| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 10/10/2026 |
| Caveat | Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy |
| Vendor | Palo Alto Networks, Inc. |
| Hardware versions | 910-000102 with components 910-000185, 910-000169, 910-000183 and 910-000156 with Physical Kit 920-000112 [1], 910-000122 with components 910-000186, 910-000169, 910-000183 and 910-000156 with Physical Kit 920-000119 [1], 910-000223 with components 920-000293, 910-000195, 910-000194 and 910-000204 with Physical Kit 920-000309 [1], [910-000119 and 910-000120] with Physical Kit 920-000185 [1], [910-000125, 910-000131, 910-000132, and 910-000157] with Physical Kit 920-000186 [1], [910-000162, 910-000163, and 910-000164] with Physical Kit 920-000212 [1], [910-000212, 910-000230, 910-000231, and 910-000232] with Physical Kit 920-000454 [1], [910-000241, 910-000242, 910-000243, and 910-000244] with Physical Kit 920-000333 [1], [910-000252, 910-000253, 910-000254, and 910-000255] with Physical Kit 920-000320 [2], [910-000267 and 910-000269] with Physical Kit 920-000392 [1], and [910-000280 and 910-000281] with Physical Kit 920-000455 [1] |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A3453 |
| AES-CCM | A3453 |
| AES-CFB128 | A3453 |
| AES-CTR | A3453 |
| AES-GCM | A3453 |
| Conditioning Component AES-CBC-MAC SP800-90B | A2138 |
| Conditioning Component AES-CBC-MAC SP800-90B | A2153 |
| Conditioning Component AES-CBC-MAC SP800-90B | A2165 |
| Conditioning Component AES-CBC-MAC SP800-90B | A2541 |
| Counter DRBG | A3453 |
| ECDSA KeyGen (FIPS186-4) | A3453 |
| ECDSA KeyVer (FIPS186-4) | A3453 |
| ECDSA SigGen (FIPS186-4) | A3453 |
| ECDSA SigVer (FIPS186-4) | A3453 |
| HMAC-SHA-1 | A3453 |
| HMAC-SHA2-224 | A3453 |
| HMAC-SHA2-256 | A3453 |
| HMAC-SHA2-384 | A3453 |
| HMAC-SHA2-512 | A3453 |
| KAS-ECC-SSC Sp800-56Ar3 | A3453 |
| KAS-FFC-SSC Sp800-56Ar3 | A3453 |
| KDF IKEv2 | A3453 |
| KDF SNMP | A3453 |
| KDF SSH | A3453 |
| RSA KeyGen (FIPS186-4) | A3453 |
| RSA SigGen (FIPS186-4) | A3453 |
| RSA SigVer (FIPS186-4) | A3453 |
| Safe Primes Key Generation | A3453 |
| Safe Primes Key Verification | A3453 |
| SHA-1 | A3453 |
| SHA2-224 | A3453 |
| SHA2-256 | A3453 |
| SHA2-384 | A3453 |
| SHA2-512 | A3453 |
| TLS v1.2 KDF RFC7627 | A3453 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 2 |
| Software/Firmware Security | 2 |
| Operational Environment | N/A |
| Physical Security | 2 |
| Non-Invasive Security | N/A |
| Sensitive Security Parameter Management | 2 |
| Self-Tests | 2 |
| Life-Cycle Assurance | 3 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for PAN-OS 11.0 running on PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>11.0.3-h12 [1] and 11.0.6-h2 [2]</i>"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Update</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show Status<br/>Zeroize<br/>Self-Tests</i>"]
C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>Micro USB Console (PA-800 Series, PA-1400 Series,…<br/>RJ45 Console<br/>RJ45 Ethernet</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C4 --> I4 --> R4 --> E4
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C4,C5,C6 clue;
class I1,I2,I3,I4,I5,I6 infer;
class R1,R2,R3,R4,R5,R6 risk;
