All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Wildfire 10.2 WF-500 and WF-500-B

Certificate#4784StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorPalo Alto Networks, Inc.
Low review priority  ·  exposes firmware-update authentication  ·  last validated 16 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date8/28/2029
EntropyENT (NP)
CaveatWhen installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy
VendorPalo Alto Networks, Inc.
Hardware versions910-000097 with FIPS Kit 920-000145, 910-000270 with FIPS Kit 920-000318

Approved Algorithms (31)

AlgorithmACVP Cert
AES-CBCA2906
AES-CFB128A2906
AES-CTRA2906
AES-GCMA2906
Conditioning Component AES-CBC-MAC SP800-90BA2518
Counter DRBGA2906
ECDSA KeyGen (FIPS186-4)A2906
ECDSA KeyVer (FIPS186-4)A2906
ECDSA SigGen (FIPS186-4)A2906
ECDSA SigVer (FIPS186-4)A2906
HMAC-SHA-1A2906
HMAC-SHA2-224A2906
HMAC-SHA2-256A2906
HMAC-SHA2-384A2906
HMAC-SHA2-512A2906
KAS-ECC-SSC Sp800-56Ar3A2906
KAS-FFC-SSC Sp800-56Ar3A2906
KDF IKEv2A2906
KDF SNMPA2906
KDF SSHA2906
KDF TLSA2906
RSA KeyGen (FIPS186-4)A2906
RSA SigGen (FIPS186-4)A2906
RSA SigVer (FIPS186-4)A2906
Safe Primes Key GenerationA2906
Safe Primes Key VerificationA2906
SHA-1A2906
SHA2-224A2906
SHA2-256A2906
SHA2-384A2906
SHA2-512A2906

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces2
Roles, Services, and Authentication3
Software/Firmware Security2
Operational EnvironmentN/A
Physical Security2
Non-Invasive SecurityN/A
Sensitive Security Parameter Management2
Self-Tests2
Life-Cycle Assurance3
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Wildfire 10.2 WF-500 and WF-500-B
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>10.2.3-h1</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Update<br/>RSA SigVer (FIPS 186-4)</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Zeroize<br/>Self-Tests<br/>Show Status</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>RJ45 Ethernet</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C4,C5,C6 clue;
  class I1,I2,I3,I4,I5,I6 infer;
  class R1,R2,R3,R4,R5,R6 risk;
  class E1,E2,E3,E4,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Wildfire 10.2 WF-500 and WF-500-B
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>10.2.3-h1</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Update<br/>RSA SigVer (FIPS 186-4)</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Zeroize<br/>Self-Tests<br/>Show Status</i><br/>src: securityPolicy.services"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>RJ45 Ethernet</i><br/>src: securityPolicy.portsAndInterfaces"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3,C4 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

WildFire 10.2 WF-500 and WF-500-B ​ Version: 1.3 Revision Date: February 13, 2025 Palo Alto Networks, Inc.​ www.paloaltonetworks.com​ © 2025 Palo Alto Networks, Inc. Palo Alto Networks, Inc. is a registered trademark of Palo Alto Networks, Inc. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies.

Page 2
Table of Contents
#SectionPage
1General​2
2Cryptographic Module Specification​3
3Cryptographic Module Interfaces​9
4Roles, Services, and Authentication​10
5Software/Firmware Security​17
6Operational Environment​17
7Physical Security​18
8Non-Invasive Security​29
9Sensitive Security Parameters​29
10Self-Tests​33
11Life Cycle Assurance​34
12Mitigation of Other Attacks​35
13Definitions and Acronyms​35
1General2
2Cryptographic Module Specification2
3Cryptographic Module Interfaces2
4Roles, Services, and Authentication3
5Software/Firmware Security2
7Physical Security2
9Sensitive Security Parameter Management2
10Self-Tests2
11Life-Cycle Assurance3
Page 3
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic Module Specification2
33Cryptographic Module Interfaces2
44Roles, Services, and Authentication3
55Software/Firmware Security2
66Operational EnvironmentN/A
77Physical Security2
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management2
1010Self-Tests2
1111Life-Cycle Assurance3
1212Mitigation of Other AttacksN/A
Overall LevelOverall Level2

1.​ The Wildfire 10.2 WF-500 and WF-500-B from Palo Alto Networks Inc., hereafter referred to as “Wildfire” or the “cryptographic module” is a multi-chip standalone cryptographic module designed to fulfill FIPS 140-3 level 2 requirements. The WildFire 10.2 WF-500 and WF-500-B module identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks. Unknown files are analyzed by WildFire (WF) in a scalable sandbox environment where new threats are identified, and protections are automatically developed and delivered in the form of an update. The result is a unique, closed loop approach to controlling cyber threats that begins with positive security controls to reduce the attack surface, inspection of all traffic, ports, and protocols to block all known threats, and rapid detection of unknown threats by observing their actual behavior. Table 1- Security Levels N/A N/A N/A © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 2

Page 4
Module configuration
NameModelHardware VersionFirmware VersionFeatures
WF-500WF-500910-000097 Physical Kit: 920-00014510.2.3-h1RJ45 interfaces, USB ports, LEDs
WF-500-BWF-500-B910-000270 Physical Kit: 920-00031810.2.3-h1RJ45 interfaces, USB ports, LEDs, SFP+ ports

2.​ Cryptographic Module Specification The Palo Alto Networks, Inc. WF-500-B is a multi-chip standalone module. The cryptographic boundary includes all firmware components contained within the physical enclosure of the module. Figures below provide images of the module with the physical kit’s opacity shields in place. See the Physical Security section for details regarding the module’s physical security mechanisms. Table 2 - Cryptographic Module Tested Configuration Approved Mode of Operation The following section details the procedure necessary to place the module into the Approved mode of operation.

