You are here

Fortinet Earns Common Criteria EAL 4+ Certification for FortiOS 3.0 Firmware

Certification Affirms that Fortinet Firmware Meets the Most Stringent International Standards Required by Government and Enterprise Customers

SUNNYVALE, Calif. - Dec. 4, 2008 - Fortinet® - the pioneer and leading provider of unified threat management (UTM) solutions - today announced the company's FortiOS™ 3.0 firmware received certification for Common Criteria Evaluation Assurance Level 4 Augmented (EAL 4+). This certification assures Fortinet's enterprise and government customers that FortiGate® systems have gone through a long and rigorous testing process and conform to IT security standards sanctioned by the International Standards Organization.

FortiOS 3.0 certification covers the FortiGate family of appliances' firewall, antivirus, intrusion protection and IPSec VPN functionalities and is relevant to customers worldwide. In addition to achieving Common Criteria EAL 4+ certification for FortiOS 3.0, Fortinet has also achieved this prestigious certification for its flagship family of FortiGate integrated security appliances.

"Common Criteria EAL 4+ is one of the most respected certifications in the industry and our achievements in this area show our continued commitment to providing enterprise and government customers with the security solutions that meet their stringent and specific requirements," said Michael Xie, founder and CTO of Fortinet. "We are very happy that our FortiOS 3.0 firmware, in addition to our previously-certified FortiGate solutions, has earned this prestigious and critical certification."

Common Criteria evaluations involve formal rigorous analysis and testing to examine security aspects of a product or system. Extensive testing activities involve a comprehensive and formally repeatable process, confirming that the security product functions as claimed by the manufacturer. Security weaknesses and potential vulnerabilities are specifically examined during an evaluation.

"The EAL 4+ certification demonstrates Fortinet's commitment to Common Criteria testing which benefits Fortinet's worldwide customers," said Erin Connor, director of the EWA-Canada Common Criteria Test Lab. "The Common Criteria certification of Fortinet's FortiOS 3.0 firmware technology is a significant accomplishment because Fortinet has met the rigorous EAL 4+ security standard for multiple FortiGate appliance functionalities."

The Common Criteria for IT Security Evaluations, also known as ISO standard 15408, was developed by the national security organizations of the United States, Canada, the United Kingdom, France, Germany and The Netherlands. It provides a broad range of evaluation criteria for many types of commercial and nationally-sensitive government-use IT security products. EAL 4+ is the highest mutually recognized certification level.

Fortinet's FortiGate systems are ASIC-accelerated network security platforms designed to deliver a broad suite of integrated security services in real-time including antivirus, firewall, VPN, intrusion detection/prevention, native content filtering, anti-spam and traffic shaping. The FortiGate family of systems spans the full range of network environments - including all-sized businesses from small offices to large enterprises, managed security service providers (MSSPs) and carriers -- and offers cost effective systems for a best in class suite of ICSA-certified applications.

FortiOS 3.0 is the latest version of Fortinet's firmware for its market-leading FortiGate integrated security appliances. FortiOS offers powerful features such as spyware and antivirus protections combined with intrusion detection/prevention (IDP) and stateful firewall capabilities to deliver broad network and content threat protection. The FortiOS 3.0 firmware also includes antivirus heuristic support to help prevent widespread zero-day attacks for previously unknown viruses, new anti-spam capabilities and enhanced Web content filtering through Fortinet's FortiGuard?Web Filtering Subscription Service.

About EWA-Canada (

EWA-Canada is a premier provider of advanced security services, having established itself as a vendor-neutral, independent centre of excellence in professional IT Security Services, Critical Infrastructure Protection, and testing of products in its IT Security Evaluation and Test Lab. EWA-Canada's solutions, experience and expertise are benefiting businesses in over 25 countries world-wide. EWA-Canada's Lab is recognized as a world leader for its comprehensive experience with Common Criteria (ISO/IEC 15408) evaluations, conformance testing to FIPS 140 and related cryptographic standards, Security Content Automation Protocol (SCAP) validation testing, and certification of point-of-sale devices and PIN Pads to Payment Card Industry and Interac?Association standards. EWA-Canada enables companies to efficiently and cost-effectively manage the evaluation and testing process and to ensure their products meet important certification requirements.

About Fortinet (

Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.

Copyright © 2008 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates, including, but not limited to, the following trademarks: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiDB, APSecure, and ABACAS. Other trademarks belong to their respective owners.

How to Buy

Purchase Fortinet Products

As one of Europe's leading mobile phone operators, we are constantly looking to improve and streamline IT management. We already have a successful partnership with both Exaprotect and Fortinet, and this partnership will help us to further enhance efficiency and give us even closer control of our security status.

Pierre Auguste
Chief Security Officer