class E1,E2,E3,E4,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for PAN-OS 11.0 running on PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>11.0.3-h12 [1] and 11.0.6-h2 [2]</i><br/>src: certificate.firmwareVersions"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Update</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show Status<br/>Zeroize<br/>Self-Tests</i><br/>src: securityPolicy.services"]
C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>Micro USB Console (PA-800 Series, PA-1400 Series,…<br/>RJ45 Console<br/>RJ45 Ethernet</i><br/>src: securityPolicy.portsAndInterfaces"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1,C2,C3,C4 clueHigh;
class C5,C6 clueLow;PAN-OS 11.0 running on PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs Version: 1.3 Revision Date: May 6, 2025 Palo Alto Networks, Inc. www.paloaltonetworks.com © 2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. This document may be freely reproduced and
| # | Section | Page |
|---|---|---|
| 1 | General | 3 |
| 2 | Cryptographic Module Specification | 3 |
| 3 | Cryptographic Module Interfaces | 23 |
| 4 | Roles, Services, and Authentication | 25 |
| 5 | Software/Firmware Security | 31 |
| 6 | Operational Environment | 31 |
| 7 | Physical Security | 32 |
| 8 | Non-Invasive Security | 32 |
| 9 | Sensitive Security Parameter Management | 33 |
| 10 | Self-Tests | 37 |
| 11 | Life-Cycle Assurance | 39 |
| 12 | Mitigation of Other Attacks | 40 |
| 13 | Definitions and Acronyms | 40 |
| 14 | Reference Documents | 41 |
| 1 | General | 2 |
| 2 | Cryptographic Module Specification | 2 |
| 3 | Cryptographic Module Interfaces | 2 |
| 4 | Roles, Services, Authentication | 3 |
| 5 | Software/Firmware Security | 2 |
| 7 | Physical Security | 2 |
| 9 | Sensitive Security Parameter Management | 2 |
| 10 | Self-Tests | 2 |
| 11 | Life-Cycle Assurance | 3 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 2 |
| 2 | 2 | Cryptographic Module Specification | 2 |
| 3 | 3 | Cryptographic Module Interfaces | 2 |
| 4 | 4 | Roles, Services, Authentication | 3 |
| 5 | 5 | Software/Firmware Security | 2 |
| 6 | 6 | Operational Environment | N/A |
| 7 | 7 | Physical Security | 2 |
| 8 | 8 | Non-Invasive Security | N/A |
| 9 | 9 | Sensitive Security Parameter Management | 2 |
| 10 | 10 | Self-Tests | 2 |
| 11 | 11 | Life-Cycle Assurance | 3 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
| Overall Level | Overall Level | 2 |
Palo Alto Networks offers a full line of next-generation security appliances. Our platform architecture is based on our single-pass engine, PAN-OS, for networking, security, threat prevention, and management functionality that is consistent across all platforms. The devices differ only in capacities, performance, and physical configuration. The cryptographic modules meet the overall requirements applicable to Level 2 security of FIPS 140-3. Table 1 - Security Levels N/A N/A N/A Purpose The Palo Alto Networks PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs (hereafter referred to as the modules) are multi-chip standalone hardware modules that provide network security by enabling enterprises to see and control applications, users, and content
© 2025 Palo Alto Networks, Inc.
| Name | Model | Hardware Version | Firmware Version | Features |
|---|---|---|---|---|
| PA-410 | PA-410 | 910-000231, Physical Kit: 920-000454 | 11.0.3-h12 | RJ45 interfaces, USB, LED, Power supply, Ground stud |
| PA-415 | PA-415 | 910-000280, Physical Kit: 920-000455 | 11.0.3-h12 | RJ45 ports, SFP/SFP+ ports, USB ports, Micro-USB, LED, Power |
| PA-440 | PA-440 | 910-000212, Physical Kit: 920-000454 | 11.0.3-h12 | RJ 45 interfaces, USB, LEDs, Micro USB |
| PA-445 | PA-445 | 910-000281, Physical Kit: 920-000455 | 11.0.3-h12 | RJ 45 interfaces, USB, LEDs, Micro USB |
| PA-450 | PA-450 | 910-000232, Physical Kit: 920-000454 | 11.0.3-h12 | RJ 45 interfaces, USB, LEDs, Micro USB |
| PA-460 | PA-460 | 910-000230, Physical Kit: 920-000454 | 11.0.3-h12 | RJ 45 interfaces, USB, LEDs, 1 Micro USB |
| PA-820 | PA-820 | 910-000120, Physical Kit: 920-000185 | 11.0.3-h12 | RJ45 Ports, Micro-USB, SFP, SFP/SFP+, Power, LEDs, USB |
| PA-850 | PA-850 | 910-000119, Physical Kit: 920-000185 | 11.0.3-h12 | RJ45 Ports, Micro-USB, SFP, SFP/SFP+, Power, LEDs, USB |
| PA-1410 | PA-1410 | 910-000267, Physical Kit: 920-000392 | 11.0.3-h12 | RJ45 ports, SFP/SFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power |
| PA-1420 | PA-1420 | 910-000269, Physical Kit: 920-000392 | 11.0.3-h12 | RJ45 ports, SFP/SFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power |
| PA-3220 | PA-3220 | 910-000162, Physical Kit: 920-000212 | 11.0.3-h12 | RJ45 ports, SFP/SFP+ ports, QSFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power |
| PA-3250 | PA-3250 | 910-000163, Physical Kit: 920-000212 | 11.0.3-h12 | RJ45 ports, SFP/SFP+ ports, QSFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power |
| PA-3260 | PA-3260 | 910-000164, Physical Kit: 920-000212 | 11.0.3-h12 | RJ45 ports, SFP/SFP+ ports, QSFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power |
| PA-3410 | PA-3410 | 910-000241, Physical Kit: 920-000333 | 11.0.3-h12 | 1 x 1000Base-T (management) - RJ-45, 1 x 10Gb Ethernet (HA) - SFP+, 1 x console - RJ-45, 1 x management (USB) - micro-USB, 10 x 1Gb Ethernet/10Gb Ethernet - SFP/SFP+, 12 x 1/2.5/5/10GBase-T - RJ-45, 2 x 1000Base-T (HA) - RJ-45, 4 x 25Gb Ethernet - SFP28 |
| PA-3420 | PA-3420 | 910-000242, Physical Kit: 920-000333 | 11.0.3-h12 | 1 x 1000Base-T (management) - RJ-45, 1 x 10Gb Ethernet (HA) - SFP+, 1 x console - RJ-45, 1 x management (USB) - micro-USB, 10 x 1Gb Ethernet/10Gb Ethernet - SFP/SFP+, 12 x 1/2.5/5/10GBase-T - RJ-45, 2 x 1000Base-T (HA) - RJ-45, 4 x 25Gb Ethernet - SFP28 |
| PA-3430 | PA-3430 | 910-000243, Physical Kit: 920-000333 | 11.0.3-h12 | 1 x 1000Base-T (management) - RJ-45, 1 x 10Gb Ethernet (HA) - SFP+, 1 x console - RJ-45, 1 x management (USB) - micro-USB, 10 x 1Gb Ethernet/10Gb Ethernet - SFP/SFP+, 12 x 1/2.5/5/10GBase-T - RJ-45, 2 x 1000Base-T (HA) - RJ-45, 4 x 25Gb Ethernet - SFP28 |
| PA-3440 | PA-3440 | 910-000244, Physical Kit: 920-000333 | 11.0.3-h12 | 1 x 1000Base-T (management) - RJ-45, 1 x 10Gb Ethernet (HA) - SFP+, 1 x console - RJ-45, 1 x management (USB) - micro-USB, 10 x 1Gb Ethernet/10Gb Ethernet - SFP/SFP+, 12 x 1/2.5/5/10GBase-T - RJ-45, 2 x 1000Base-T (HA) - RJ-45, 4 x 25Gb Ethernet - SFP28 |
| PA-5220 | PA-5220 | 910-000132, Physical Kit: 920-000186 | 11.0.3-h12 | RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB |
| PA-5250 | PA-5250 | 910-000131, Physical Kit: 920-000186 | 11.0.3-h12 | RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB |
| PA-5260 | PA-5260 | 910-000125, Physical Kit: 920-000186 | 11.0.3-h12 | RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB |
| PA-5280 | PA-5280 | 910-000157, Physical Kit: 920-000186 | 11.0.3-h12 | RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB |
| PA-5410 | PA-5410 | 910-000252, Physical Kit: 920-000320 | 11.0.6-h2 | 1 x 1000Base-X (management) – SFP, 1 x 40Gb Ethernet (management) - QSFP+, 1 x console - RJ-45, 1 x micro-USB, 12 x 10Gb Ethernet - SFP+, 2 x 1 Gigabit Ethernet (High Availability) – SFP, 4 x 25Gb Ethernet - SFP28, 4 x 40Gb Ethernet/100Gb Ethernet - QSFP28, 8 x 1/2.5/5/10GBase-T - RJ-45 |
| PA-5420 | PA-5420 | 910-000253, Physical Kit: 920-000320 | 11.0.6-h2 | 1 x 1000Base-X (management) – SFP, 1 x 40Gb Ethernet (management) - QSFP+, 1 x console - RJ-45, 1 x micro-USB, 12 x 10Gb Ethernet - SFP+, 2 x 1 Gigabit Ethernet (High Availability) – SFP, 4 x 25Gb Ethernet - SFP28, 4 x 40Gb Ethernet/100Gb Ethernet - QSFP28, 8 x 1/2.5/5/10GBase-T - RJ-45 |
| PA-5430 | PA-5430 | 910-000254, Physical Kit: 920-000320 | 11.0.6-h2 | 1 x 1000Base-X (management) – SFP, 1 x 40Gb Ethernet (management) - QSFP+, 1 x console - RJ-45, 1 x micro-USB, 12 x 10Gb Ethernet - SFP+, 2 x 1 Gigabit Ethernet (High Availability) – SFP, 4 x 25Gb Ethernet - SFP28, 4 x 40Gb Ethernet/100Gb Ethernet - QSFP28, 8 x 1/2.5/5/10GBase-T - RJ-45 |
| PA-5440 | PA-5440 | 910-000255, Physical Kit: 920-000320 | 11.0.6-h2 | 1 x 1000Base-X (management) – SFP, 1 x 40Gb Ethernet (management) - QSFP+, 1 x console - RJ-45, 1 x micro-USB, 12 x 10Gb Ethernet - SFP+, 2 x 1 Gigabit Ethernet (High Availability) – SFP, 4 x 25Gb Ethernet - SFP28, 4 x 40Gb Ethernet/100Gb Ethernet - QSFP28, 8 x 1/2.5/5/10GBase-T - RJ-45 |
| PA-5450* | PA-5450* | 910-000223, Physical Kit: 920-000309, PA-5400 BC-A: 920-000293, PA-5400 MPC-A: 910-000195, PA-5400 NC-A: 910-000194, PA-5400 DPC-A: 910-000204 | 11.0.3-h12 | Networking cards, Data processing cards, Base cards, Management processor cards, Electrostatic Discharge, LEDs, Logging Drive Corner, USB, Console port, HSCI-A/B, Logging ports, Management Ports, HA ports, Ejector Tabs, RJ45, QSFP28, SFP/SFP+, Ground Studs, Fans, Power |
| PA-7050** | PA-7050** | 910-000102, Physical Kit: 920-000112, PAN-PA-7050-SMC-B: 910-000185, | 11.0.3-h12 | Networking cards, Log/Data processing cards, Log forwarding cards, Management processor cards, |
| PAN-PA-7000-DPC-A: 910-000169, PAN-PA-7000-LFC-A: 910-000183, PAN-PA-7000-100G-NPC-A: 910-000156 | PAN-PA-7000-DPC-A: 910-000169, PAN-PA-7000-LFC-A: 910-000183, PAN-PA-7000-100G-NPC-A: 910-000156 | RJ45 ports, SFP ports, SFP+ ports, HSCI ports, QSFP+ ports, Power supply, Power Switch, LEDs, USB | ||
| PA-7080** | PA-7080** | 910-000122, Physical Kit: 920-000119, PAN-PA-7080-SMC-B: 910-000186, PAN-PA-7000-DPC-A: 910-000169, PAN-PA-7000-LFC-A: 910-000183, PAN-PA-7000-100G-NPC-A: 910-000156 | 11.0.3-h12 | Networking cards, Log/Data processing cards, Log forwarding cards, Management processor cards, RJ45 ports, SFP+, HSCI, QSFP+, Power Switch, LEDs, USB |
© 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 5
© 2025 Palo Alto Networks, Inc.
