Juniper Networks EX4650, QFX5120 and QFX5210 Ethernet Switches

Certificate #4661

Webpage information ?

Status active
Validation dates 28.11.2023
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode
Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Description The Juniper Networks QFX series switches are high performance, high density data center switches. The QFX switches provide high performance, wire speed switching with low latency and jitter. The QFX series switches provide the universal building blocks for multiple data center fabric architectures.
Version (Hardware) EX4650-48Y-AFI, EX4650-48Y-AFO, EX4650-48Y-DC-AFI, EX4650-48Y-DC-AFO, QFX5120-32C-AFI , QFX5120-32C-AFO , QFX5120-32C-DC-AFI , QFX5120-32C-DC-AFO, QFX5120-48T-AFI, QFX5120-48T-AFO, QFX5120-48T-DC-AFI, QFX5120-48T-DC-AFO, QFX5120-48Y-AFI2, QFX5120-48Y-AFO2 , QFX5120-48Y-DC-AFI2, QFX5120-48Y-DC-AFO2, QFX5210- 64C-AFI , QFX5210- 64C-AFO, QFX5210-64C-DC-AFI, QFX5210-64C-DC-AFO
Version (Firmware) JUNOS OS 20.2R1-S1
Vendor Juniper Networks, Inc
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, CAST, Triple-DES, TDEA, Blowfish, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
Asymmetric Algorithms
RSA 2048, RSA 4096, RSA 3072, ECDH, ECDSA, DH, Diffie-Hellman, DSA
Hash functions
SHA-1, SHA-256, SHA-512, SHA-384, MD5
Schemes
MAC, Key Exchange, AEAD
Protocols
SSH, IKE, IPsec
Randomness
DRBG, RNG
Libraries
OpenSSL
Elliptic Curves
P-256, P-384, P-521
Block cipher modes
CBC, CTR, GCM

Security level
Level 1, level 1

Standards
FIPS 140-2, FIPS140-2, FIPS PUB 140-2, SP 800-135, SP 800-90A, RFC 4253, X.509

File metadata

Creation date D:20231120151210-05'00'
Modification date D:20231120151210-05'00'
Pages 25

References

Incoming
  • 4879 - active - Samsung NVMe TCG Opal SSC SEDs PM1743/PM1745 Series

References ?

Updates ?

  • 18.11.2024 The certificate data changed.
    Certificate changed

    The computed heuristics were updated.

