| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 8/28/2029 |
| Entropy | ENT (NP) |
| Caveat | When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy |
| Vendor | Palo Alto Networks, Inc. |
| Hardware versions | 910-000097 with FIPS Kit 920-000145, 910-000270 with FIPS Kit 920-000318 |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A2906 |
| AES-CFB128 | A2906 |
| AES-CTR | A2906 |
| AES-GCM | A2906 |
| Conditioning Component AES-CBC-MAC SP800-90B | A2518 |
| Counter DRBG | A2906 |
| ECDSA KeyGen (FIPS186-4) | A2906 |
| ECDSA KeyVer (FIPS186-4) | A2906 |
| ECDSA SigGen (FIPS186-4) | A2906 |
| ECDSA SigVer (FIPS186-4) | A2906 |
| HMAC-SHA-1 | A2906 |
| HMAC-SHA2-224 | A2906 |
| HMAC-SHA2-256 | A2906 |
| HMAC-SHA2-384 | A2906 |
| HMAC-SHA2-512 | A2906 |
| KAS-ECC-SSC Sp800-56Ar3 | A2906 |
| KAS-FFC-SSC Sp800-56Ar3 | A2906 |
| KDF IKEv2 | A2906 |
| KDF SNMP | A2906 |
| KDF SSH | A2906 |
| KDF TLS | A2906 |
| RSA KeyGen (FIPS186-4) | A2906 |
| RSA SigGen (FIPS186-4) | A2906 |
| RSA SigVer (FIPS186-4) | A2906 |
| Safe Primes Key Generation | A2906 |
| Safe Primes Key Verification | A2906 |
| SHA-1 | A2906 |
| SHA2-224 | A2906 |
| SHA2-256 | A2906 |
| SHA2-384 | A2906 |
| SHA2-512 | A2906 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 2 |
| Roles, Services, and Authentication | 3 |
| Software/Firmware Security | 2 |
| Operational Environment | N/A |
| Physical Security | 2 |
| Non-Invasive Security | N/A |
| Sensitive Security Parameter Management | 2 |
| Self-Tests | 2 |
| Life-Cycle Assurance | 3 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Wildfire 10.2 WF-500 and WF-500-B
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>10.2.3-h1</i>"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Update<br/>RSA SigVer (FIPS 186-4)</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Zeroize<br/>Self-Tests<br/>Show Status</i>"]
C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>RJ45 Ethernet</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C4 --> I4 --> R4 --> E4
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C4,C5,C6 clue;
class I1,I2,I3,I4,I5,I6 infer;
class R1,R2,R3,R4,R5,R6 risk;
class E1,E2,E3,E4,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Wildfire 10.2 WF-500 and WF-500-B
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>10.2.3-h1</i><br/>src: certificate.firmwareVersions"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Update<br/>RSA SigVer (FIPS 186-4)</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Zeroize<br/>Self-Tests<br/>Show Status</i><br/>src: securityPolicy.services"]
C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>RJ45 Ethernet</i><br/>src: securityPolicy.portsAndInterfaces"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1,C2,C3,C4 clueHigh;
class C5,C6 clueLow;WildFire 10.2 WF-500 and WF-500-B Version: 1.3 Revision Date: February 13, 2025 Palo Alto Networks, Inc. www.paloaltonetworks.com © 2025 Palo Alto Networks, Inc. Palo Alto Networks, Inc. is a registered trademark of Palo Alto Networks, Inc. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies.
| # | Section | Page |
|---|---|---|
| 1 | General | 2 |
| 2 | Cryptographic Module Specification | 3 |
| 3 | Cryptographic Module Interfaces | 9 |
| 4 | Roles, Services, and Authentication | 10 |
| 5 | Software/Firmware Security | 17 |
| 6 | Operational Environment | 17 |
| 7 | Physical Security | 18 |
| 8 | Non-Invasive Security | 29 |
| 9 | Sensitive Security Parameters | 29 |
| 10 | Self-Tests | 33 |
| 11 | Life Cycle Assurance | 34 |
| 12 | Mitigation of Other Attacks | 35 |
| 13 | Definitions and Acronyms | 35 |
| 1 | General | 2 |
| 2 | Cryptographic Module Specification | 2 |
| 3 | Cryptographic Module Interfaces | 2 |
| 4 | Roles, Services, and Authentication | 3 |
| 5 | Software/Firmware Security | 2 |
| 7 | Physical Security | 2 |
| 9 | Sensitive Security Parameter Management | 2 |
| 10 | Self-Tests | 2 |
| 11 | Life-Cycle Assurance | 3 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 2 |
| 2 | 2 | Cryptographic Module Specification | 2 |
| 3 | 3 | Cryptographic Module Interfaces | 2 |
| 4 | 4 | Roles, Services, and Authentication | 3 |
| 5 | 5 | Software/Firmware Security | 2 |
| 6 | 6 | Operational Environment | N/A |
| 7 | 7 | Physical Security | 2 |
| 8 | 8 | Non-Invasive Security | N/A |
| 9 | 9 | Sensitive Security Parameter Management | 2 |
| 10 | 10 | Self-Tests | 2 |
| 11 | 11 | Life-Cycle Assurance | 3 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
| Overall Level | Overall Level | 2 |
1. The Wildfire 10.2 WF-500 and WF-500-B from Palo Alto Networks Inc., hereafter referred to as “Wildfire” or the “cryptographic module” is a multi-chip standalone cryptographic module designed to fulfill FIPS 140-3 level 2 requirements. The WildFire 10.2 WF-500 and WF-500-B module identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks. Unknown files are analyzed by WildFire (WF) in a scalable sandbox environment where new threats are identified, and protections are automatically developed and delivered in the form of an update. The result is a unique, closed loop approach to controlling cyber threats that begins with positive security controls to reduce the attack surface, inspection of all traffic, ports, and protocols to block all known threats, and rapid detection of unknown threats by observing their actual behavior. Table 1- Security Levels N/A N/A N/A © 2025 Palo Alto Networks, Inc. Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 2
| Name | Model | Hardware Version | Firmware Version | Features |
|---|---|---|---|---|
| WF-500 | WF-500 | 910-000097 Physical Kit: 920-000145 | 10.2.3-h1 | RJ45 interfaces, USB ports, LEDs |
| WF-500-B | WF-500-B | 910-000270 Physical Kit: 920-000318 | 10.2.3-h1 | RJ45 interfaces, USB ports, LEDs, SFP+ ports |
2. Cryptographic Module Specification The Palo Alto Networks, Inc. WF-500-B is a multi-chip standalone module. The cryptographic boundary includes all firmware components contained within the physical enclosure of the module. Figures below provide images of the module with the physical kit’s opacity shields in place. See the Physical Security section for details regarding the module’s physical security mechanisms. Table 2 - Cryptographic Module Tested Configuration Approved Mode of Operation The following section details the procedure necessary to place the module into the Approved mode of operation.
