Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FortiDB best Common Criteria Configuration



[size="2"]I'm looking for the best configuration to pass the [style="background-color: #ffffff;"]Common Criteria ISO/IEC 15408 (Evaluation Criteria for IT security Part :1,2,3)[/style][/size]


[size="2"][style="background-color: #ffffff;"]I have FortiDB-1000D and my OS is 5.1.3-0009, r20485.[/style][/size]


[style="background-color: #ffffff;"][size="2"]For Example FortiDB-1000 D is using diffie-hellman-group1-sha1 and [size="2"]diffie-hellman-groupe-exchange-sha1 but these algorithm not supported with IEC 15408 ([size="2"]FCS_SSHC_EXT.1.7[/size]).[/size] [/size][/style]

[style="background-color: #ffffff;"][size="2"][size="2"]Also base on the FCS_SSHS_EXT.1.2 we should authenticate the SSH Connection base on public key and password.[/size][/size][/style]

[style="background-color: #ffffff;"][size="2"][size="2"]But the FortiDB-1000D doesn't use public key for SSH authentication[/size][size="2"].[/size][size="2"] [/size][/size][/style]


[style="background-color: #ffffff;"][size="2"]Or Also based on FCS_TLSC_EXR.1.1 when device is in client mode and we have TLS connection, we should use TLSV1.2 and TLS_RSA_WUTH_AES_18_CBC_SHA key chain but FortiDB 1000D is using TLSv1.0 and the prohibited key chine like TLS_RSA_WITH_DES_CBC_SHA or SSL2_DES_64_CBC_WITH_MD5. [/size][/style]


[style="background-color: #ffffff;"][size="2"]Please help me to solve these problems and set the best cofiguration for [/size][/style][style="background-color: #ffffff;"][size="2"]Common Criteria ISO/IEC 15408[/size][/style][style="background-color: #ffffff;"].[/style]


[style="background-color: #ffffff;"][size="2"]Thank you very much for your considerations.[/size][/style]


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors