Module Name
Huawei AR1200 and AR2200 Series Routers
Validation Dates
05/08/2017
Caveat
When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocols IKEv1 and SNMP shall not be used when operated in FIPS mode.
Security Level Exceptions
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
ARs are located between an enterprise network and a public network, functioning as the only ingress and egress for data transmitted between the two networks. The deployment of various network services over the ARs reduces operation & maintenance (O&M) costs as well as those associated with establishing an enterprise network.
FIPS Algorithms
| AES |
Certs. #4323, #4324 and #4325 |
| CKG |
vendor affirmed |
| CVL |
Cert. #1036 |
| DRBG |
Cert. #1379 |
| ECDSA |
Cert. #1023 |
| HMAC |
Certs. #2861, #2862 and #2863 |
| KTS |
AES Cert. #4323 and HMAC Cert. #2861; key establishment methodology provides 128 bits of encryption strength |
| KTS |
Triple-DES Cert. #2335 and HMAC Cert. #2861; key establishment methodology provides 112 bits of encryption strength |
| SHS |
Certs. #3565, #3566 and #3567 |
| Triple-DES |
Certs. #2335, #2336 and #2337 |
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #2861); NDRNG; Blowfish; DES; HMAC-MD5; IKEv1 KDF (non-compliant); MD5; SM1; SM3; SM4; SNMP KDF (non-compliant)
Hardware Versions
AR1220E P/N 02350DQJ Version E.5 with [1], AR1220EVW P/N 02350DQL Version F.5 with [1] and AR2220E P/N 02350DQM Version E.6 with [1]; Tamper Evident Seals P/N 4057-113016 [1]
Firmware Versions
V200R008C10SPC110
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