| Name | CAVP Cert | Mode Method | Key Size | Use Function | |
|---|---|---|---|---|---|
| Conditioning Component AES-CBC-MAC SP 800-90B | A2518 | AES-CBC-MAC | 128 bits | Vetted conditioning | |
| AES-CBC [SP 800-38A] | A2906 | CBC | 128, 192 and 256 bits | Encryption Decryption | |
| AES-CFB128 [SP 800-38A] | A2906 | CFB128 | 128 bits | Encryption Decryption | |
| AES-CTR [SP 800-38A] | A2906 | CTR | 128, 192 and 256 bits | Encryption Decryption | |
| AES-GCM [SP 800-38D] | A2906 | GCM** | 128 and 256 bits | Encryption Decryption | |
| Counter DRBG [SP 800-90Arev1] | A2906 | CTR DRBG | AES 256 bits with Derivation Function Enabled | Random Bit Generator | |
| ECDSA KeyGen (FIPS 186-4) | A2906 | ECDSA KeyGen | P-256, P-384, P-521 | Key Generation | |
| ECDSA KeyVer | A2906 | ECDSA KeyVer | P-256, P-384, P-521 | Public Key Validation |
Non-Compliant State Failure to follow the directions in the Approved Mode of Operation above and Section 11 will result in the module operating in a non-compliant state. Zeroization To initiate the zeroization service, perform the following steps:
| Name | CAVP Cert | Key Size | Use Function | |
|---|---|---|---|---|
| ECDSA SigGen | A2906 | P-256, P-384, P-521 with SHA2-224, SHA2-256, SHA2-384, and SHA2-512 | Signature Generation | ECDSA SigGen (FIPS 186-4) |
| ECDSA SigVer | A2906 | P-256, P-384, P-521 with SHA-1, SHA2-224, SHA2-256, SHA2-384, and SHA2-512 | Signature Verification | ECDSA SigVer (FIPS 186-4) |
| HMAC | A2906 | HMAC-SHA-1 with λ= 160 | Authentication for protocols | HMAC-SHA-1 [FIPS 198-1] |
| HMAC | A2906 | HMAC-SHA2-224 with λ=224 | Authentication for protocols | HMAC-SHA2-224 [FIPS 198-1] |
| HMAC | A2906 | HMAC-SHA2-256 with λ=256 | Authentication for protocols | HMAC-SHA2-256 [FIPS 198-1] |
| HMAC | A2906 | HMAC-SHA2-384 with λ=384 | Authentication for protocols | HMAC-SHA2-384 [FIPS 198-1] |
| HMAC | A2906 | HMAC-SHA2-512 with λ=512 | Authentication for protocols | HMAC-SHA2-512 [FIPS 198-1] |
| KAS | A2906 | Ephemeral Unified Model: P-256/P-384/P-521 | Key Exchange | KAS-ECC-SSC (SP 800-56Ar3) |
| KAS | A2906 | dhEphem: MODP-2048 | Key Exchange | KAS-FFC-SSC (SP 800-56Ar3) |
| IKEv2 KDF | A2906 | SHA2-256, SHA2-384, SHA2-512 | IKEv2 | KDF IKEv2 [SP 800-135rev1] (CVL) |
| SNMPv3 KDF | A2906 | Engine ID: 80001F88043030303030 343935323630 | SNMPv3 | KDF SNMP [SP 800-135rev1] (CVL) |
| SSHv2 KDF | A2906 | SHA-1, SHA2-256, SHA2-512 | SSH | KDF SSH [SP 800-135rev1] (CVL) |
| TLS1.2 KDF | A2906 | TLS v1.2 Hash Algorithm: SHA2-256, SHA2-384 | TLS | KDF TLS [SP 800-135rev1] (CVL) |
| RSA KeyGen (FIPS 186-4) | A2906 | 2048, 3072, and 4096 bits | Key Pair Generation | RSA KeyGen (FIPS 186-4) |
| RSA SigGen (FIPS 186-4) | A2906 | (ANSI X9.31, RSASSA-PKCS1_v1-5, RSASSA-PSS): 2048, 3072, and 4096-bit with hashes SHA2-256/384/512 | Signature Generation | RSA SigGen (FIPS 186-4) |
| RSA SigVer (FIPS 186-4) | A2906 | (ANSI X9.31, RSASSA-PKCS1_v1-5, RSASSA-PSS): 2048, 3072, 4096-bit (per IG C.F) with hashes SHA-1 and SHA2-224+++/256/384/5 12 (Signature Verification) +++ This Hash algorithm is not supported for ANSI X9.31 | Signature Verification | RSA SigVer (FIPS 186-4) |
| SHA | A2906 | SHA-1 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) | SHA-1 [FIPS 180-4] |
| SHA2 | A2906 | SHA-224 | Digital Signature Generation/Verification | SHA2-224 [FIPS 180-4] |
| SHA2 | A2906 | SHA-256 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) | SHA2-256 [FIPS 180-4] |
| SHA2 | A2906 | SHA-384 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) | SHA2-384 [FIPS 180-4] |
| SHA2 | A2906 | SHA-512 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) | SHA2-512 [FIPS 180-4] |
| Safe Primes Key Generation | A2906 | MODP-2048 | Safe Primes Key Generation | Safe Primes Key Generation [RFC 3526] |
| Safe Primes Key Verification | A2906 | MODP-2048 | Safe Primes Key Verification | Safe Primes Key Verification [RFC 3526] |
| SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | AES Cert. # A2906 and HMAC Cert. # A2906 | 128, 192, and 256-bit keys providing 128, 192, or 256 bits of encryption strength | Key Wrapping | KTS [SP 800-38F] |
| SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | AES-GCM Cert. # A2906 | 128 and 256-bit keys providing 128 or 256 bits of encryption strength | Key Wrapping | KTS [SP 800-38F] |
| ESV | ESV Cert. #E64 | Palo Alto Networks DRNG Entropy Source | Entropy | SP 800-90B |
| ESV | ESV Cert. #E130 | Palo Alto Networks DRNG Entropy Source | Entropy | SP 800-90B |
| SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | KAS-ECC-SSC Cert. #A2906, KDF IKEv2 Cert. #A2906 | P-256, P-384 curves providing 128 or 192 bits of encryption strength | Key Exchange with protocol KDF | KAS [SP 800-56Arev3] |
| SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | KAS-ECC-SSC Cert. #A2906, KDF SSH Cert. #A2906 | P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strength | Key Exchange with protocol KDF | KAS [SP 800-56Arev3] |
| SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | KAS-ECC-SSC Cert. #A2906, KDF TLS Cert. #A2906 | P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strength | Key Exchange with protocol KDF | KAS [SP 800-56Arev3] |
| SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2). | KAS-FFC-SSC Cert. #A2906, KDF IKEv2 Cert. #A2906 | 2048-bit key providing 112 bits of encryption strength | Key Exchange with protocol KDF | KAS [SP 800-56Arev3] |
| SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2). | KAS-FFC-SSC Cert. #A2906, KDF SSH Cert. #A2906 | 2048-bit key providing 112 bits of encryption strength | Key Exchange with protocol KDF | KAS [SP 800-56Arev3] |
| SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2). | KAS-FFC-SSC Cert. #A2906, KDF TLS Cert. #A2906 | 2048-bit key providing 112 bits of encryption strength | Key Exchange with protocol KDF | KAS [SP 800-56Arev3] |