    • The policy_processed_references property was updated, with the {'directly_referenced_by': {'_type': 'Set', 'elements': ['4879']}, 'indirectly_referenced_by': {'_type': 'Set', 'elements': ['4879']}} data.
  • 02.01.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4661,
  "dgst": "94ca7771bcbfb3a5",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "HMAC#A867",
        "HMAC#A866",
        "HMAC#A868",
        "AES#A867",
        "Triple-DES#A867",
        "DRBG#A867",
        "ECDSA#A867",
        "SHS#A867",
        "CVL#A867",
        "SHS#A868",
        "DRBG#A866",
        "SHS#A866",
        "RSA#A867"
      ]
    },
    "cpe_matches": {
      "_type": "Set",
      "elements": [
        "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*",
        "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*",
        "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
      ]
    },
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "20.2"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4879"
        ]
      },
      "directly_referencing": null,
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4879"
        ]
      },
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECDH": {
            "ECDH": 3
          },
          "ECDSA": {
            "ECDSA": 21
          }
        },
        "FF": {
          "DH": {
            "DH": 8,
            "Diffie-Hellman": 7
          },
          "DSA": {
            "DSA": 2
          }
        },
        "RSA": {
          "RSA 2048": 7,
          "RSA 3072": 4,
          "RSA 4096": 2
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 2
        },
        "CTR": {
          "CTR": 2
        },
        "GCM": {
          "GCM": 1
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 3
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 1
        },
        "IPsec": {
          "IPsec": 1
        },
        "SSH": {
          "SSH": 39
        }
      },
      "crypto_scheme": {
        "AEAD": {
          "AEAD": 1
        },
        "KEX": {
          "Key Exchange": 2
        },
        "MAC": {
          "MAC": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 26,
          "P-384": 12,
          "P-521": 14
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES CBC 128/192/256": 1,
          "AES [197": 1,
          "DRBG 3": 1,
          "DRBG 4": 1,
          "HMAC SHA 256": 1,
          "HMAC SHA-1": 1,
          "HMAC SHA-256": 2,
          "HMAC [198": 3,
          "HMAC-SHA-1": 6,
          "HMAC-SHA-256": 4,
          "HMAC-SHA-384": 2,
          "HMAC-SHA-512": 4,
          "RSA 2048": 7,
          "RSA 3072": 4,
          "RSA 4096": 2,
          "SHA 1, 256": 1,
          "SHA 256": 7,
          "SHA-1": 7,
          "SHA-256": 10,
          "SHA-384": 5,
          "SHA-512": 5,
          "SHS [180": 3
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2,
          "level 1": 1
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 1
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 7
          },
          "SHA2": {
            "SHA-256": 13,
            "SHA-384": 3,
            "SHA-512": 6
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 15
        },
        "RNG": {
          "RNG": 2
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 9,
          "FIPS PUB 140-2": 1,
          "FIPS140-2": 1
        },
        "NIST": {
          "SP 800-135": 1,
          "SP 800-90A": 3
        },
        "RFC": {
          "RFC 4253": 1
        },
        "X509": {
          "X.509": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 6
          },
          "CAST": {
            "CAST": 1
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "Triple-DES": 7
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 18,
            "HMAC-SHA-256": 3,
            "HMAC-SHA-384": 1,
            "HMAC-SHA-512": 1
          }
        },
        "miscellaneous": {
          "Blowfish": {
            "Blowfish": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20231120151210-05\u002700\u0027",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId": "15f92b67-224a-415d-a546-8cebb245dcaf",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application": "Microsoft Azure Information Protection",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled": "True",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method": "Automatic",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name": "Juniper Business Use Only",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner": "[email protected]",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate": "2019-06-28T05:46:17.5561117Z",
      "/MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId": "bea78b3c-4cdb-4130-854a-1d193232e5f4",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_ActionId": "be1f6878-6aa4-41fd-9765-65bd138a380f",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_ContentBits": "0",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_Enabled": "true",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_Method": "Privileged",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_Name": "Unrestricted",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_SetDate": "2023-11-20T20:11:41Z",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_SiteId": "b64da4ac-e800-4cfc-8931-e607f720a1b8",
      "/ModDate": "D:20231120151210-05\u002700\u0027",
      "pdf_file_size_bytes": 1044689,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000639-en.pdf",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=33465",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=33464",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=33466",
          "https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000640-en.pdf",
          "https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000633-en.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 25
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "5861829b3744e18081e46eef4e1d9ba4140d77759fa94109dbd272840886b32e",
    "policy_txt_hash": "7faa02e05a136e031d70b30540712f9cbce34b1c2b7e0deca8aea312c1f2f9a5"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/November 2023_111223_0648_signed.pdf",
    "date_sunset": "2026-09-21",
    "description": "The Juniper Networks QFX series switches are high performance, high density data center switches. The QFX switches provide high performance, wire speed switching with low latency and jitter. The QFX series switches provide the universal building blocks for multiple data center fabric architectures.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, Services, and Authentication: Level 3",
      "Design Assurance: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "JUNOS OS 20.2R1-S1",
    "historical_reason": null,
    "hw_versions": "EX4650-48Y-AFI, EX4650-48Y-AFO, EX4650-48Y-DC-AFI, EX4650-48Y-DC-AFO, QFX5120-32C-AFI , QFX5120-32C-AFO , QFX5120-32C-DC-AFI , QFX5120-32C-DC-AFO, QFX5120-48T-AFI, QFX5120-48T-AFO, QFX5120-48T-DC-AFI, QFX5120-48T-DC-AFO, QFX5120-48Y-AFI2, QFX5120-48Y-AFO2 , QFX5120-48Y-DC-AFI2, QFX5120-48Y-DC-AFO2, QFX5210- 64C-AFI , QFX5210- 64C-AFO, QFX5210-64C-DC-AFI, QFX5210-64C-DC-AFO",
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Juniper Networks EX4650, QFX5120 and QFX5210 Ethernet Switches",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-11-28",
        "lab": "LEIDOS CSTL",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Juniper Networks, Inc",
    "vendor_url": "http://www.juniper.net"
  }
}