Page 5
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
Conditioning Component AES-CBC-MAC SP 800-90BA2518AES-CBC-MAC128 bitsVetted conditioning
AES-CBC [SP 800-38A]A2906CBC128, 192 and 256 bitsEncryption Decryption
AES-CFB128 [SP 800-38A]A2906CFB128128 bitsEncryption Decryption
AES-CTR [SP 800-38A]A2906CTR128, 192 and 256 bitsEncryption Decryption
AES-GCM [SP 800-38D]A2906GCM**128 and 256 bitsEncryption Decryption
Counter DRBG [SP 800-90Arev1]A2906CTR DRBGAES 256 bits with Derivation Function EnabledRandom Bit Generator
ECDSA KeyGen (FIPS 186-4)A2906ECDSA KeyGenP-256, P-384, P-521Key Generation
ECDSA KeyVerA2906ECDSA KeyVerP-256, P-384, P-521Public Key Validation

Non-Compliant State Failure to follow the directions in the Approved Mode of Operation above and Section 11 will result in the module operating in a non-compliant state. Zeroization To initiate the zeroization service, perform the following steps:

Page 6
Approved algorithm
NameCAVP CertKey SizeUse Function
ECDSA SigGenA2906P-256, P-384, P-521 with SHA2-224, SHA2-256, SHA2-384, and SHA2-512Signature GenerationECDSA SigGen (FIPS 186-4)
ECDSA SigVerA2906P-256, P-384, P-521 with SHA-1, SHA2-224, SHA2-256, SHA2-384, and SHA2-512Signature VerificationECDSA SigVer (FIPS 186-4)
HMACA2906HMAC-SHA-1 with λ= 160Authentication for protocolsHMAC-SHA-1 [FIPS 198-1]
HMACA2906HMAC-SHA2-224 with λ=224Authentication for protocolsHMAC-SHA2-224 [FIPS 198-1]
HMACA2906HMAC-SHA2-256 with λ=256Authentication for protocolsHMAC-SHA2-256 [FIPS 198-1]
HMACA2906HMAC-SHA2-384 with λ=384Authentication for protocolsHMAC-SHA2-384 [FIPS 198-1]
HMACA2906HMAC-SHA2-512 with λ=512Authentication for protocolsHMAC-SHA2-512 [FIPS 198-1]
KASA2906Ephemeral Unified Model: P-256/P-384/P-521Key ExchangeKAS-ECC-SSC (SP 800-56Ar3)
KASA2906dhEphem: MODP-2048Key ExchangeKAS-FFC-SSC (SP 800-56Ar3)
IKEv2 KDFA2906SHA2-256, SHA2-384, SHA2-512IKEv2KDF IKEv2 [SP 800-135rev1] (CVL)
SNMPv3 KDFA2906Engine ID: 80001F88043030303030 343935323630SNMPv3KDF SNMP [SP 800-135rev1] (CVL)
SSHv2 KDFA2906SHA-1, SHA2-256, SHA2-512SSHKDF SSH [SP 800-135rev1] (CVL)
TLS1.2 KDFA2906TLS v1.2 Hash Algorithm: SHA2-256, SHA2-384TLSKDF TLS [SP 800-135rev1] (CVL)
RSA KeyGen (FIPS 186-4)A29062048, 3072, and 4096 bitsKey Pair GenerationRSA KeyGen (FIPS 186-4)
RSA SigGen (FIPS 186-4)A2906(ANSI X9.31, RSASSA-PKCS1_v1-5, RSASSA-PSS): 2048, 3072, and 4096-bit with hashes SHA2-256/384/512Signature GenerationRSA SigGen (FIPS 186-4)
RSA SigVer (FIPS 186-4)A2906(ANSI X9.31, RSASSA-PKCS1_v1-5, RSASSA-PSS): 2048, 3072, 4096-bit (per IG C.F) with hashes SHA-1 and SHA2-224+++/256/384/5 12 (Signature Verification) +++ This Hash algorithm is not supported for ANSI X9.31Signature VerificationRSA SigVer (FIPS 186-4)
SHAA2906SHA-1Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)SHA-1 [FIPS 180-4]
SHA2A2906SHA-224Digital Signature Generation/VerificationSHA2-224 [FIPS 180-4]
SHA2A2906SHA-256Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)SHA2-256 [FIPS 180-4]
SHA2A2906SHA-384Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)SHA2-384 [FIPS 180-4]
SHA2A2906SHA-512Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)SHA2-512 [FIPS 180-4]
Safe Primes Key GenerationA2906MODP-2048Safe Primes Key GenerationSafe Primes Key Generation [RFC 3526]
Safe Primes Key VerificationA2906MODP-2048Safe Primes Key VerificationSafe Primes Key Verification [RFC 3526]
SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.AES Cert. # A2906 and HMAC Cert. # A2906128, 192, and 256-bit keys providing 128, 192, or 256 bits of encryption strengthKey WrappingKTS [SP 800-38F]
SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.AES-GCM Cert. # A2906128 and 256-bit keys providing 128 or 256 bits of encryption strengthKey WrappingKTS [SP 800-38F]
ESVESV Cert. #E64Palo Alto Networks DRNG Entropy SourceEntropySP 800-90B
ESVESV Cert. #E130Palo Alto Networks DRNG Entropy SourceEntropySP 800-90B
SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).KAS-ECC-SSC Cert. #A2906, KDF IKEv2 Cert. #A2906P-256, P-384 curves providing 128 or 192 bits of encryption strengthKey Exchange with protocol KDFKAS [SP 800-56Arev3]
SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).KAS-ECC-SSC Cert. #A2906, KDF SSH Cert. #A2906P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strengthKey Exchange with protocol KDFKAS [SP 800-56Arev3]
SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).KAS-ECC-SSC Cert. #A2906, KDF TLS Cert. #A2906P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strengthKey Exchange with protocol KDFKAS [SP 800-56Arev3]
SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2).KAS-FFC-SSC Cert. #A2906, KDF IKEv2 Cert. #A29062048-bit key providing 112 bits of encryption strengthKey Exchange with protocol KDFKAS [SP 800-56Arev3]
SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2).KAS-FFC-SSC Cert. #A2906, KDF SSH Cert. #A29062048-bit key providing 112 bits of encryption strengthKey Exchange with protocol KDFKAS [SP 800-56Arev3]
SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2).KAS-FFC-SSC Cert. #A2906, KDF TLS Cert. #A29062048-bit key providing 112 bits of encryption strengthKey Exchange with protocol KDFKAS [SP 800-56Arev3]
Section 5.1, Section 5.2Vendor AffirmedCryptographic Key Generation; SP 800-Key GenerationCKG (SP 800-133rev2)