| Section 5.1, Section 5.2 | Vendor Affirmed | Cryptographic Key Generation; SP 800- | Key Generation | CKG (SP 800-133rev2) |
© 2025 Palo Alto Networks, Inc. Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 5
(2). (2). (2). (2). (2). (2). Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 6
seeds). Note: The seeds used for asymmetric key pair generation are produced using the unmodified/direct output of the DRBG *The module is compliant to IG C.H: GCM is used in the context of TLS, IPsec/IKEv2, and SSH:
Table 4 - Supported Protocols in the Approved Mode Supported Protocols* TLS 1.2 SSHv2 SNMPv3 IPsec and IKEv2 *Note: These protocols have not been tested or reviewed by the CMVP or the CAVP. Module Diagrams Figures 1 - 4 depict the modules and their interfaces. Please refer to the appendix for depictions of the module with the physical kit installed. Figure 1 - WF-500 Front Figure 2 - WF-500 Rear © 2025 Palo Alto Networks, Inc. Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 8
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| LED | LED | Status output | Module status via LED indicators |
| Console | Console | Status output | Self-test output |
| Power | Power | Power | N/A |
| RJ45 Ethernet | RJ45 Ethernet | Data input, control input, data output, status output | TLS, IPSec, or SSH |
| SFP+ (WF-500-B) | SFP+ (WF-500-B) | Data input, control input, data output, status output | TLS |
Figure 3 - WF-500-B Front Figure 4 - WF-500-B Rear 3. Cryptographic Module Interfaces The module is a multi-chip standalone with ports and interfaces as shown below. The module does not implement a control Table 5 - Ports and Interfaces N/A Note: USB and IPMI ports are present but not used (i.e. disabled). © 2025 Palo Alto Networks, Inc. Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 9
| Name | Roles | Input | Output |
|---|---|---|---|
| Show Version | CO | Query module for version | Module provides version |
| System Operational Management | CO | Configuring and managing networking parameter configuration, logging configuration, and other non-security relevant configuration via CLI | Confirmation of service via Configuration Logs |
| System Configuration Management | CO | Configuring and managing cryptographic parameters and setting/modifying security policy, including creating User accounts and additional CO accounts via CLI | Confirmation of service via Configuration Logs |
| Data Analysis Management | CO | Configure data submission, analysis and reporting functions via CLI | Confirmation of service via Configuration Logs |
| Check Status | CO | Query status of the module via CLI | Module status information via CLI or System Logs |
| Firmware Update | CO | Loading new image | System log noting version updated successfully |
| System Audit | User | View the System Logs via CLI | System Logs |
| IKE/IPsec configuration | Peer-to-Peer VPN | Initialize VPN connection | Confirmation of service via System Logs |
| Zeroize | Unauthenticated | Initialize factory reset via Maintenance Mode | Confirmation of zeroization via console output |
| Self-Tests | Unauthenticated | Power removal | Confirmation of self-test output/logs |
| Show Status | Unauthenticated | N/A | LEDs |
4. Roles, Services, and Authentication Services When initialized into the Approved mode of operation, all authenticated services are accessed via SSH or TLS sessions. Approved and allowed algorithms, relevant CSPs and public keys related to these protocols are accessed to support the following services. CSP access by services is further described in the following tables. The Crypto-Officer may access all services and has the ability to define multiple Crypto-Officer roles. The User role provides establishment of VPN connections between several WF-500 and WF-500-B modules. Table 6
| Name | Use Function | |
|---|---|---|
| Authentication Strength | Authentication Method | Role |
| Password-based Minimum length is eight (8) characters1 (95 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(958) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(958), which is less than 1/100,000. The module’s configuration supports at most ten failed attempts to authenticate in a one-minute period. Certificate/Public key-based The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521. The minimum equivalent strength supported is 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 6,000/(2112), which is less than 1/100,000. The module supports at most 100 new sessions per second to authenticate in a one-minute period. | Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authentication | Crypto-Officer (CO) |
| User | Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authentication | User |
| Certificate/Public key-based The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521. | Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authentication | Peer-to-peer VPN |
Assumption of Roles The module supports distinct operator roles. The cryptographic module enforces the separation of roles using unique authentication credentials associated with operator accounts. The module supports concurrent operators with identity-based authentication. The module does not provide a maintenance role or bypass capability. Table 7
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | |
|---|---|---|---|---|---|---|---|
| Show Version | Query the module to display the version | CO | N/A | N/A | N/A | Version displayed via System Logs / CLI | |
| System Operational Management | Perform system management functions including firmware updates, licensing, diagnostics and debug functions. | CO | RSA Private Keys | CKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4) | G/W/E | System Logs | |
| CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | CO | ECDSA Private Keys | CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | G/W/E | System Logs | ||
| KAS | CO | TLS Pre-Master Secret | KAS | G/E/Z | System Logs | KDF TLS | |
| KDF TLS | CO | TLS Master Secret | G/E/Z | System Logs | KDF TLS | ||
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | CO | TLS DHE/ECDHE Private Components | G/E/Z | System Logs | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | ||
| TLS DHE/ECDHE Public Components | CO | TLS DHE/ECDHE Public Components | G/E/R/W/Z | System Logs | |||
| KTS | CO | TLS HMAC Keys | KTS | G/E/Z | System Logs | HMAC-SHA2-256 HMAC-SHA2-384 | |
| AES-CBC | CO | TLS Encryption Keys | G/E/Z | System Logs | AES-CBC | ||
| KTS | KTS | AES-GCM | |||||
| KAS | CO | SSH DHE/ECDHE Private Components | KAS | G/E/Z | System Logs | KDF SSH (CVL) | |
| KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification | SSH DHE/ECDHE Public Components | G/E/R/W/Z | System Logs | KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification | |||
| KTS | CO | SSH Session Authentication Keys | KTS | G/E/Z | System Logs | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 | |
| AES-CBC, AES-CTR | CO | SSH Session Encryption Keys | G/E/Z | System Logs | AES-CBC, AES-CTR | ||
| KTS | KTS | AES-GCM | |||||
| N/A | CO | CO, User Password | N/A | G/E/W | System Logs | ||
| Counter DRBG, ESV | CO | DRBG Seed | Counter DRBG, ESV | G/E | System Logs | ||
| KAS | CO | IPSec/IKE DHE/ECDHE Public Components | KAS | G/E/Z | System Logs | KDF IKEv2 (CVL) | |
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | CO | IPSec/IKE DHE/ECDHE Private Components | G/E/Z | System Logs | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | ||
| KTS | CO | IPSec/IKE Authentication Keys | KTS | G/E/Z | System Logs | HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | |
| AES-CBC | IPSec/IKE Session Keys | AES-CBC | |||||
| KTS | CO | IPSec/IKE Session Keys | KTS | G/E/Z | System Logs | AES-GCM | |
| N/A | CO | RADIUS Secret | N/A | W/E | System Logs | ||
| RSA SigVer (FIPS 186-4) | CO | RSA Public Keys | RSA SigVer (FIPS 186-4) | G/R/E/W | System Logs | ||
| ECDSA SigVer (FIPS 186-4) | CO | ECDSA Public Keys | ECDSA SigVer (FIPS 186-4) | G/R/E/W | System Logs | ||
| RSA SigVer (FIPS 186-4) | CO | SSH Client RSA Public Key | RSA SigVer (FIPS 186-4) | W/E | System Logs | ||
| RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | CO | SSH Host Public Key | RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | G/R/E/W | System Logs | ||
| HMAC-SHA2-256, ECDSA SigVer (FIPS 186-4) | CO | Firmware Integrity Verification Key | HMAC-SHA2-256, ECDSA SigVer (FIPS 186-4) | E | System Logs | ||
| RSA SigVer (FIPS 186-4) | CO | Public Key for Firmware Load Test | RSA SigVer (FIPS 186-4) | W/E | System Logs | ||
| System Configuration Management | Presents configuration options for management interfaces and communication for peer services. Import, Export, Save, Load, revert and validate configurations and state. Define access control methods via admin role profiles, configure | CO | RSA Private Keys | CKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4) | G/W/E | System Logs | |
| CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | CO | ECDSA Private Keys | CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | G/W/E | System Logs | ||
| KAS | CO | TLS Pre-Master Secret | KAS | G/E/Z | System Logs | KDF TLS | |
| KDF TLS | CO | TLS Master Secret | G/E/Z | System Logs | KDF TLS | ||
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | CO | TLS DHE/ECDHE Private Components | G/E/Z | System Logs | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | ||
| TLS DHE/ECDHE Public Components | CO | TLS DHE/ECDHE Public Components | G/E/R/W/Z | System Logs | |||
| administrators/use rs, and password profiles. Configure operators and authentication profiles. | administrators/use rs, and password profiles. Configure operators and authentication profiles. | CO | SSH DHE/ECDHE Private Components | KAS | G/E/Z | System Logs | KDF SSH (CVL) |
| KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification | SSH DHE/ECDHE Public Components | G/E/R/W/Z | System Logs | KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification | |||
| KTS | CO | SSH Session Authentication Keys | KTS | G/E/Z | System Logs | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 | |
| AES-CBC, AES-CTR | CO | SSH Session Encryption Keys | G/E/Z | System Logs | AES-CBC, AES-CTR | ||
| KTS | KTS | AES-GCM | |||||
| N/A | CO | CO, User Password | N/A | G/E/W | System Logs | ||
| Counter DRBG, ESV | CO | DRBG Seed | Counter DRBG, ESV | G/E | System Logs | ||
| KDF SNMP (CVL) | CO | SNMPv3 Authentication Secret | KDF SNMP (CVL) | W/E | System Logs | ||
| KDF SNMP (CVL) | CO | SNMPv3 Privacy Secret | KDF SNMP (CVL) | W/E | System Logs | ||
| HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | CO | Authentication Key | HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | G/E/Z | System Logs | ||
| AES-CFB128 | CO | Session Key | AES-CFB128 | G/E/Z | System Logs | ||
| KAS | CO | IPSec/IKE DHE/ECDHE Public Components | KAS | G/E/Z | System Logs | KDF IKEv2 (CVL) | |
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | CO | IPSec/IKE DHE/ECDHE Private Components | G/E/Z | System Logs | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | ||
| KTS | CO | IPSec/IKE Authentication Keys | KTS | G/E/Z | System Logs | HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | |
| AES-CBC | IPSec/IKE Session Keys | AES-CBC | |||||
| KTS | CO | IPSec/IKE Session Keys | KTS | G/E/Z | System Logs | AES-GCM | |
| N/A | CO | RADIUS Secret | N/A | W/E | System Logs | ||
| RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | CO | SSH Host Public Key | RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | G/R/E/W | System Logs | ||
| HMAC-SHA2-256, ECDSA SigVer (FIPS 186-4) | CO | Firmware Integrity Verification Key | HMAC-SHA2-256, ECDSA SigVer (FIPS 186-4) | E | System Logs | ||
| Data Analysis Management | Configure data submission, analysis and reporting functions. | CO | RSA Private Keys | CKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4) | G/W/E | System Logs | |
| CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | CO | ECDSA Private Keys | CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | G/W/E | System Logs | ||
| KAS | CO | TLS Pre-Master Secret | KAS | G/E/Z | System Logs | KDF TLS | |
| KDF TLS | CO | TLS Master Secret | G/E/Z | System Logs | KDF TLS | ||
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe | CO | TLS DHE/ECDHE Private Components | G/E/Z | System Logs | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe | ||
| TLS DHE/ECDHE Public Components | CO | TLS DHE/ECDHE Public Components | G/E/R/W/Z | System Logs | |||
| KTS | CO | TLS HMAC Keys | KTS | G/E/Z | System Logs | HMAC-SHA2-256 HMAC-SHA2-384 | |
| AES-CBC | CO | TLS Encryption Keys | G/E/Z | System Logs | AES-CBC | ||
| KTS | KTS | AES-GCM | |||||
| KAS | CO | SSH DHE/ECDHE Private Components | KAS | G/E/Z | System Logs | KDF SSH (CVL) | |
| KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification | SSH DHE/ECDHE Public Components | G/E/R/W/Z | System Logs | KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification | |||
| KTS | CO | SSH Session Authentication Keys | KTS | G/E/Z | System Logs | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 | |
| AES-CBC, AES-CTR | CO | SSH Session Encryption Keys | G/E/Z | System Logs | AES-CBC, AES-CTR | ||
| KTS | KTS | AES-GCM | |||||
| N/A | CO | CO, User Password | N/A | G/E/W | System Logs | ||
| Counter DRBG, ESV | CO | DRBG Seed | Counter DRBG, ESV | G/E | System Logs | ||
| Check Status | Review system, configuration, debug logs, and show configurations. | CO | RSA Private Keys | CKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4) | G/W/E | System Logs | |
| CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | CO | ECDSA Private Keys | CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | G/W/E | System Logs | ||
| KAS | CO | SSH DHE/ECDHE Private Components | KAS | G/E/Z | System Logs | KDF SSH (CVL) | |
| KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification | SSH DHE/ECDHE Public Components | G/E/R/W/Z | System Logs | KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification | |||
| KTS | CO | SSH Session Authentication Keys | KTS | G/E/Z | System Logs | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 | |
| AES-CBC, AES-CTR | CO | SSH Session Encryption Keys | G/E/Z | System Logs | AES-CBC, AES-CTR | ||
| KTS | KTS | AES-GCM | |||||
| N/A | CO | CO, User Password | N/A | G/E/W | System Logs | ||
| Counter DRBG, ESV | CO | DRBG Seed | Counter DRBG, ESV | G/E | System Logs | ||
| KDF SNMP (CVL) | CO | SNMPv3 Authentication Secret | KDF SNMP (CVL) | W/E | System Logs | ||
| KDF SNMP (CVL) | CO | SNMPv3 Privacy Secret | KDF SNMP (CVL) | W/E | System Logs | ||
| HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | CO | Authentication Key | HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | G/E/Z | System Logs | ||
| AES-CFB128 | CO | Session Key | AES-CFB128 | G/E/Z | System Logs | ||
| Firmware Update | Used to load/install new firmware | CO | Public Key for Firmware Load Test | RSA SigVer (FIPS 186-4) | W/E | System Logs | |
| System Audit | Allows review of limited configuration and system status via logs, dashboard and configuration screens. Provides no configuration commit capability. | CO | RSA Private Keys | CKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4) | G/W/E | System Logs | |
| CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | CO | ECDSA Private Keys | CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | G/W/E | System Logs | ||
| KAS | CO | SSH DHE/ECDHE Private Components | KAS | G/E/Z | System Logs | KDF SSH (CVL) | |
| KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification | SSH DHE/ECDHE Public Components | G/E/R/W/Z | System Logs | KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification | |||
| KTS | CO | SSH Session Authentication Keys | KTS | G/E/Z | System Logs | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 | |
| AES-CBC, AES-CTR | CO | SSH Session Encryption Keys | G/E/Z | System Logs | AES-CBC, AES-CTR | ||
| KTS | KTS | AES-GCM | |||||
| N/A | CO | CO, User Password | N/A | G/E/W | System Logs | ||
| Counter DRBG, ESV | CO | DRBG Seed | Counter DRBG, ESV | G/E | System Logs | ||
| IKE/IPsec Configuration | Configures IKE/IPsec setup for peer to peer VPN. | Peer to Peer VPN | RSA Private Keys | CKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4) | G/W/E | System Logs | |
| CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | Peer to Peer VPN | ECDSA Private Keys | CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | G/W/E | System Logs | ||
| Counter DRBG, ESV | Peer to Peer VPN | DRBG Seed | Counter DRBG, ESV | G/E | System Logs | ||
| KAS | Peer to Peer VPN | IPSec/IKE DHE/ECDHE Public Components | KAS | G/E/Z | System Logs | KDF IKEv2 | |
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | Peer to Peer VPN | IPSec/IKE DHE/ECDHE Private Components | G/E/Z | System Logs | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | ||
| KTS | Peer to Peer VPN | IPSec/IKE Authentication Keys | KTS | G/E/Z | System Logs | HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | |
| AES-CBC | IPSec/IKE Session Keys | AES-CBC | |||||
| KTS | Peer to Peer VPN | IPSec/IKE Session Keys | KTS | G/E/Z | System Logs | AES-GCM | |
| RSA SigVer (FIPS 186-4) | Peer to Peer VPN | RSA Public Keys CA Certificates | RSA SigVer (FIPS 186-4) | G/R/E/W | System Logs | ||
| ECDSA SigVer (FIPS 186-4) | Peer to Peer VPN | ECDSA Public Keys CA Certificates | ECDSA SigVer (FIPS 186-4) | G/R/E/W | System Logs |
The minimum equivalent strength supported is
will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 6,000/(2112), which is less than 1/100,000. The module supports at most 100 new sessions per second to authenticate in a one-minute period. The table below defines the relationship between access to SSPs and the different module services. The modes of access shown in the table are defined as: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. Table 8
G/E/R/W/Z G/E/Z G/E/Z G/E/W G/E G/E/Z G/E/Z G/E/Z G/E/Z N/A W/E G/R/E/W G/R/E/W W/E G/R/E/W E N/A W/E G/W/E G/W/E G/E/Z G/E/Z G/E/Z G/E/R/W/Z © 2025 Palo Alto Networks, Inc. Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 13
G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/W G/E N/A W/E W/E G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z N/A W/E G/R/E/W E G/W/E G/W/E G/E/Z G/E/Z G/E/Z G/E/R/W/Z © 2025 Palo Alto Networks, Inc. Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 14
G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/W G/E N/A G/W/E G/W/E G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/W G/E N/A W/E W/E G/E/Z G/E/Z W/E © 2025 Palo Alto Networks, Inc. Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 15
G/W/E G/W/E G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/W G/E N/A G/W/E G/W/E G/E G/E/Z G/E/Z G/E/Z G/E/Z G/R/E/W G/R/E/W © 2025 Palo Alto Networks, Inc. Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 16
| Name | Zeroization | Output | N/A | All Keys and SSPs | CO | Z |
|---|---|---|---|---|---|---|
| Run power up self-tests on demand by power cycling the module. | Self-Tests | System Logs | HMAC-SHA2-256, ECDSA SigVer (FIPS 186-4) | Firmware Integrity Verification Key | CO | E |
N/A N/A N/A Z E N/A Note: Configuration/System Logs for Approved services above will indicate FIPS-CC mode is enabled and that the service succeeded. 5. Software/Firmware Security ECDSA Cert. #A2906) during the Pre-Operational Self-Test. In addition, the module also conducts the firmware load test by using RSA 2048 with SHA-256 (Cert. #A2906) for the new validated firmware to be uploaded into the module. The pre-operational self-tests can be initiated by power cycling the module. When this is performed, the module automatically runs the cryptographic algorithm self-tests in addition to the pre-operational firmware integrity test. 6. Operational Environment The FIPS 140-3 Operational Environment requirements are not applicable because the module does not contain a modifiable operational environment. The operational environment is limited since the module includes a firmware load service to support necessary updates. New firmware versions within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any other firmware loaded into the module is out of the scope of this validation and requires a separate FIPS 140-3 validation. © 2025 Palo Alto Networks, Inc. Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 17
| Physical Security Mechanism | Recommended Frequency of Inspection/Test | Inspection/Test Guidance Details |
|---|---|---|
| Tamper-Evident Seals | 30 days | Verify integrity of tamper-evident seals in the locations specified in the appendix. |
| Front and Rear Opacity Shields | 30 days | Verify that the front and rear opacity shields have not been deformed from their original shape, thereby reducing their effectiveness. |
| Vent Overlays | 30 days | Verify that the vent overlays have not been removed or deformed. All edges should maintain strong adhesion characteristics. |
7. The multi-chip standalone module is production quality and contains standard passivation. Chip components are protected by an opaque enclosure. There are tamper-evident seals that are applied on the module by the Crypto-Officer, and any unused seals are to be controlled by the Crypto-Officer. The Crypto-Officer must ensure that the module surface is clean and dry before applying the seals. The seals prevent removal of the opaque enclosure without evidence, which should be inspected by the Crypto-Officer every 30 days for evidence of tampering. If the seals or opacity shields show evidence of tamper, the Crypto-Officer should assume that the module has been compromised and contact Customer Support. Note: For ordering information, see Table 2 for physical kit part numbers and version. Opacity shields are included in the physical kits. Operator Required Actions The following table provides information regarding the various physical security mechanisms, and their recommended Refer to the following sections for instructions on installation and placement of the tamper seals and opacity shields. Tamper-evident seals must be pressed firmly onto the adhering surfaces during installation, and once applied, the Crypto-Officer shall permit 24 hours of cure time for all tamper-evident seals. WF-500 Tamper Seal Installation (12 Seals) 1. Remove the two pull handles and front modules on the left and right side of the appliance by removing the three (3) screws located behind each handle/module. There is no need to disconnect the LED circuit board attached to the end of the ribbon cable. Retain these screws for Step 2. © 2025 Palo Alto Networks, Inc. Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 18
Figure 5 - Remove Front Handles and Modules
Figure 6 – Secure the Front Brackets Figure 7 - Attach Pull Handles and Front Modules
Figure 8
Figure 13 – Apply Tamper-Evident Seals on Vent Overlays and Side Opening
