Module Name
PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls
Validation Dates
11/28/2016;01/11/2018;02/13/2018;02/21/2020
Caveat
When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications.
FIPS Algorithms
| AES |
Cert. #4020 |
| CVL |
Certs. #848, #849, #873 and #874 |
| DRBG |
Cert. #1198 |
| ECDSA |
Cert. #896 |
| HMAC |
Cert. #2622 |
| KAS |
SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed |
| KTS |
AES Cert. #4020; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
AES Cert. #4020 and HMAC Cert. #2622; key establishment methodology provides between 128 and 256 bits of encryption strength |
| RSA |
Cert. #2064 |
| SHS |
Cert. #3316 |
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B Rev. B with 910-000028-00B, 910-000117-00A, 910-000137-00A, 910-000136-00A [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6] and 920-000112-00A Rev. A [7]
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