© 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 5

Page 7

(2). (2). (2). (2). (2). (2). ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 6

Page 8
133 and IG D.I (asymmetric

seeds). Note: The seeds used for asymmetric key pair generation are produced using the unmodified/direct output of the DRBG *The module is compliant to IG C.H: GCM is used in the context of TLS, IPsec/IKEv2, and SSH:

Page 9

Table 4 - Supported Protocols in the Approved Mode Supported Protocols* TLS 1.2 SSHv2 SNMPv3 IPsec and IKEv2 *Note: These protocols have not been tested or reviewed by the CMVP or the CAVP. Module Diagrams Figures 1 - 4 depict the modules and their interfaces. Please refer to the appendix for depictions of the module with the physical kit installed. Figure 1 - WF-500 Front Figure 2 - WF-500 Rear © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 8

Page 10
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
LEDLEDStatus outputModule status via LED indicators
ConsoleConsoleStatus outputSelf-test output
PowerPowerPowerN/A
RJ45 EthernetRJ45 EthernetData input, control input, data output, status outputTLS, IPSec, or SSH
SFP+ (WF-500-B)SFP+ (WF-500-B)Data input, control input, data output, status outputTLS

Figure 3 - WF-500-B Front Figure 4 - WF-500-B Rear 3.​ Cryptographic Module Interfaces The module is a multi-chip standalone with ports and interfaces as shown below. The module does not implement a control Table 5 - Ports and Interfaces N/A Note: USB and IPMI ports are present but not used (i.e. disabled). © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 9

Page 11
Service
NameRolesInputOutput
Show VersionCOQuery module for versionModule provides version
System Operational ManagementCOConfiguring and managing networking parameter configuration, logging configuration, and other non-security relevant configuration via CLIConfirmation of service via Configuration Logs
System Configuration ManagementCOConfiguring and managing cryptographic parameters and setting/modifying security policy, including creating User accounts and additional CO accounts via CLIConfirmation of service via Configuration Logs
Data Analysis ManagementCOConfigure data submission, analysis and reporting functions via CLIConfirmation of service via Configuration Logs
Check StatusCOQuery status of the module via CLIModule status information via CLI or System Logs
Firmware UpdateCOLoading new imageSystem log noting version updated successfully
System AuditUserView the System Logs via CLISystem Logs
IKE/IPsec configurationPeer-to-Peer VPNInitialize VPN connectionConfirmation of service via System Logs
ZeroizeUnauthenticatedInitialize factory reset via Maintenance ModeConfirmation of zeroization via console output
Self-TestsUnauthenticatedPower removalConfirmation of self-test output/logs
Show StatusUnauthenticatedN/ALEDs

4.​ Roles, Services, and Authentication Services When initialized into the Approved mode of operation, all authenticated services are accessed via SSH or TLS sessions. Approved and allowed algorithms, relevant CSPs and public keys related to these protocols are accessed to support the following services. CSP access by services is further described in the following tables. The Crypto-Officer may access all services and has the ability to define multiple Crypto-Officer roles. The User role provides establishment of VPN connections between several WF-500 and WF-500-B modules. Table 6

Page 12
Approved algorithm
NameUse Function
Authentication StrengthAuthentication MethodRole
Password-based Minimum length is eight (8) characters1 (95 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(958) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(958), which is less than 1/100,000. The module’s configuration supports at most ten failed attempts to authenticate in a one-minute period. Certificate/Public key-based The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521. The minimum equivalent strength supported is 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 6,000/(2112), which is less than 1/100,000. The module supports at most 100 new sessions per second to authenticate in a one-minute period.Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authenticationCrypto-Officer (CO)
UserMemorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authenticationUser
Certificate/Public key-based The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521.Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authenticationPeer-to-peer VPN

Assumption of Roles The module supports distinct operator roles. The cryptographic module enforces the separation of roles using unique authentication credentials associated with operator accounts. The module supports concurrent operators with identity-based authentication. The module does not provide a maintenance role or bypass capability. Table 7