Figure 15
Remove the Void Warranty label that covers the left side cover screw then use a Phillips-head screwdriver to remove both screws as indicated in the illustration. b. Simultaneously depress the two (2) release buttons on top of the cover and slide the cover toward the back of the appliance to remove it. c. Slide the physical kit top cover (does not have vents) on the appliance until the release buttons click. Replace the two screws that you removed from the old cover Figure 17
2. Attach the physical kit front cover brackets. Remove the front pull handles by removing two (2) screws from each handle (one (1) handle on each side), insert the WF-500-B physical kit front-cover brackets under each handle, and then replace the handles and secure them using the screws that you removed. The physical kit handles have standoffs that are used to secure the front cover. Figure 18
Figure 19
Figure 20
| Name | Strength | Security Function | Generation | Establishment | Storage | Zeroization | Import Export | Key/SSP/Na me/Type |
|---|---|---|---|---|---|---|---|---|
| ECDSA/RSA Public key - Used to trust a root CA intermediate CA and leaf /end entity certificates (RSA 2048, 3072, and 4096 bits) (ECDSA P-256, P-384, and P-521) | 112 bits minimum | RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A2906 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | HDD – Zeroize Service RAM - Zeroize at session termination | TLS or SSH Session Key Encrypted | CA Certificates |
| RSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (RSA 2048, 3072, or 4096-bit) | 112 bits minimum | RSA SigVer (FIPS 186-4) Cert. #A2906 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | Zeroize Service | TLS or SSH Session Key Encrypted or Plaintext TLS handshake | RSA Public Keys |
| RSA Private keys for generation of signatures, authentication or key establishment. (RSA 2048, 3072, or 4096-bit) | 112 bits minimum | RSA SigGen (FIPS 186-4) Cert. #A2906 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | HDD – Zeroize Service RAM - Zeroize at session termination | TLS or SSH Session Key Encrypted | RSA Private Keys |
| ECDSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (ECDSA P-256, P-384, or P-521) | 128 bits minimum | ECDSA SigVer (FIPS 186-4) Cert. #A2906 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | Zeroize Service | TLS or SSH Session Key Encrypted or Plaintext TLS handshake | ECDSA Public Keys |
| ECDSA Private key for generation of signatures and authentication (P-256, P-384, or P-521) | 128 bits minimum | ECDSA SigGen (FIPS 186-4) Cert. #A2906 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | HDD – Zeroize Service RAM - Zeroize at session termination | TLS or SSH Session Key Encrypted | ECDSA Private Keys |
| Ephemeral Diffie-Hellman private FFC or EC component used in TLS (DHE 2048, ECDHE P-256, P-384, P-521) | 112 bits minimum | KAS-ECC-SS C KAS-FFC-SS C Cert. #A2906 | DRBG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Zeroize at session termination | N/A | TLS DHE/ECDHE Private Components |
| Diffie_Hellman or EC Diffie-Hellman Ephemeral values used in key agreement (DHE 2048, ECDHE P-256, P-384, P-521) | 112 bits minimum | KAS-ECC-SS C KAS-FFC-SS C Cert. #A2906 | DRBG, SP 800-56A Rev. 3 | N/A | N/A | Zeroize at session termination | Plaintext - TLS handshake | TLS DHE/ECDHE Public Components |
| Secret value used to derive the TLS Master Secret along with client and server random nonces | N/A | KDF TLS, Cert. #A2906 | KAS SP 800-56A Rev. 3 | N/A | RAM – plaintext | Zeroize at session termination | N/A | TLS Pre-Master Secret |
| Secret value used to derive the TLS session keys | N/A | KDF TLS Cert. #A2906 | KDF TLS | N/A | RAM – plaintext | Zeroize at session termination | N/A | TLS Master Secret |
| AES (128 or 256 bit) keys used in TLS connections (GCM; CBC) | 128 bits minimum | AES-CBC or AES-GCM Cert. #A2906 | KDF TLS | TLS, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | TLS Encryption Keys |
| HMAC keys used in TLS connections (SHA-256, 384) (256, 384 bits) | 256 bits minimum | HMAC-SHA 2-256 HMAC-SHA 2-384 Cert. #A2906 | KDF TLS | TLS, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | TLS HMAC Keys |
| Diffie Hellman or EC Diffie-Hellman private (DH Group 14, ECDH P-256, ECDH P-384, ECDH P-521) | 112 bits minimum | KAS-ECC-SS C KAS-FFC-SS C Cert. #A2906 | DRBG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Zeroize at session termination | N/A | SSH DHE/ECDHE Private Components |
| Diffie Hellman or EC Diffie-Hellman public component (DH Group 14, ECDH P-256, ECDH P-384, ECDH P-521) | 112 bits minimum | KAS-ECC-SS C KAS-FFC-SS C Cert. #A2906 | DRBG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Zeroize at session termination | Plaintext SSH handshake | SSH DHE/ECDHE Public Components |
| SSH Host Public Key (RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521) | 112 bits minimum | RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A2906 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | Zeroize Service | N/A | SSH Host Public Key |
| Public RSA key used to authenticate client. | 112 bits minimum | RSA SigVer (FIPS 186-4) | N/A | N/A | HDD/RAM – plaintext | Zeroize Service | Encrypted via SSH or TLS | SSH Client Public Key |
| (RSA 2048, 3072, and 4096 bits) | Cert. #A2906 | |||||||
| Used in all SSH connections to the security module’s command line interface. (128, 192, or 256 bits: CBC or CTR) (128 or 256 bits: GCM) | 128 bits minimum | AES-CBC, AES-CTR, or AES-GCM Cert. #A2906 | KDF SSH | SSH, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | SSH Session Encryption Keys |
