Support Center > Search Results > SecureKnowledge Details
Common Criteria EAL4+ of R77 on Gaia OS Technical Level
Solution

Background:

"Common Criteria for Information Technology Security Evaluation" (CCITSE) usually referred to as the "Common Criteria" (CC) is an evaluation standard for a multi-national marketplace. The uses of Common Criteria include:

  • For consumers:

    To find requirements for security features that match their own risk assessment. To shop for products that have ratings with those features. To publish their security requirements so that vendors can design products that meet them.

  • For developers:

    To select security requirements that they wish to include in their products. To design and build a product in a way that can prove to evaluators that the product meets requirements. To determine their responsibilities in supporting and evaluating their product.

 

Conformity to highest standards:

Check Point Software Blades R77 uniquely offers a single platform that conforms to the highest standards:

Common Criteria (ISO 15408) Evaluation Assurance Level EAL4+ U.S. Government Protection Profile for Traffic Filter Firewall In Basic Robustness Environments, Version 1.1, July 25, 2007 U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments, Version 1.1, July 25, 2007 U.S. Government Protection Profile Intrusion Detection System System for Basic Robustness Environments, Version 1.7, July 25, 2007

 

Common Criteria Evaluated Configuration Installation Guide:

The Security Gateway Appliances R77 CC Evaluated Configuration Installation Guide describes the delivery and operation procedures that must be implemented by Check Point Software Technologies Ltd. customers and/or resellers to ensure the secure delivery, installation, generation, and start-up of Software Blades R77 in accordance with the Common Criteria evaluated configuration, as defined in the Check Point Security Appliances with Security Management and Security Gateway R77 on Gaia Security Target. The guidelines provided in this document explain how to use the existing Check Point Installation process to set the evaluated configuration that includes and claims as security functionality the:

  • Packet filtering firewall
  • Application layer firewall
  • Virtual Systems
  • Fault tolerance, high availability, load sharing, VRRP, VSX Gateway high availability, Virtual system Load Sharing (VSLS)
  • ClusterXL
  • VPN GW-GW and Remote access with SNX
  • IPS blade
  • HTTPS inspection
  • Acceleration including CoreXL and SecureXL
  • Security Management in HA configuration
  • Local and Remote administration
  • Gaia OS

This guidance must be read in conjunction with the referenced installation and configuration guides, and is written to take account of the specific details and setting that are required to conform to the evaluated configuration.

Important:

The R77 Security Target lists the TOE supported hardware. The complete list is written in Appendix A commencing on page 192. The list includes:

  • 2012 Appliances
  • Power-1
  • UTM-1
  • VSX-1
  • IP Series Appliances
  • Smart-1
  • IAS (not including Crossbeam chassis)

The Common Criteria Evaluated Administration Guide includes sections on:

  • Creating the Security Policy
  • Authenticated Services
  • IPS Settings
  • Sitte to Site VPNs 
  • Remote Access VPN
  • Content Inspection Settings
  • Monitoring 
  • Management Functions 

 

Certification hotfix for R77

The certification hotfix is available only for R77. Note that if this certification hotfix is installed, successful installation of software updates will first require the removal of this certification hotfix.

In preference of the certification hotfix for R77, it is recommended to install the latest Check Point release. As for March 2014, the latest version is R77.10 that includes all bug fixes that were part of the certification apart from 01295689 (Mobile Access login logs still appear in SmartView Tracker despite setting the 'VPN configuration & key exchange errors' to 'None' in Global Properties).

 

Checking the authenticity of downloaded images:

Download the cd2iso file to check the authenticity of downloaded images.

Note: This version of cd2iso.exe contains MD5 and SHA1 computation capability. For additional information, refer to OpenSSL License.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment