User guide
Aruba Networks Security Target
Page 11 of 67
b) Verifiable updates. Updates are digitally signed and verified upon installation
utilizing digital signatures.
c) System monitoring. The TOE maintains an audit log of administrative and
security relevant events. Logs can optionally be delivered to a Syslog server.
d) Secure administration. The TOE provides administration interfaces for
configuration and monitoring. The TOE authenticates administrators and
implements session timeouts.
e) Residual information clearing. The TOE ensures that network packets sent
from the TOE do not include data "left over" from the processing of previous
network information.
f) Self-test. The TOE performs both power-up and conditional self-tests to verify
correct and secure operation.
g) Firewall. The TOE performs stateful packet filtering. Wireless clients
connecting through APs are placed into user-roles. Stateful packet filter
policies are applied to these user-roles to allow fine grained control over
wireless traffic. Note: Firewall functionality is not within the scope of this
evaluation.
2.5 Physical Scope
20 The TOE comprises the ArubaOS 6.3 software and the chassis and appliance
models listed in Table 3.
21 ArubaOS 6.3 consists of a base software package with add-on software modules
that can be activated by installing the appropriate licenses. The following licenses
are required for the evaluated configuration (and are within the physical scope):
a) Advanced Cryptography Note: Only required if using Elliptic Curve
cryptography or AES-GCM
b) Policy Enforcement Firewall Next Generation (not within the scope of this
evaluation)
Table 3: TOE chassis and appliance models
Model
Max # APs
Max # users
Firewall throughput
7240
2048
65,536
40 Gbps
7220
1024
32,768
40 Gbps
7210
512
16,384
28.3 Gbps
6000 with four M3 blades
2,048
32,768
80 Gbps
3600
128
8,192
4 Gbps
3400
64
4,096
4 Gbps
3200
32
2,048
3 Gbps
650
16
512
2 Gbps