SD-WAN

ICSA Labs Certifies VMware SD-WAN Edge Firewall Capabilities

We are pleased to announce that all VMware SD-WAN Edge series have received ICSA Labs Corporate Firewall Certification. You can download the full report here.

For more than 30 years, ICSA Labs, an independent division of Verizon, has provided certification testing to increase user and enterprise trust in information security products and solutions. ICSA Labs tested and certified the VMware SD-WAN Edge series family by analyzing key firewall aspects including logging, administration, persistence, documentation, security testing, and the product’s ability to remain stateful while properly enforcing a particular security policy.

VMware SD-WAN, together with cloud-delivered security services such as VMware Secure Access and VMware Cloud Web Security combine to form VMware SASE, a cloud-native architecture. More than 5,000 customers rely on VMware SASE to provide highly reliable WAN security. A core component of VMware SD-WAN, Edges are centrally managed, enterprise-grade appliances that secure the branch/home office perimeter while offering secure, optimized connectivity to applications and services on- or off-cloud.

“Following rigorous security testing at ICSA Labs, both the VMware SD-WAN Edge 620 and the VMware SD-WAN 3400 satisfied all of the firewall security testing requirements in both the ICSA Labs baseline firewall and ICSA Labs corporate firewall testing standards. As a result, both these models and the entire series of VMware SD-WAN Edges attained ICSA Labs Firewall Certification having met all of the testing requirements.” – ICSA Labs Firewall Certification Testing Report

The report cited several criteria where VMware SD-WAN Edges’ strength is in evidence:

Security policy enforcement: ICSA Labs performed port scans followed by additional scans and other tests to ensure that VMware SD-WAN Edges were configured according to the RSSP and that no other TCP, UDP, ICMP, or other IP protocol traffic was permitted to or through the firewall in either direction. Thus, VMware SD-WAN Edges met all the security policy transition requirements.

Logging: For all logged events, ICSA Labs verified that the appropriate, required log data was recorded by VMware SD-WAN Edges.

Administration: ICSA Labs remotely administered VMware SD-WAN Edge 620 and VMware SD-WAN Edge 3400 via the VMware SASE Orchestrator. Attempts to bypass the authentication mechanism for all means of administration were unsuccessful. Consequently, this confirmed the Edges’ ability to require and enforce proper authentication prior to permitting access to administrative functions.

Persistence: Following a forced power outage, Edge 620 and Edge 3400 continued to maintain their configurations, settings, and data. Similarly, each of the tested models continued to enforce the configured security policy following the outage. This proved the resiliency of the VMware SD-WAN Edges.

Documentation: ICSA Labs concluded that VMware’s documentation was adequate and accurate for the purposes of product installation and administration.

Functional and security testing: Throughout security testing, VMware SD-WAN Edges were not susceptible to attacks launched inbound and outbound to and through the products, including fragmentation and Denial-of-Service attacks. Additionally, while under attack, the Edges permitted legitimate traffic according to the security policy.

More about VMware SD-WAN Edges

SD-WAN Edges support zero-touch provisioning, deep application recognition, and performance assurance through Dynamic Multi-Path Optimization for fast and reliable branch access to the Internet and data centers. The built-in application-based, stateful firewall allows advanced traffic filtering and protects against network-based attacks.

Download the ICSA Labs Corporate Firewall Certification report today.

Learn more

  • For a closer look at VMware SD-WAN, check out the solution overview.
  • Want to take SD-WAN for a spin? Try the hands-on lab.
  • For a deeper dive into the VMware SD-WAN Edge series, read the data sheet.