Page 13
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Show VersionQuery the module to display the versionCON/AN/AN/AVersion displayed via System Logs / CLI
System Operational ManagementPerform system management functions including firmware updates, licensing, diagnostics and debug functions.CORSA Private KeysCKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4)G/W/ESystem Logs
CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)COECDSA Private KeysCKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)G/W/ESystem Logs
KASCOTLS Pre-Master SecretKASG/E/ZSystem LogsKDF TLS
KDF TLSCOTLS Master SecretG/E/ZSystem LogsKDF TLS
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCOTLS DHE/ECDHE Private ComponentsG/E/ZSystem LogsCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsCOTLS DHE/ECDHE Public ComponentsG/E/R/W/ZSystem Logs
KTSCOTLS HMAC KeysKTSG/E/ZSystem LogsHMAC-SHA2-256 HMAC-SHA2-384
AES-CBCCOTLS Encryption KeysG/E/ZSystem LogsAES-CBC
KTSKTSAES-GCM
KASCOSSH DHE/ECDHE Private ComponentsKASG/E/ZSystem LogsKDF SSH (CVL)
KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key VerificationSSH DHE/ECDHE Public ComponentsG/E/R/W/ZSystem LogsKAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification
KTSCOSSH Session Authentication KeysKTSG/E/ZSystem LogsHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512
AES-CBC, AES-CTRCOSSH Session Encryption KeysG/E/ZSystem LogsAES-CBC, AES-CTR
KTSKTSAES-GCM
N/ACOCO, User PasswordN/AG/E/WSystem Logs
Counter DRBG, ESVCODRBG SeedCounter DRBG, ESVG/ESystem Logs
KASCOIPSec/IKE DHE/ECDHE Public ComponentsKASG/E/ZSystem LogsKDF IKEv2 (CVL)
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCOIPSec/IKE DHE/ECDHE Private ComponentsG/E/ZSystem LogsCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
KTSCOIPSec/IKE Authentication KeysKTSG/E/ZSystem LogsHMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512
AES-CBCIPSec/IKE Session KeysAES-CBC
KTSCOIPSec/IKE Session KeysKTSG/E/ZSystem LogsAES-GCM
N/ACORADIUS SecretN/AW/ESystem Logs
RSA SigVer (FIPS 186-4)CORSA Public KeysRSA SigVer (FIPS 186-4)G/R/E/WSystem Logs
ECDSA SigVer (FIPS 186-4)COECDSA Public KeysECDSA SigVer (FIPS 186-4)G/R/E/WSystem Logs
RSA SigVer (FIPS 186-4)COSSH Client RSA Public KeyRSA SigVer (FIPS 186-4)W/ESystem Logs
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)COSSH Host Public KeyRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/WSystem Logs
HMAC-SHA2-256, ECDSA SigVer (FIPS 186-4)COFirmware Integrity Verification KeyHMAC-SHA2-256, ECDSA SigVer (FIPS 186-4)ESystem Logs
RSA SigVer (FIPS 186-4)COPublic Key for Firmware Load TestRSA SigVer (FIPS 186-4)W/ESystem Logs
System Configuration ManagementPresents configuration options for management interfaces and communication for peer services. Import, Export, Save, Load, revert and validate configurations and state. Define access control methods via admin role profiles, configureCORSA Private KeysCKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4)G/W/ESystem Logs
CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)COECDSA Private KeysCKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)G/W/ESystem Logs
KASCOTLS Pre-Master SecretKASG/E/ZSystem LogsKDF TLS
KDF TLSCOTLS Master SecretG/E/ZSystem LogsKDF TLS
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCOTLS DHE/ECDHE Private ComponentsG/E/ZSystem LogsCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsCOTLS DHE/ECDHE Public ComponentsG/E/R/W/ZSystem Logs
administrators/use rs, and password profiles. Configure operators and authentication profiles.administrators/use rs, and password profiles. Configure operators and authentication profiles.COSSH DHE/ECDHE Private ComponentsKASG/E/ZSystem LogsKDF SSH (CVL)
KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key VerificationSSH DHE/ECDHE Public ComponentsG/E/R/W/ZSystem LogsKAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification
KTSCOSSH Session Authentication KeysKTSG/E/ZSystem LogsHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512
AES-CBC, AES-CTRCOSSH Session Encryption KeysG/E/ZSystem LogsAES-CBC, AES-CTR
KTSKTSAES-GCM
N/ACOCO, User PasswordN/AG/E/WSystem Logs
Counter DRBG, ESVCODRBG SeedCounter DRBG, ESVG/ESystem Logs
KDF SNMP (CVL)COSNMPv3 Authentication SecretKDF SNMP (CVL)W/ESystem Logs
KDF SNMP (CVL)COSNMPv3 Privacy SecretKDF SNMP (CVL)W/ESystem Logs
HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512COAuthentication KeyHMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512G/E/ZSystem Logs
AES-CFB128COSession KeyAES-CFB128G/E/ZSystem Logs
KASCOIPSec/IKE DHE/ECDHE Public ComponentsKASG/E/ZSystem LogsKDF IKEv2 (CVL)
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCOIPSec/IKE DHE/ECDHE Private ComponentsG/E/ZSystem LogsCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
KTSCOIPSec/IKE Authentication KeysKTSG/E/ZSystem LogsHMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512
AES-CBCIPSec/IKE Session KeysAES-CBC
KTSCOIPSec/IKE Session KeysKTSG/E/ZSystem LogsAES-GCM
N/ACORADIUS SecretN/AW/ESystem Logs
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)COSSH Host Public KeyRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/WSystem Logs
HMAC-SHA2-256, ECDSA SigVer (FIPS 186-4)COFirmware Integrity Verification KeyHMAC-SHA2-256, ECDSA SigVer (FIPS 186-4)ESystem Logs
Data Analysis ManagementConfigure data submission, analysis and reporting functions.CORSA Private KeysCKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4)G/W/ESystem Logs
CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)COECDSA Private KeysCKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)G/W/ESystem Logs
KASCOTLS Pre-Master SecretKASG/E/ZSystem LogsKDF TLS
KDF TLSCOTLS Master SecretG/E/ZSystem LogsKDF TLS
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, SafeCOTLS DHE/ECDHE Private ComponentsG/E/ZSystem LogsCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe
TLS DHE/ECDHE Public ComponentsCOTLS DHE/ECDHE Public ComponentsG/E/R/W/ZSystem Logs
KTSCOTLS HMAC KeysKTSG/E/ZSystem LogsHMAC-SHA2-256 HMAC-SHA2-384
AES-CBCCOTLS Encryption KeysG/E/ZSystem LogsAES-CBC
KTSKTSAES-GCM
KASCOSSH DHE/ECDHE Private ComponentsKASG/E/ZSystem LogsKDF SSH (CVL)
KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key VerificationSSH DHE/ECDHE Public ComponentsG/E/R/W/ZSystem LogsKAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification
KTSCOSSH Session Authentication KeysKTSG/E/ZSystem LogsHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512
AES-CBC, AES-CTRCOSSH Session Encryption KeysG/E/ZSystem LogsAES-CBC, AES-CTR
KTSKTSAES-GCM
N/ACOCO, User PasswordN/AG/E/WSystem Logs
Counter DRBG, ESVCODRBG SeedCounter DRBG, ESVG/ESystem Logs
Check StatusReview system, configuration, debug logs, and show configurations.CORSA Private KeysCKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4)G/W/ESystem Logs
CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)COECDSA Private KeysCKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)G/W/ESystem Logs
KASCOSSH DHE/ECDHE Private ComponentsKASG/E/ZSystem LogsKDF SSH (CVL)
KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key VerificationSSH DHE/ECDHE Public ComponentsG/E/R/W/ZSystem LogsKAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification
KTSCOSSH Session Authentication KeysKTSG/E/ZSystem LogsHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512
AES-CBC, AES-CTRCOSSH Session Encryption KeysG/E/ZSystem LogsAES-CBC, AES-CTR
KTSKTSAES-GCM
N/ACOCO, User PasswordN/AG/E/WSystem Logs
Counter DRBG, ESVCODRBG SeedCounter DRBG, ESVG/ESystem Logs
KDF SNMP (CVL)COSNMPv3 Authentication SecretKDF SNMP (CVL)W/ESystem Logs
KDF SNMP (CVL)COSNMPv3 Privacy SecretKDF SNMP (CVL)W/ESystem Logs
HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512COAuthentication KeyHMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512G/E/ZSystem Logs
AES-CFB128COSession KeyAES-CFB128G/E/ZSystem Logs
Firmware UpdateUsed to load/install new firmwareCOPublic Key for Firmware Load TestRSA SigVer (FIPS 186-4)W/ESystem Logs
System AuditAllows review of limited configuration and system status via logs, dashboard and configuration screens. Provides no configuration commit capability.CORSA Private KeysCKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4)G/W/ESystem Logs
CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)COECDSA Private KeysCKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)G/W/ESystem Logs
KASCOSSH DHE/ECDHE Private ComponentsKASG/E/ZSystem LogsKDF SSH (CVL)
KAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key VerificationSSH DHE/ECDHE Public ComponentsG/E/R/W/ZSystem LogsKAS-ECC-SSC KAS-FFC-SSC Safe Primes Key Generation, Safe Primes Key Verification
KTSCOSSH Session Authentication KeysKTSG/E/ZSystem LogsHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512
AES-CBC, AES-CTRCOSSH Session Encryption KeysG/E/ZSystem LogsAES-CBC, AES-CTR
KTSKTSAES-GCM
N/ACOCO, User PasswordN/AG/E/WSystem Logs
Counter DRBG, ESVCODRBG SeedCounter DRBG, ESVG/ESystem Logs
IKE/IPsec ConfigurationConfigures IKE/IPsec setup for peer to peer VPN.Peer to Peer VPNRSA Private KeysCKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4)G/W/ESystem Logs
CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)Peer to Peer VPNECDSA Private KeysCKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)G/W/ESystem Logs
Counter DRBG, ESVPeer to Peer VPNDRBG SeedCounter DRBG, ESVG/ESystem Logs
KASPeer to Peer VPNIPSec/IKE DHE/ECDHE Public ComponentsKASG/E/ZSystem LogsKDF IKEv2
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationPeer to Peer VPNIPSec/IKE DHE/ECDHE Private ComponentsG/E/ZSystem LogsCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
KTSPeer to Peer VPNIPSec/IKE Authentication KeysKTSG/E/ZSystem LogsHMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512
AES-CBCIPSec/IKE Session KeysAES-CBC
KTSPeer to Peer VPNIPSec/IKE Session KeysKTSG/E/ZSystem LogsAES-GCM
RSA SigVer (FIPS 186-4)Peer to Peer VPNRSA Public Keys CA CertificatesRSA SigVer (FIPS 186-4)G/R/E/WSystem Logs
ECDSA SigVer (FIPS 186-4)Peer to Peer VPNECDSA Public Keys CA CertificatesECDSA SigVer (FIPS 186-4)G/R/E/WSystem Logs

The minimum equivalent strength supported is

112 bits. The probability that a random attempt

will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 6,000/(2112), which is less than 1/100,000. The module supports at most 100 new sessions per second to authenticate in a one-minute period. The table below defines the relationship between access to SSPs and the different module services. The modes of access shown in the table are defined as: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. Table 8

Page 14

G/E/R/W/Z G/E/Z G/E/Z G/E/W G/E G/E/Z G/E/Z G/E/Z G/E/Z N/A W/E G/R/E/W G/R/E/W W/E G/R/E/W E N/A W/E G/W/E G/W/E G/E/Z G/E/Z G/E/Z G/E/R/W/Z © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 13

Page 15

G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/W G/E N/A W/E W/E G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z N/A W/E G/R/E/W E G/W/E G/W/E G/E/Z G/E/Z G/E/Z G/E/R/W/Z © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 14

Page 16

G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/W G/E N/A G/W/E G/W/E G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/W G/E N/A W/E W/E G/E/Z G/E/Z W/E © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 15

Page 17

G/W/E G/W/E G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/W G/E N/A G/W/E G/W/E G/E G/E/Z G/E/Z G/E/Z G/E/Z G/R/E/W G/R/E/W © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 16

Page 18
Sensitive security parameter
NameZeroizationOutputN/AAll Keys and SSPsCOZ
Run power up self-tests on demand by power cycling the module.Self-TestsSystem LogsHMAC-SHA2-256, ECDSA SigVer (FIPS 186-4)Firmware Integrity Verification KeyCOE

N/A N/A N/A Z E N/A Note: Configuration/System Logs for Approved services above will indicate FIPS-CC mode is enabled and that the service succeeded. 5.​ Software/Firmware Security ECDSA Cert. #A2906) during the Pre-Operational Self-Test. In addition, the module also conducts the firmware load test by using RSA 2048 with SHA-256 (Cert. #A2906) for the new validated firmware to be uploaded into the module. The pre-operational self-tests can be initiated by power cycling the module. When this is performed, the module automatically runs the cryptographic algorithm self-tests in addition to the pre-operational firmware integrity test. 6.​ Operational Environment The FIPS 140-3 Operational Environment requirements are not applicable because the module does not contain a modifiable operational environment. The operational environment is limited since the module includes a firmware load service to support necessary updates. New firmware versions within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any other firmware loaded into the module is out of the scope of this validation and requires a separate FIPS 140-3 validation. © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 17

Page 19
Physical Security MechanismRecommended Frequency of Inspection/TestInspection/Test Guidance Details
Tamper-Evident Seals30 daysVerify integrity of tamper-evident seals in the locations specified in the appendix.
Front and Rear Opacity Shields30 daysVerify that the front and rear opacity shields have not been deformed from their original shape, thereby reducing their effectiveness.
Vent Overlays30 daysVerify that the vent overlays have not been removed or deformed. All edges should maintain strong adhesion characteristics.

7.​ The multi-chip standalone module is production quality and contains standard passivation. Chip components are protected by an opaque enclosure. There are tamper-evident seals that are applied on the module by the Crypto-Officer, and any unused seals are to be controlled by the Crypto-Officer. The Crypto-Officer must ensure that the module surface is clean and dry before applying the seals. The seals prevent removal of the opaque enclosure without evidence, which should be inspected by the Crypto-Officer every 30 days for evidence of tampering. If the seals or opacity shields show evidence of tamper, the Crypto-Officer should assume that the module has been compromised and contact Customer Support. Note: For ordering information, see Table 2 for physical kit part numbers and version. Opacity shields are included in the physical kits. Operator Required Actions The following table provides information regarding the various physical security mechanisms, and their recommended Refer to the following sections for instructions on installation and placement of the tamper seals and opacity shields. Tamper-evident seals must be pressed firmly onto the adhering surfaces during installation, and once applied, the Crypto-Officer shall permit 24 hours of cure time for all tamper-evident seals. WF-500 Tamper Seal Installation (12 Seals) 1. Remove the two pull handles and front modules on the left and right side of the appliance by removing the three (3) screws located behind each handle/module. There is no need to disconnect the LED circuit board attached to the end of the ribbon cable. Retain these screws for Step 2. © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 18

Page 20

Figure 5 - Remove Front Handles and Modules

  1. Attach the left and right front cover brackets to the appliance using the six (6) screws that were removed in Step
  2. First attach the brackets using the bottom screws (one (1) on each side) as shown in Figure 6, ensuring that you feed the ribbon cable and LED circuit board through the left bracket. Replace the front modules and secure them using the middle and top screws on each side as shown in Figure 7. © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 19
Page 21

Figure 6 – Secure the Front Brackets Figure 7 - Attach Pull Handles and Front Modules

  1. Secure the front opacity shield to the right and left front brackets that you installed in Step
  2. Use two (2) screws (provided) on each side. © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 20
Page 22

Figure 8

Page 23
  1. Place the rear opacity shield on top of the rear opacity shield tray ensuring that you run the cables through the opening at the bottom. Secure the opacity shields with two (2) screws (provided) on each side. Figure 11 – Install Rear Opacity Shield
  2. Cover the vent openings as shown in Figure 12 by applying one (1) overlay tamper-evident seal over the left side vent and one overlay tamper-evident seal over the right side vent. Each overlay requires two (2) tamper-evident seals as shown in Figure
  3. Also apply one (1) additional tamper-evident seal as shown in Figure 13, #5. Figure 12 – Apply Tamper-Evident Seals on Vent Overlays © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 22
Page 24

Figure 13 – Apply Tamper-Evident Seals on Vent Overlays and Side Opening

  1. Attach the rail kit to the appliance as shown in Figure 14 and then add three (3) tamper-evident seals to the bottom of the appliance as shown in Figure
  2. One (1) tamper-evident seal prevents tampering of the front opacity shield connected to the bottom of the appliance and two (2) tamper-evident seals wrap around the upper and lower rear opacity shields to prevent tampering of the rear opacity shields. Figure 14 – Install Rail Kit © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 23
Page 25

Figure 15

Page 26

Remove the Void Warranty label that covers the left side cover screw then use a Phillips-head screwdriver to remove both screws as indicated in the illustration. b.​ Simultaneously depress the two (2) release buttons on top of the cover and slide the cover toward the back of the appliance to remove it. c.​ Slide the physical kit top cover (does not have vents) on the appliance until the release buttons click. Replace the two screws that you removed from the old cover Figure 17

Page 27

2.​ Attach the physical kit front cover brackets. Remove the front pull handles by removing two (2) screws from each handle (one (1) handle on each side), insert the WF-500-B physical kit front-cover brackets under each handle, and then replace the handles and secure them using the screws that you removed. The physical kit handles have standoffs that are used to secure the front cover. Figure 18

Page 28

Figure 19

Page 29

Figure 20

Page 30
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationImport ExportKey/SSP/Na me/Type
ECDSA/RSA Public key - Used to trust a root CA intermediate CA and leaf /end entity certificates (RSA 2048, 3072, and 4096 bits) (ECDSA P-256, P-384, and P-521)112 bits minimumRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A2906DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedCA Certificates
RSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (RSA 2048, 3072, or 4096-bit)112 bits minimumRSA SigVer (FIPS 186-4) Cert. #A2906DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key Encrypted or Plaintext TLS handshakeRSA Public Keys
RSA Private keys for generation of signatures, authentication or key establishment. (RSA 2048, 3072, or 4096-bit)112 bits minimumRSA SigGen (FIPS 186-4) Cert. #A2906DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedRSA Private Keys
ECDSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (ECDSA P-256, P-384, or P-521)128 bits minimumECDSA SigVer (FIPS 186-4) Cert. #A2906DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key Encrypted or Plaintext TLS handshakeECDSA Public Keys
ECDSA Private key for generation of signatures and authentication (P-256, P-384, or P-521)128 bits minimumECDSA SigGen (FIPS 186-4) Cert. #A2906DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedECDSA Private Keys
Ephemeral Diffie-Hellman private FFC or EC component used in TLS (DHE 2048, ECDHE P-256, P-384, P-521)112 bits minimumKAS-ECC-SS C KAS-FFC-SS C Cert. #A2906DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationN/ATLS DHE/ECDHE Private Components
Diffie_Hellman or EC Diffie-Hellman Ephemeral values used in key agreement (DHE 2048, ECDHE P-256, P-384, P-521)112 bits minimumKAS-ECC-SS C KAS-FFC-SS C Cert. #A2906DRBG, SP 800-56A Rev. 3N/AN/AZeroize at session terminationPlaintext - TLS handshakeTLS DHE/ECDHE Public Components
Secret value used to derive the TLS Master Secret along with client and server random noncesN/AKDF TLS, Cert. #A2906KAS SP 800-56A Rev. 3N/ARAM – plaintextZeroize at session terminationN/ATLS Pre-Master Secret
Secret value used to derive the TLS session keysN/AKDF TLS Cert. #A2906KDF TLSN/ARAM – plaintextZeroize at session terminationN/ATLS Master Secret
AES (128 or 256 bit) keys used in TLS connections (GCM; CBC)128 bits minimumAES-CBC or AES-GCM Cert. #A2906KDF TLSTLS, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ATLS Encryption Keys
HMAC keys used in TLS connections (SHA-256, 384) (256, 384 bits)256 bits minimumHMAC-SHA 2-256 HMAC-SHA 2-384 Cert. #A2906KDF TLSTLS, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ATLS HMAC Keys
Diffie Hellman or EC Diffie-Hellman private (DH Group 14, ECDH P-256, ECDH P-384, ECDH P-521)112 bits minimumKAS-ECC-SS C KAS-FFC-SS C Cert. #A2906DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationN/ASSH DHE/ECDHE Private Components
Diffie Hellman or EC Diffie-Hellman public component (DH Group 14, ECDH P-256, ECDH P-384, ECDH P-521)112 bits minimumKAS-ECC-SS C KAS-FFC-SS C Cert. #A2906DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationPlaintext SSH handshakeSSH DHE/ECDHE Public Components
SSH Host Public Key (RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521)112 bits minimumRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A2906DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceN/ASSH Host Public Key
Public RSA key used to authenticate client.112 bits minimumRSA SigVer (FIPS 186-4)N/AN/AHDD/RAM – plaintextZeroize ServiceEncrypted via SSH or TLSSSH Client Public Key
(RSA 2048, 3072, and 4096 bits)Cert. #A2906
Used in all SSH connections to the security module’s command line interface. (128, 192, or 256 bits: CBC or CTR) (128 or 256 bits: GCM)128 bits minimumAES-CBC, AES-CTR, or AES-GCM Cert. #A2906KDF SSHSSH, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ASSH Session Encryption Keys
Authentication keys used in all SSH connections to the security module’s command line interface (HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-512) (160, 256, 512 bits)160 bits minimumHMAC-SHA -1 HMAC-SHA 2-256 HMAC-SHA 2-512 Cert. #A2906KDF SSHSSH, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ASSH Session Authenticati on Keys
Diffie-Hellman or EC Diffie-Hellman private component used in key establishment (DHE 2048, ECDHE P-256, P-384)112 bits minimumKAS-ECC-SS C KAS-FFC-SS C Cert. #A2906DBRG, SP 800-56A Rev. 3N/ARAM - plaintextPower cycleN/AIPSec/IKE DHE/ECDHE Private Components
Diffie-Hellman or EC Diffie-Hellman public component used in key agreement (DHE 2048, ECDHE P-256, P-384)112 bits minimumKAS-ECC-SS C KAS-FFC-SS C Cert. #A2906DRBG, SP 800-56A Rev. 3N/ARAM - plaintextPower cycleN/AIPSec/IKE DHE/ECDHE Public Components
Used to encrypt IKE/IPSec data. These are AES CBC or GCM (128 or 256 bits)128 bits minimumAES-CBC, AES-GCM Cert. #A2906N/AIPSec/IKERAM - plaintextZeroize at session terminationN/AIPSec/IKE Session Keys
HMAC keys for authentication (HMAC-SHA-256/384/512) (key size 256, 384, 512 bits)160 bits minimumHMAC-SHA -1 HMAC-SHA 2-256 HMAC-SHA 2-384 HMAC-SHA 2-512 Cert. #A2906N/AIPSec/IKERAM - plaintextZeroize at session terminationN/AIPSec/IKE Authenticati on Keys
Used to check the integrity of crypto-related code. (HMAC-SHA-256 and ECDSA P-256) (Note: This is not considered an SSP)128 bitsHMAC-SHA 2-256, ECDSA SigVer (FIPS 186-4) Cert. #A2906FIPS 186-4N/AHDD - plaintextN/AN/AFirmware Integrity Verification key
Used to authenticate firmware and content to be installed on the module (RSA 2048 with SHA-256)112 bitsRSA SigVer (FIPS 186-4) Cert. #A2906FIPS 186-4N/AHDD - plaintextN/AN/APublic key for Firmware Load Test
Authentication string with a minimum length of eight (8) characters.N/ASHA2-256 Cert. #A2906ExternalN/AHDD - a password hash (SHA2-256)Zeroize ServiceEncrypted via SSH or TLSCO, User Password
Secrets used by RADIUS or TACACS+ (8 characters minimum)N/AN/AN/AN/AHDD/RAM – plaintextZeroize ServiceEncrypted via SSH or TLSProtocol Secrets
Entropy input string coming from the entropy source Input length = 384 bits256 bits (E64) 194 bits (E130)CKG (vendor affirmed), Counter DRBG Cert. #A2906Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/AEntropy Input String
DRBG seed coming from the entropy source256 bits (E64)CKG (vendorEntropy as perN/ARAM - PlaintextPower cycleN/ADRBG Seed
Seed length = 384 bits194 bits (E130)affirmed), Counter DRBG Cert. #A2906SP 800-90B
AES 256 CTR DRBG state Key used in the generation of a random values256 bitsCKG (vendor affirmed), Counter DRBG Cert. #A2906Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/ADRBG Key
AES 256 CTR DRBG state V used in the generation of a random values128 bitsCKG (vendor affirmed), Counter DRBG Cert. #A2906Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/ADRBG V
Used to support SNMPv3 services (Minimum 8 characters)N/AKDF SNMP Cert. #A2906N/AN/AHDD/RAM – plaintextZeroize ServiceTLS/SSHSNMPv3 Authenticati on Secret
Used to support SNMPv3 services (Minimum 8 characters)N/AKDF SNMP Cert. #A2906N/AN/AHDD/RAM – plaintextZeroize ServiceTLS/SSHSNMPv3 Privacy Secret
HMAC–SHA-1/224/256/384 /512 Authentication protocol key (160 bits)160 bits minimumHMAC-SHA -1 HMAC-SHA 2-224 HMAC-SHA 2-256 HMAC-SHA 2-384 HMAC-SHA 2-512 Cert. #A2906SNMPv3 KDFN/AHDD/RAM – plaintextZeroize ServiceN/AAuthenticati on Key
Privacy protocol encryption key (AES-CFB128)128 bits minimumAES-CFB12 8 Cert. #A2906SNMPv3 KDFN/AHDD/RAM - PlaintextZeroize ServiceN/ASession Key

