Support Center > Search Results > SecureKnowledge Details
Common Criteria EAL4+ and FIPS 140-2 and Evaluation Resources for Check Point Software Blades R7x Technical Level
Solution

"Common Criteria for Information Technology Security Evaluation" (CCITSE) usually referred to as the "Common Criteria" (CC) is an evaluation standard for a multi-national marketplace. The uses of Common Criteria include:

  1. For consumers:
    • To find requirements for security features that match their own risk assessment.
    • To shop for products that have ratings with those features.
    • To publish their security requirements so that vendors can design products that meet them.
  2. For developers:
    • To select security requirements that they wish to include in their products.
    • To design and build a product in a way that can prove to evaluators that the product meets requirements.
    • To determine their responsibilities in supporting and evaluating their product.

Check Point Software Blades R7x uniquely offers a single platform that conforms to the highest standards:

  • Common Criteria (ISO 15408) Evaluation Assurance Level EAL4+
  • U.S. Government Protection Profile for Traffic Filter Firewall In Basic Robustness Environments, Version 1.1, July 25, 2007
  • U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments, Version 1.1, July 25, 2007
  • U.S. Government Protection Profile Intrusion Detection System System for Basic Robustness Environments, Version 1.7, July 25, 2007

The CC Evaluated Configuration Installation Guide describes the delivery and operation procedures that must be implemented by Check Point Software Technologies Ltd. customers and/or resellers to ensure the secure delivery, installation, generation, and start-up of Software Blades R7x in accordance with the Common Criteria evaluated configuration, as defined in the Check Point Software Blades R7x Security Target. The guidelines provided in this document explain how to use the existing Check Point Installation process to set up VPN-1/FireWall-1 NGX in a manner that is consistent with the evaluated configuration. This guidance must be read in conjunction with the referenced installation and configuration guides, and is written to take account of the specific details and setting that are required to conforms to the evaluated configuration.

Important:

  • R7x supports hardware RAID when configured with multiple drives on the following appliances:

    • Power-1 9070
    • Power-1 11000
    • 12600


  • R7x does not support software RAID when multiple drives configured on the following 2012 Appliances:

    • 12200
    • 12400
    • 21400
    • 21600
    • 21700


Download the Common Criteria Check Point Software Blades R7x CC Evaluated Installation Guide.

The evaluated configuration can be downloaded from the links below:

SmartConsole:

Security Management base:

Security Gateway base:

 

The installation/reimage requires:

  • To install from USB stick (exclusively use for 2012 appliances)

    • Create a USB install stick using ISOmorphic - see sk65205
    • On the USB stick, replace the r-doc with Check Point ramdisk-local-dok.
    • Perform install.
    • Once the install is complete, remove the USB stick and click 'OK' to reboot.
  • For IAS/OpenServers, install can be via USB flash drive, or burning it onto a DVD
  • connecting the storage device via USB port to the machine
  • rebooting the machine

To re-image, refer to:

 

Checking the authenticity of downloaded images:
Download the cd2iso file to check the authenticity of downloaded images.

Note: This version of cd2iso.exe contains MD5 and SHA1 computation capability. For additional information, refer to Openssl license on openssl.

The CC Evaluated Configuration Administration Guide describes the operation procedures that must be implemented by Check Point Software Technologies Ltd. customers and/or resellers for the configuration and management of Check Point VPN-1 Power/UTM NGX (R65 HFA_30) in accordance with the Common Criteria evaluated configuration, as defined in the Check Point VPN-1 Power/UTM NGX R65 Security Target. It also describes the administrative security functions and interfaces available to the administrator of the evaluated configuration. It identifies and describes the purpose, behavior, and interrelationships of the administrator security interfaces and functions.

Download the Common Criteria Check Point Software Blades R7x CC Evaluated Administration Guide.

Modified fwstop (from DISA certification)

This fwstop is modified to remove temporary files after shutdown.

To apply:

  1. Run "cpstop"
  2. Run "fips off"
  3. Replace the fwstop with the one found here.
  4. Extract the zip file.
  5. Run "cpstart"
  6. Run "fips on"
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment