Transcription
Juniper Networks SRX100, SRX110, SRX210, SRX220, SRX240,SRX550, and SRX650 Services GatewaysNon-Proprietary FIPS 140-2 Cryptographic Module SecurityPolicyVersion: 1.1Date: July 26, 2016Juniper Networks, Inc.1133 Innovation WaySunnyvale, California 94089USA408.745.20001.888 JUNIPERwww.juniper.netCopyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 1 of 35
Table of Contents1Introduction . 41.11.21.31.42Hardware and Physical Cryptographic Boundary .7Mode of Operation. 14Firmware Load . 15Zeroization. 16Cryptographic Functionality . 172.1 Disallowed Algorithms. 202.2 Critical Security Parameters . 203Roles, Authentication and Services . 223.1 Roles and Authentication of Operators to Roles . 223.2 Authentication Methods . 223.3 Services . 224Self-tests. 235Physical Security Policy . 275.15.25.35.45.55.65.7General Tamper Seal Placement and Application Instructions . 27SRX100 and SRX110 (1 seal) . 27SRX210 (3 seals) . 28SRX220 (5 seals) . 28SRX240 (8 seals) . 29SRX550 (19 seals) . 30SRX650 (19 seals) . 316Security Rules and Guidance . 337References and Definitions . 34List of TablesTable 1 – Cryptographic Module Configurations . 4Table 2 - Security Level of Security Requirements. 5Table 3 - Ports and Interfaces . 14Table 4 - Approved and CAVP Validated Cryptographic Functions . 17Table 5 - Non-Approved but Allowed Cryptographic Functions . 19Table 6 - Protocols Allowed in FIPS Mode . 19Table 7 - Critical Security Parameters (CSPs) . 20Table 8 - Public Keys. 21Table 9 - Authenticated Services . 22Table 10 - Unauthenticated traffic . 23Table 11 - CSP Access Rights within Services . 23Table 12 – Physical Security Inspection Guidelines . 27Copyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 2 of 35
Table 13 – References . 34Table 14 – Acronyms and Definitions . 34Table 15 – Datasheets . 35List of FiguresFigure 1 – SRX100 Profile View . 7Figure 2 – SRX100 Bottom View . 7Figure 3 - SRX110 Profile View . 8Figure 4 - SRX110 Bottom View . 8Figure 5 – SRX210 Top View. 9Figure 6 – SRX210 Bottom View . 9Figure 7 – SRX220 Top View. 10Figure 8 – SRX220 Bottom View . 10Figure 9 – SRX240 Profile View . 11Figure 10 – SRX240 Bottom View . 11Figure 11 - SRX550 Profile View . 11Figure 12 - SRX550 Bottom View . 12Figure 13 - SRX650 Profile View . 12Figure 14 - SRX650 Bottom View . 13Figure 15: SRX100 Tamper-Evident Seal Placement- One Seal. 27Figure 16: SRX110 Tamper-Evident Seal Placement- One Seal. 28Figure 17: SRX210 Tamper-Evident Seal Placement-Three Seals . 28Figure 18: SRX220 Tamper-Evident Seal Placement- Five Seals . 29Figure 19: SRX240 Tamper-Evident Seal Placement-Eight Seals . 29Figure 20: SRX550 Tamper-Evident Seal Placement on Front and Right Side-Twelve Seals . 31Figure 21: SRX550 Tamper-Evident Seal Placement on Rear and Left Side- Seven Seals . 31Figure 22: SRX650 Tamper-Evident Seal Placement on Front and Right Side- Twelve Seals . 32Figure 23: SRX650 Tamper-Evident Seal Placement on Rear and Left Side- Seven Seals . 32Copyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 3 of 35
1IntroductionThe Juniper Networks SRX Series Services Gateways are a series of secure routers that provide essentialcapabilities to connect, secure, and manage work force locations sized from handfuls to hundreds ofusers. By consolidating fast, highly available switching, routing, security, and applications capabilities ina single device, enterprises can economically deliver new services, safe connectivity, and a satisfying enduser experience. All models run Juniper’s JUNOS firmware – in this case, a specific FIPS-compliantversion called JUNOS-FIPS, version 12.1X46-D40. The firmware image is junos-srxsme-12.1X46-D40.4fips.tgz and the firmware Status service identifies itself as in the “Junos 12.1X46-D40.4 (FIPS edition)”.This Security Policy covers the “Branch” models – the SRX100, SRX110, SRX210, SRX220, SRX240,SRX550, and SRX650 models. They are meant for corporate branch offices of various sizes. (Intended sizeis proportional to model number.)The cryptographic modules are defined as multiple-chip standalone modules that execute JUNOS-FIPSfirmware on any of the Juniper Networks SRX-Series gateways listed in the table below.Table 1 – Cryptographic Module ardware 240H2-DC-TAASRX240H2-POE-TAAFirmwareDistinguishing FeaturesJUNOS-FIPS12.1X46-D408 x 10/100 ports; ADSL2 WAN; No I/Oexpansion slotsJUNOS-FIPS12.1X46-D408 x 10/100 ports; VDSL; No I/O expansionslots; no PoEJUNOS-FIPS12.1X46-D402 x 10/100/1000 6 x 10/100; 1 I/Oexpansion slots; up to 4 PoE; 3G WANoptionJUNOS-FIPS12.1X46-D408 x 10/100/1000; 2 I/O expansion slotsJUNOS-FIPS12.1X46-D4016 x 10/100/1000; 4 SFP; 4 I/O expansionslotsCopyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 4 of 35
UNOS-FIPS12.1X46-D406 x 10/100/1000 4 SFP; 8 I/O expansionslotsJUNOS-FIPS12.1X46-D404 x 10/100/1000; 8 I/O expansion slots;slots for additional er-Evident SealsEach Hardware Version for a model is identical in physical form factor, materials, and assemblymethods. The Hardware Version differences for a model are considered non-security relevant. Thedifferences denoted by the various suffixes are described below: H – High Memory – 1 GB RAM H2 – High Memory 2 – 2 GB RAM E – Enhanced – higher processor speed TAA – Trade Adjustment Assistance – refers to TAA complaint component sourcing. Specificationfor the components are identical to non-TAA versions. VA – VDSL2/ADSL2 over POTS VB – VDSL2/ADSL2 over ISDN BRI POE – Power over Ethernet Output DC – Direct Current Power Input AP – Alternating Current Power Input DP – Direct Current Power InputThe modules are designed to meet FIPS 140-2 Level 2 overall:Table 2 - Security Level of Security RequirementsArea1234567891011DescriptionModule SpecificationPorts and InterfacesRoles and ServicesFinite State ModelPhysical SecurityOperational EnvironmentKey ManagementEMI/EMCSelf-testDesign AssuranceMitigation of Other AttacksOverallLevel2232222223N/A2Copyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 5 of 35
The modules have a limited operational environment as per the FIPS 140-2 definitions. They include afirmware load service to support necessary updates. New firmware versions within the scope of thisvalidation must be validated through the FIPS 140-2 CMVP. Any other firmware loaded into thesemodules is out of the scope of this validation and require a separate FIPS 140-2 validation.The modules do not implement any mitigations of other attacks as defined by FIPS 140-2.Copyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 6 of 35
1.1Hardware and Physical Cryptographic BoundaryThe physical forms of the module’s various models are depicted in Figures 1-14 below. For all modelsthe cryptographic boundary is defined as the outer edge of the chassis, but for the SRX550 and SRX650the IO cards are excluded. The modules do not rely on external devices for input and output.Figure 1 – SRX100 Profile ViewFigure 2 – SRX100 Bottom ViewCopyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 7 of 35
Figure 3 - SRX110 Profile ViewFigure 4 - SRX110 Bottom ViewCopyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 8 of 35
Figure 5 – SRX210 Top ViewFigure 6 – SRX210 Bottom ViewCopyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 9 of 35
Figure 7 – SRX220 Top ViewFigure 8 – SRX220 Bottom ViewCopyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 10 of 35
Figure 9 – SRX240 Profile ViewFigure 10 – SRX240 Bottom ViewFigure 11 - SRX550 Profile ViewCopyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 11 of 35
Figure 12 - SRX550 Bottom ViewFigure 13 - SRX650 Profile ViewCopyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 12 of 35
Figure 14 - SRX650 Bottom ViewCopyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 13 of 35
Table 3 - Ports and DescriptionLAN CommunicationsConsole serial portPower connectorResetStatus indicator lightingFirmware load portSHDSL, VDSL, T1, E1Logical Interface TypeControl in, Data in, Data out, Status outControl in, Status outPowerControl inStatus outControl in, Data inControl in, Data in, Data out, Status outMode of OperationFollow the instructions in Section 5 to apply the tamper seals to the module. Once the tamper seals havebeen applied as shown in this document, the JUNOS-FIPS firmware image is installed on the device, andintegrity and self-tests have run successfully on initial power-on, the module is operating in theapproved mode. The Crypto-Officer must ensure that the backup image of the firmware is also a JUNOSFIPS image by issuing the request system snapshot command.If the module was previously in a non-Approved mode of operation, the Cryptographic Officer mustzeroize the CSPs by following the instructions in Section 1.3.Then, the CO must run the following commands to configure SSH to use FIPS approved and FIPS allowedalgorithms:co@fips-srx# set system services ssh hostkey-algorithm ssh-ecdsaco@fips-srx# set system services ssh hostkey-algorithm no-ssh-rsaco@fips-srx# set system services ssh hostkey-algorithm no-ssh-dssco@fips-srx# set system services ssh hostkey-algorithm no-ssh-ed25519co@fips-srx# commitThe CO can change the preference of SSH key exchange methods using the following command:co@fips-srx# set system services ssh key-exchange algorithm algorithm - dh-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384,group-exchange-sha1, or group-exchange-sha2Note: These methods are always proposed during SSH session negotiation. Explicitly specifying a methodmoves the algorithm up in the list of proposed algorithms during the SSH session establishment.The CO can change the preference of SSH cipher algorithms using the following command:co@fips-srx# set system services ssh ciphers algorithm algorithm - 3des-cbc, aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr,aes256-cbc, aes256-ctrCopyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 14 of 35
Note: These algorithms are always proposed during SSH session negotiation. Explicitly specifying analgorithm moves the algorithm up in the list of proposed algorithms during the SSH sessionestablishment.The CO can change the preference of SSH MAC algorithms or enable additional Approved algorithmsusing the following command:co@fips-srx# set system services ssh macs algorithm algorithm - hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-512,hmac-sha1-96-etm@openssh.com, hmac-sha1-etm@openssh.com, hmac-sha2-256etm@openssh.com, hmac-sha2-512-etm@openssh.comNote: hmac-sha1 and hmac-sha1-96 are always proposed during SSH session negotiation. Explicitlyspecifying either algorithm moves it up in the list of proposed algorithms during the SSH sessionestablishment. Specifying any other MAC algorithm adds it to the list of algorithms proposed.For each IPsec tunnel configured, the CO must run the following command to configure the algorithms:co@fips-srx# set system security ipsec name authentication-algorithm algorithm algorithm - hmac-sha-256-128, hmac-sha1-96co@fips-srx# set system security ipsec name encryption-algorithm algorithm algorithm - 3des-cbc, aes-128-cbc, aes-128-gcm, aes-192-cbc, aes-192gcm, aes-256-cbc, aes-256-gcmNote: Use of AES-GCM is only FIPS approved when it is configured for use in conjunction with IKEv2.The “show version” command will indicate if the module is operating in FIPS mode (e.g. JUNOS SoftwareRelease [12.1X46-D40] (FIPS edition)), run “show system services ssh”, and run “show securityipsec” to verify that only the FIPS approved and FIPS allowed algorithms are configured for SSH andIPsec as specified above.1.3Firmware LoadThe cryptographic module implements a firmware load service which allows the loading of legacyfirmware (legacy-use of digital signature verification using SHA-1 as defined by SP800-131Ar1). Tocomply with SP 800-131Ar1, the Crypto Officer must manually determine when a legacy firmware load isbeing performed and determine if the correct type of signature is being verified.Warning: Legacy firmware might not be FIPS 140-2 Validated or meet SP 800-131Ar1 requirements. TheCrypto Officer must determine whether legacy firmware meets their organization’s compliance andcertification requirements.When newer firmware is being loaded, the Crypto Officer must verify the presence of an ECDSAsignature for the junos and junos-boot portions of the image by running:% tar ztf firmware image .tgz grep esigThe Crypto Officer must verify the output show presence of an esig file for both the junos and junosboot portions of the image. For example:% tar ztf junos-srxsme-12.1X46-D40.4-fips.tgz grep ight Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 15 of 35
junos-srxsme-12.1X46-D40.4-fips.esigIf the two esig files are not present, the Crypto Officer must not install the image.If the two esig files are present or the Crypto Officer is installing a legacy image, installation maycontinue using the following command:co@fips-srx request system software add [no-validate] [no-copy] firmware image .tgz [reboot]The module will automatically verify that the image signature(s) are valid.1.4ZeroizationThe cryptographic module provides a non-Approved mode of operation in which non-approvedcryptographic algorithms are supported. When transitioning between the non-Approved mode ofoperation and the Approved mode of operation, the Cryptographic Officer must run the followingcommands to zeroize the Approved mode CSPs:co@fips-srx start shellco@fips-srx% rm –P keyfile keyfile - each persistent private or secret key other than the SSHhost keys and the X.509 keys for IKE.co@fips-srx% rm –P srx% exitco@fips-srx request system zeroizeNote: The Cryptographic Officer must retain control of the module while zeroization is in process.Copyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 16 of 35
2Cryptographic FunctionalityThe module implements the FIPS Approved and Non-Approved but Allowed cryptographic functionslisted in Tables 4 and 5 below. Table 6 summarizes the high level protocol algorithm support. Themodule does not implement algorithms that require vendor affirmation.Table 4 - Approved and CAVP Validated Cryptographic FunctionsImplementationReferenceModeIPsec Triple-DESSP 800-20TCBCEncrypt and decrypt112 (3-Key)IPsec AESFIPS 197SP 800-38ASP 800-38DCBCGCMEncrypt and decrypt128, 192, 256IPsec SHAFIPS 180-4Hash generation80 (SHA-1)128 (SHA-256)IPsec HMACFIPS 198-1HMAC Gen, Ver128 (HMAC-SHA-1)256 (HMAC-SHA256)IKE Triple-DESSP 800-20FIPS 197SP 800-38AIKE AESFunctionsTCBCEncrypt and ,2410,24112035CBCEncrypt and decrypt128, 192, 2563656IKE SHAFIPS 180-4Hash generationIKE HMACFIPS 198-1HMAC Gen, VerIKE KDFSP 800-135IKE v1/v2 KDFIKE ECDSAFIPS 186-4KeyGen, SigGen, SigVerIKE RSAFIPS 186-4SigGen, SigVerStrength80 (SHA-1)128 (SHA-256)192 (SHA-384)128 (HMAC-SHA-1)256 (HMAC-SHA256, HMAC-SHA384)112-256128 (P-256)192 (P-384)112 (2048 bit)Copyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without 1892,Page 17 of 35
IKE DSAFIPS 186-4SSH Triple-DESSP 800-20FIPS 197SP 800-38ASSH AESEncrypt and decrypt112 t and decrypt128, 192, 2563650KeyGenTCBCCBCCTRSSH SHAFIPS 180-4Hash generationSSH HMACFIPS 198-1HMAC Gen, VerSSH RSAFIPS 186-4KeyGen, SigVerSigVerSSH ECDSAFIPS 186-4KeyGen, SigGen, SigVerSSH DSAFIPS 186-4KeyGenDRBGSP 800-90ASSH KDFSP 800-135HMACRandom generationSSHv2 KDF112 (2048 bit)80 (SHA-1)128 (SHA-256)256 (SHA-512)128 (HMAC-SHA-1)256 (HMAC-SHA256, HMAC-SHA512)112 (2048 bit)128 (3072 bit)112 (P-224)128 (P-256)192 (P-384)112 (2048 bit)256 (HMAC-SHA256)112-256Copyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).3068240018857581022981660Page 18 of 35
Table 5 - Non-Approved but Allowed Cryptographic FunctionsAlgorithmNon-SP 800-56A CompliantDiffie-HellmanNon-SP 800-56A CompliantElliptic Curve Diffie-HellmanReference[IG] D.8 Diffie-Hellman (key agreement; key establishmentmethodology provides between 112 and 192 bits of encryptionstrength).[IG] D.8 EC Diffie-Hellman (key agreement; key establishmentmethodology provides 128 or 192 bits of encryption strength).NDRNG[IG] 7.11 Hardware Non-Deterministic RNG used to seed the FIPSApproved DRBG.HMAC-SHA-1-96[IG] A.8 Hash Message Authentication Code truncated to 96-bits.Allowed for use in FIPS mode.Table 6 - Protocols Allowed in FIPS ModeProtocolIKEv1/v2IPsec ESPSSHv2Key ExchangeOakley Group 14 (DH L 2048bit, N 224 bit)Oakley Group 19 (P-256)Oakley Group 20 (P-384)Oakley Group 24 (DH L 2048bit, N 224 bit)IKEv1 with optional: Oakley Group 14 (DH L 2048 bit , N 224 bit) Oakley Group 19 (P-256) Oakley Group 20 (P-384) Oakley Group 24 (DH L 2048 bit, N 224)IKEv2 with optional: Oakley Group 14 (DH L 2048 bit, N 224 bit) Oakley Group 19 (P-256) Oakley Group 20 (P-384) Oakley Group 24 (DH L 2048 bit, N 224 bit)Diffie-hellman-groupexchange-sha1 (L 2048 bit,3072 bit, 4096 bit, 6144 bit,7680 bit, or 8192 bit; N 256bit, 320 bit, 384 bit, 512 bit, or1024 bit)Diffie-hellman-groupexchange-sha2 (L 2048 bit,3072 bit, 4096 bit, 6144 bit,7680 bit, or 8192 bit; N 256bit, 320 bit, 384 bit, 512 bit, orAuthCipherRSA 2048Pre-SharedSecretECDSA P-256ECDSA P-3843 Key Triple-DESAES CBC128/192/256IKEv13 Key Triple-DESAES CBC128/192/256IKEv2ECDSA P-2563 Key Triple-DESAES CBC128/192/256AES GCM128/192/256 16octet ICV3 Key Triple-DESAES CBC128/192/256AES CTR128/192/256Copyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without -1HMAC-SHA256HMAC-SHA512Page 19 of 35
1024 bit)Diffie-hellman-group14-sha1 (L 2048 bit; N 256 bit, 320 bit,384 bit, 512 bit, or 1024 bit)ECDH-sha2-nistp256ECDH-sha2-nistp384These protocols have not been reviewed or tested by the CAVP and CMVP.The IKE and SSH algorithms allow independent selection of key exchange, authentication, cipher andintegrity. In Table 6 above, each column of options for a given protocol is independent, and may be usedin any viable combination. These security functions are available in the SSH connect (non-compliant)service.2.1Disallowed AlgorithmsThese