| Authentication keys used in all SSH connections to the security module’s command line interface (HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-512) (160, 256, 512 bits) | 160 bits minimum | HMAC-SHA -1 HMAC-SHA 2-256 HMAC-SHA 2-512 Cert. #A2906 | KDF SSH | SSH, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | SSH Session Authenticati on Keys |
| Diffie-Hellman or EC Diffie-Hellman private component used in key establishment (DHE 2048, ECDHE P-256, P-384) | 112 bits minimum | KAS-ECC-SS C KAS-FFC-SS C Cert. #A2906 | DBRG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Power cycle | N/A | IPSec/IKE DHE/ECDHE Private Components |
| Diffie-Hellman or EC Diffie-Hellman public component used in key agreement (DHE 2048, ECDHE P-256, P-384) | 112 bits minimum | KAS-ECC-SS C KAS-FFC-SS C Cert. #A2906 | DRBG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Power cycle | N/A | IPSec/IKE DHE/ECDHE Public Components |
| Used to encrypt IKE/IPSec data. These are AES CBC or GCM (128 or 256 bits) | 128 bits minimum | AES-CBC, AES-GCM Cert. #A2906 | N/A | IPSec/IKE | RAM - plaintext | Zeroize at session termination | N/A | IPSec/IKE Session Keys |
| HMAC keys for authentication (HMAC-SHA-256/384/512) (key size 256, 384, 512 bits) | 160 bits minimum | HMAC-SHA -1 HMAC-SHA 2-256 HMAC-SHA 2-384 HMAC-SHA 2-512 Cert. #A2906 | N/A | IPSec/IKE | RAM - plaintext | Zeroize at session termination | N/A | IPSec/IKE Authenticati on Keys |
| Used to check the integrity of crypto-related code. (HMAC-SHA-256 and ECDSA P-256) (Note: This is not considered an SSP) | 128 bits | HMAC-SHA 2-256, ECDSA SigVer (FIPS 186-4) Cert. #A2906 | FIPS 186-4 | N/A | HDD - plaintext | N/A | N/A | Firmware Integrity Verification key |
| Used to authenticate firmware and content to be installed on the module (RSA 2048 with SHA-256) | 112 bits | RSA SigVer (FIPS 186-4) Cert. #A2906 | FIPS 186-4 | N/A | HDD - plaintext | N/A | N/A | Public key for Firmware Load Test |
| Authentication string with a minimum length of eight (8) characters. | N/A | SHA2-256 Cert. #A2906 | External | N/A | HDD - a password hash (SHA2-256) | Zeroize Service | Encrypted via SSH or TLS | CO, User Password |
| Secrets used by RADIUS or TACACS+ (8 characters minimum) | N/A | N/A | N/A | N/A | HDD/RAM – plaintext | Zeroize Service | Encrypted via SSH or TLS | Protocol Secrets |
| Entropy input string coming from the entropy source Input length = 384 bits | 256 bits (E64) 194 bits (E130) | CKG (vendor affirmed), Counter DRBG Cert. #A2906 | Entropy as per SP 800-90B | N/A | RAM - plaintext | Power cycle | N/A | Entropy Input String |
| DRBG seed coming from the entropy source | 256 bits (E64) | CKG (vendor | Entropy as per | N/A | RAM - Plaintext | Power cycle | N/A | DRBG Seed |
| Seed length = 384 bits | 194 bits (E130) | affirmed), Counter DRBG Cert. #A2906 | SP 800-90B | |||||
| AES 256 CTR DRBG state Key used in the generation of a random values | 256 bits | CKG (vendor affirmed), Counter DRBG Cert. #A2906 | Entropy as per SP 800-90B | N/A | RAM - plaintext | Power cycle | N/A | DRBG Key |
| AES 256 CTR DRBG state V used in the generation of a random values | 128 bits | CKG (vendor affirmed), Counter DRBG Cert. #A2906 | Entropy as per SP 800-90B | N/A | RAM - plaintext | Power cycle | N/A | DRBG V |
| Used to support SNMPv3 services (Minimum 8 characters) | N/A | KDF SNMP Cert. #A2906 | N/A | N/A | HDD/RAM – plaintext | Zeroize Service | TLS/SSH | SNMPv3 Authenticati on Secret |
| Used to support SNMPv3 services (Minimum 8 characters) | N/A | KDF SNMP Cert. #A2906 | N/A | N/A | HDD/RAM – plaintext | Zeroize Service | TLS/SSH | SNMPv3 Privacy Secret |
| HMAC–SHA-1/224/256/384 /512 Authentication protocol key (160 bits) | 160 bits minimum | HMAC-SHA -1 HMAC-SHA 2-224 HMAC-SHA 2-256 HMAC-SHA 2-384 HMAC-SHA 2-512 Cert. #A2906 | SNMPv3 KDF | N/A | HDD/RAM – plaintext | Zeroize Service | N/A | Authenticati on Key |
| Privacy protocol encryption key (AES-CFB128) | 128 bits minimum | AES-CFB12 8 Cert. #A2906 | SNMPv3 KDF | N/A | HDD/RAM - Plaintext | Zeroize Service | N/A | Session Key |
Figure 22
C C N/A C C N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A C C N/A N/A C C N/A N/A N/A N/A N/A © 2025 Palo Alto Networks, Inc. Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 30
-1 C C C C N/A N/A N/A N/A -1 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2025 Palo Alto Networks, Inc. Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 31
N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A -1 N/A N/A N/A N/A Table 13 - Non-Deterministic Random Number Generation Specification Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy Page 32
The module generates SSPs (e.g., keys) whose strengths are modified by available entropy 10. Self-Tests The cryptographic module automatically performs the following tests below. The operator can command the module to perform the pre-operational and cryptographic algorithm self-tests by cycling power of the module; these tests do not require any additional operator action. Pre-operational Self-Tests Pre-operational Firmware Integrity Test
| Cause of Error | Error State Indicator |
|---|---|
| Conditional Cryptographic Algorithm Self-Test or Software Integrity Test Failure | FIPS-CC mode failure. <Algorithm test> failed. |
| Conditional Pairwise Consistency or Critical Functions Test Failure | System log prints an error message. |
| Conditional Firmware Load Test Failure | System prints Invalid image message. |
● ECDSA/KAS-ECC Pairwise Consistency Test ● Firmware Load Test – Verify RSA 2048 with SHA-256 signature on firmware at time of load ● SP 800-56A Rev. 3 Assurance Tests (Based on Sections 5.5.2, 5.6.2, and 5.6.3) Error Handling In the event of a conditional test failure, the module will output a description of the error. These are summarized below. Table 14 - Errors and Indicators
13. Definitions and Acronyms AES