The entire Gen6 firewall product line is now UC APL certified and is thus eligible to purchase from Federal Department of Defense end users.  This creates a unique buying opportunity from partners to end users.

Department of Defense agencies may only procure UC APL certified products for their technology infrastructure. To be included on the UC APL, products must complete a rigorous 39-step process overseen by the Unified Capabilities Certification Office (UCCO).  In addition to FIPS & Common Criteria, UC APL requires:

  • User login and privilege history management and banner support
  • OPT password complexity enforcement
  • Indefinite user lockout and consecutive login failure control
  • Password life time management
  • IPv4/IPv6 loopback AO support in ACL
  • IPv4 all zero IP AO support in ACL
  • IPv4 Multicast source zone support in ACL
  • IPv6 unspecified address AO support in ACL
  • IPv6 multicast address AO support in ACL
  • IPv6 local linked address AO support in ACL
  • Log alert support for SonicWALL log buffer utilization
  • Subnet bcast source IP address detection and ACL support
  • ACL deny rule hit rate statistics support
  • TLS cipher suites compliance (DH1024 and GCM deprecated)
  • NTP client version 4 support in diagnostics mode
  • All FIPS / NDPP certification support
  • New FIPS 2K signing head support
  • Role-based administrator support
  • OpenSSL 1.0.1h support
  • TLS 1.1+ enforcement support
  • Web UI and E-CLI Login Banner compliance support
  • Two factor authentication (CAC) enhancement
  • LDAP TLS MSCHAPv2 support
  • MSCHAPv2 Radius authentication enforcement
  • IPv6 Hop-By-Hop Extension Header support
  • Firewall shall obscure display after administrator times out
  • ICMPv6 packet detection report and log support
  • IPv6 extension header detection report and log support
  • IPv6 extension header order check enforcement
  • IPv6 site-local address control to allow or disallow SLU
  • IPv6 inbound type 0 routing header packet check
  • IPv6 DDNS support
  • IPv6 Network Monitoring support
  • IPv6 UDP / ICMP Flood Protection support
  • OOBM (Out-Of-Band-Management) support
  • Certificate expiration notification
  • Client certificate cache control
  • Core Distribution Performance Enhancement
  • Half Open TCP connection control
  • ICMP Type and Code Filtering
  • FIA_PMG_EXT.1
  • FIA_UIA_EXT.1
  • FTA_TAB.1.1
  • FTP_ITC.1
  • FTP_ITC_1.2
  • FTP_ITC_1.3.
  • FCS_IPSEC_EXT.1.4
  • FCS_IPSEC_EXT.1.11
  • Enforcement check for valid certificate.
  • Prohibit self signed certificate
  • Enhance self-test to include DRBG, SHA256, SHA384, SHA512, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, IKEv2, TLS and SNMP