Figure 22

Page 31

C C N/A C C N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A C C N/A N/A C C N/A N/A N/A N/A N/A © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 30

Page 32

-1 C C C C N/A N/A N/A N/A -1 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 31

Page 33

N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A -1 N/A N/A N/A N/A Table 13 - Non-Deterministic Random Number Generation Specification ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 32

Page 34

The module generates SSPs (e.g., keys) whose strengths are modified by available entropy 10.​ Self-Tests The cryptographic module automatically performs the following tests below. The operator can command the module to perform the pre-operational and cryptographic algorithm self-tests by cycling power of the module; these tests do not require any additional operator action. Pre-operational Self-Tests Pre-operational Firmware Integrity Test

Page 35
Cause of ErrorError State Indicator
Conditional Cryptographic Algorithm Self-Test or Software Integrity Test FailureFIPS-CC mode failure. <Algorithm test> failed.
Conditional Pairwise Consistency or Critical Functions Test FailureSystem log prints an error message.
Conditional Firmware Load Test FailureSystem prints Invalid image message.

●​ ECDSA/KAS-ECC Pairwise Consistency Test ●​ Firmware Load Test – Verify RSA 2048 with SHA-256 signature on firmware at time of load ●​ SP 800-56A Rev. 3 Assurance Tests (Based on Sections 5.5.2, 5.6.2, and 5.6.3) Error Handling In the event of a conditional test failure, the module will output a description of the error. These are summarized below. Table 14 - Errors and Indicators

  1. Life Cycle Assurance The vendor provided life-cycle assurance documentation that describes configuration management, design, finite state model, development, testing, delivery + operation, end of life procedures, and guidance. For details regarding the secure installation, initialization, startup, and operation of the module, see section “Approved Mode of Operation” in Section
  2. Palo Alto Network provides an Administrator Guide for additional information noted in the “References” section of this Security Policy Vendor imposed security rules In FIPS-CC mode, the following rules shall apply: 1.​ The operator shall not enable TLSv1.0 or use RSA for key wrapping; it is disabled by default A.​ Checked via CLI using “show shared” command 2.​ If using RADIUS, it must be configured using TLS 1.2. A.​ Checked via CLI using “show shared” command
  3. Mitigation of Other Attacks The module is not designed to mitigate any specific attacks outside the scope of FIPS 140-3. These requirements are not applicable. © 2025 Palo Alto Networks, Inc. ​ ​ Palo Alto Networks WildFire 10.2 WF-500 and WF-500-B Security Policy ​ Page 34
Page 36

13. Definitions and Acronyms AES

Referenced URLs