Table 2 - Cryptographic Module Tested Configuration The following procedure will put the modules into the Approved mode of operation:
| Name | CAVP Cert | Mode Method | Key Size | Use Function | Use / Function |
|---|---|---|---|---|---|
| Conditioning Component AES-CBC-MAC SP 800-90B | A2138 | AES-CBC-MAC | 128 bits | Vetted conditioning component for ESV | |
| A2153 | A2153 | Vetted conditioning component for ESV | |||
| A2165 | A2165 | Vetted conditioning component for ESV | |||
| A2541 | A2541 | Vetted conditioning component for ESV | |||
| AES-CBC [SP 800-38A] | A3453 | CBC | 128, 192 and 256 bits | Encryption Decryption | |
| AES-CCM [SP 800-38C] | A3453 | CCM | 128 bits | Encryption Decryption | |
| AES-CFB128 [SP 800-38A] | A3453 | CFB128 | 128 bits | Encryption Decryption | |
| AES-CTR [SP 800-38A] | A3453 | CTR | 128, 192 and 256 bits | Encryption Decryption | |
| AES-GCM [SP 800-38D] | A3453 | GCM** | 128 and 256 bits | Encryption Decryption | |
| Counter DRBG [SP 800-90Arev1] | A3453 | CTR DRBG | AES 256 bits with Derivation Function Enabled | Random Bit Generator | |
| ECDSA KeyGen (FIPS 186-4) | A3453 | ECDSA KeyGen | P-256, P-384, P-521 | Key Generation | |
| ECDSA KeyVer (FIPS 186-4) | A3453 | ECDSA KeyVer | P-256, P-384, P-521 | Public Key Validation | |
| ECDSA SigGen (FIPS 186-4) | A3453 | ECDSA SigGen | P-256, P-384, P-521 with SHA2-224, SHA2-256, SHA2-384, and SHA2-512 | Signature Generation | |
| ECDSA SigVer (FIPS 186-4) | A3453 | ECDSA SigVer | P-256, P-384, P-521 with SHA-1, SHA2-224, SHA2-256, SHA2-384, and SHA2-512 | Signature Verification | |
| HMAC-SHA-1 [FIPS 198-1] | A3453 | HMAC | HMAC-SHA-1 with λ=96, 160 | Authentication for protocols | |
| HMAC-SHA2-224 [FIPS 198-1] | A3453 | HMAC | HMAC-SHA2-224 with λ=224 | Authentication for protocols | |
| HMAC-SHA2-256 [FIPS 198-1] | A3453 | HMAC | HMAC-SHA2-256 with λ=256 | Authentication for protocols | |
| HMAC-SHA2-384 [FIPS 198-1] | A3453 | HMAC | HMAC-SHA2-384 with λ=384 | Authentication for protocols | |
| HMAC-SHA2-512 [FIPS 198-1] | A3453 | HMAC | HMAC-SHA2-512 with λ=512 | Authentication for protocols | |
| KAS-ECC-SSC Sp800-56Ar3 | A3453 | KAS | P-256/P-384/P-521 | Key Exchange | |
| KAS-FFC-SSC SP 800-56Ar3 | A3453 | KAS | MODP-2048/3072/4096 | Key Exchange | |
| KDF IKEv2 [SP 800-135rev1] (CVL) | A3453 | IKEv2 KDF | SHA2-256, SHA2-384, SHA2-512 | IKEv2 | |
| KDF SNMP [SP 800-135rev1] (CVL) | A3453 | SNMPv3 KDF | Engine ID: 80001F88043030303030 343935323630 | SNMPv3 | |
| KDF SSH [SP 800-135rev1] (CVL) | A3453 | SSHv2 KDF | SHA-1, SHA2-256, SHA2-512 | SSH | |
| RSA KeyGen (FIPS 186-4) | A3453 | RSA KeyGen (FIPS 186-4) | 2048, 3072, and 4096 bits | Key Pair Generation | |
| RSA SigGen (FIPS 186-4) | A3453 | RSA SigGen (FIPS 186-4) | 2048, 3072, and 4096-bit with hashes 256/384/512 | Signature Generation | |
| RSA SigVer (FIPS 186-4) | A3453 | RSA SigVer (FIPS 186-4) | 2048, 3072, 4096-bit (per IG C.F) with hashes SHA-1/224+++/256/384/512 (Signature Verification) | Signature Verification |
The module will automatically indicate the Approved mode of operation in the following manner:
© 2025 Palo Alto Networks, Inc.