algorithms are non-Approved algorithms that are disabled when the module is operated in anApproved mode of operation. ssh-dss (DSA SigGen, SigVer; non-compliant)dh-group1-sha1 (Diffie-Hellman (non-compliant key agreement; key establishment methodologyprovides less than 112 bits of encryption our128arcfour256blowfish-cbccast128-cbc 2.2Critical Security ParametersAll CSPs and public keys used by the module are described in this section.Table 7 - Critical Security Parameters (CSPs)NameDRBG SeedDRBG StateSSH PHKDescription and usageSeed material used to seed or reseed the DRBGV and Key values for the HMAC DRBGSSH Private host key. 1st time SSH is configured, the keys are generated. ECDSA P-256.Used to identify the host.Copyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 20 of 35
SSH E-DH-PRICO-PWUser-PWSSH Diffie-Hellman private component. Ephemeral Diffie-Hellman private key used in SSH.DH (N 256 bit, 320 bit, 384 bit, 512 bit, or 1024 bit 1), ECDH P-256, or ECDH P-384SSH Session Key; Session keys used with SSH. TDES (3key), AES, HMAC.IPSec ESP Session Keys. TDES (3 key), AES, HMAC.Pre-Shared Key used to authenticate IKE connections.IKE Private Key. RSA 2048, ECDSA P-256, or ECDSA P-384IKE SKEYID. IKE secret used to derive IKE and IPsec ESP session keys.IKE Session Keys. TDES (3 key), AES, HMAC.IKE Diffie-Hellman private component. Ephemeral Diffie-Hellman private key used in IKE.DH N 224 bit, ECDH P-256, or ECDH P-384ASCII Text used to authenticate the CO.ASCII Text used to authenticate the User.Table 8 - Public bAuth-COPubDescription and usageSSH Public Host Key used to identify the host. ECDSA P-256.Diffie-Hellman public component. Ephemeral Diffie-Hellman public key used in SSH keyestablishment. DH (L 2048 bit, 3072 bit, 4096 bit, 6144 bit, 7680 bit, or 8192 bit), ECDH P256, or ECDH P-384IKE Public Key RSA 2048, ECDSA P-256, or ECDSA P-384Diffie-Hellman public component. Ephemeral Diffie-Hellman public key used in IKE keyestablishment. DH L 2048 bit, ECDH P-256, or ECDH P-384User Authentication Public Keys. Used to authenticate users to the module. ECDSA P256 or P384CO Authentication Public Keys. Used to authenticate CO to the module. ECDSA P256 or P-384Root-CAJuniperRootCA. RSA 2048 X.509 Certificate; Used to verify the validity of the Juniper PackageCA at software load.RootEC CAJuniperRootEC CA. ECDSA P-256 X.509 Certificate; Used to verify the validity of the JuniperPackage CA at software load and also at runtime for integrity.Package-CAPackageCA. RSA 2048 X.509 Certificate; Used to verify the validity of legacy Juniper Images atsoftware load.PackageECCAPackageEC CA. ECDSA P-256 X.509 Certificate; Used to verify the validity the Juniper Image atsoftware load and also at runtime for integrity.1SSH generates a Diffie-Hellman private key that is 2x the bit length of the longest symmetric or MACkey negotiated.Copyright Juniper, 2016Version 1.1Juniper Networks Public Material – May be reproduced only in its original entirety (without revision).Page 21 of 35
3Roles, Authentication and Services3.1Roles and Authentication of Operators to RolesThe module supports two roles: Cryptographic Officer (CO) and User. The module supports concurrentoperators, b
Juniper Networks Public Material - May be reproduced only in its original entirety (without revision). Juniper Networks SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, and SRX650 Services Gateways . Non-Proprietary FIPS 140-2 Cryptographic Module Security Policy . Version: 1.1 . Date: July 26, 2016 . Juniper Networks, Inc. 1133 Innovation Way
