Module Name
Juniper Networks MX240, MX480, MX960, MX2010, and MX2020 3D Universal Edge Routers with RE1800 Routing Engine and Multiservices MPC
Validation Dates
02/28/2019
Caveat
When operated in FIPS mode, installed, initialized and configured as specified in Section 1.2 and 6 of the Security Policy
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
Juniper Networks MX Series is a robust portfolio of SDN enabled routing platforms that provide industry leading system capacity, density, security and performance. Key features include support for a wide range of L2/L3 VPN services and advanced broadband network gateway functions, along with integrated routing, switching and security services. Multiservices MPC supports Layer 3 services such as stateful firewall, NAT, IPsec, active flow monitoring and RPM.
FIPS Algorithms
| AES |
Certs. #5499, #5500 and #5501 |
| CVL |
Certs. #1949 and #1950 |
| DRBG |
Certs. #2168, #2169 and #2170 |
| ECDSA |
Certs. #1475 and #1478 |
| HMAC |
Certs. #3648, #3649, #3650, #3651 and #3652 |
| KTS |
AES Certs. #5499 and #5501 and HMAC Certs. #3650 and #3652; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
Triple-DES Certs. #2766 and #2768 and HMAC Certs. #3650 and #3652; key establishment methodology provides 112 bits of encryption strength |
| RSA |
Certs. #2950 and #2951 |
| SHS |
Certs. #4407, #4408, #4409, #4410 and #4411 |
| Triple-DES |
Certs. #2766, #2767 and #2768 |
Allowed Algorithms
Diffie-Hellman (CVL Cert. #1950, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1949 and #1950, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG
Hardware Versions
MX240, MX480, MX960, MX2010 and MX2020 with components identified in Security Policy Table 1
Firmware Versions
Junos OS 17.4R1-S1
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
