvqgwj9d-7trmxzrS1wz_FYs2QHyYt4ckfvEps0wNCRVCn4BMCODX2iH$",
          "https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000640-en.pdf",
          "https://urldefense.com/v3/__https:/csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=32038__;!!NEt6yMaO-gk!SJ6fDARjzvqgwj9d-7trmxzrS1wz_FYs2QHyYt4ckfvEps0wNCRVCn4BMOMX8wy8$",
          "https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000633-en.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 23
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "d69d2d58fd3804de71f9d4967c5a9e709e400512c9ac7514aafa165c31e48ff0",
    "policy_txt_hash": "951117dd2b3482d5f09b8b4a3309ec5ec6581da66e750aded7e3b1be5df0f2cf"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Sections 1.2 and 5 of the Security Policy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/November 2023_111223_0648_signed.pdf",
    "date_sunset": null,
    "description": "The Juniper Networks QFX series switches are high performance, high density data center switches. The QFX switches provide high performance, wire speed switching with low latency and jitter. The QFX series switches provide the universal building blocks for multiple data center fabric architectures.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, Services, and Authentication: Level 3",
      "Design Assurance: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "Junos OS 19.3R1",
    "historical_reason": "Moved to historical list due to sunsetting",
    "hw_versions": "EX4650-48Y-AFI, EX4650-48Y-AFO, EX4650-48Y-DC-AFI, EX4650-48Y-DC-AFO, QFX5120-32C-AFI, QFX5120-32C-AFO, QFX5120-32C-DC-AFI, QFX5120-32C-DC-AFO, QFX5120-48Y-AFI2, QFX5120-48Y-AFO2, QFX5120-48Y-DC-AFI2, QFX5120-48Y-DC-AFO2, QFX5210-64C-AFI, QFX5210-64C-AFO, QFX5210-64C-DC-AFI and QFX5210-64C-DC-AFO",
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Juniper Networks EX4650, QFX5120 and QFX5210 Ethernet Switches",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "historical",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-11-28",
        "lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Juniper Networks, Inc",
    "vendor_url": "http://www.juniper.net"
  }
}

Sections