© 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 9
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|---|---|---|---|
| SHA-1 [FIPS 180-4] | A3453 | SHA | SHA-1 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) |
| SHA2-224 [FIPS 180-4] | A3453 | SHA2 | SHA-224 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) |
| SHA2-256 [FIPS 180-4] | A3453 | SHA2 | SHA-256 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) |
| SHA2-384 [FIPS 180-4] | A3453 | SHA2 | SHA-384 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) |
| SHA2-512 [FIPS 180-4] | A3453 | SHA2 | SHA-512 | Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC) |
| Safe Primes Key Generation [RFC 3526] | A3453 | Safe Primes Key Generation | MODP-2048, MODP-3072, MODP-4096 | Safe Primes Key Generation |
| Safe Primes Key Verification [RFC 3526] | A3453 | Safe Primes Key Verification | MODP-2048, MODP-3072, MODP-4096 | Safe Primes Key Verification |
| TLS v1.2 KDF RFC7627 (CVL) | A3453 | TLS v1.2 KDF RFC7627 | TLS v1.2 Hash Algorithm: SHA2-256, SHA2-384 | TLS |
| KTS [SP 800-38F] | AES Cert. #A3453 and HMAC Cert. #A3453 | SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | AES-CBC or AES-CTR plus HMAC 128, 192, and 256-bit keys providing 128, 192, or 256 bits of encryption strength | Key Wrapping |
| KTS [SP 800-38F] | AES-CCM Cert. #A3453 | SP 800-38C and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | AES-CCM 128-bit keys providing 128 bits of encryption strength | Key Wrapping |
| KTS [SP 800-38F] | AES-GCM Cert. #A3453 | SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | AES-GCM 128 and 256-bit keys providing 128 or 256 bits of encryption strength | Key Wrapping |
| KAS [SP 800-56Arev3] | KAS-ECC-S SC Cert. #A3453, KDF IKEv2 Cert. #A3453 | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strength | Key Exchange with protocol KDF |
| KAS [SP 800-56Arev3] | KAS-ECC-S SC Cert. #A3453, KDF SSH Cert. #A3453 | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strength | Key Exchange with protocol KDF |
| KAS [SP 800-56Arev3] | KAS-ECC-S SC Cert. #A3453, TLS v1.2 KDF RFC7627 Cert. #A3453 | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strength | Key Exchange with protocol KDF |
| KAS [SP 800-56Arev3] | KAS-FFC-S SC Cert. #A3453, KDF IKEv2 Cert. #A3453 | SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2). | 2048, 3072, and 4096-bit keys providing 112, 128, or 150 bits of encryption strength | Key Exchange with protocol KDF |
| KAS [SP 800-56Arev3] | KAS-FFC-S SC Cert. #A3453, KDF SSH Cert. #A3453 | SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2). | 2048-bit key providing 112 bits of encryption strength | Key Exchange with protocol KDF |
| KAS [SP 800-56Arev3] | KAS-FFC-S SC Cert. #A3453, TLS v1.2 KDF RFC7627 Cert. #A3453 | SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2). | 2048-bit key providing 112 bits of encryption strength | Key Exchange with protocol KDF |
| CKG (SP 800-133rev2) | Vendor Affirmed | Section 5.1, Section 5.2, Section 6.1 | Cryptographic Key Generation; SP 800- 133 and IG D.H (symmetric keys and asymmetric seeds). | Key Generation Note: The symmetric keys and seeds used for asymmetric key pair generation are produced using the unmodified/direct output of the DRBG |
© 2025 Palo Alto Networks, Inc.
The module is compliant to IG C.H: GCM is used in the context of TLS, IPsec/IKEv2, SSH:
itself). During operational testing, the module was tested against an independent version of IPsec with IKEv2 and found to behave correctly.
© 2025 Palo Alto Networks, Inc.
Figure 1 - Logical Diagram Figures 2 - 29 depict the modules and their interfaces. Please refer to the appendices for depictions of the modules with the physical kits installed. Figure 2 - PA-410 Front Figure 3 - PA-410 Rear © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 13
Figure 4 - PA-400 Front (PA-440/450/460 front panels are identical) Figure 5 - PA-400 Rear (PA-440/450/460 rear panels are identical) Figure 6 - PA-415/445 Front
© 2025 Palo Alto Networks, Inc.
Figure 7 - PA-415/445 Rear Figure 8 - PA-1400 Series Front Figure 9 - PA-1400 Series Rear Figure 10 - PA-3200 Series Front Figure 11 - PA-3200 Series Rear © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 15
Figure 12 - PA-3410/3420 Front Figure 13 - PA-3430/3440 Front Figure 14 - PA-3400 Rear Figure 15 - PA-5200 Series Front
© 2025 Palo Alto Networks, Inc.
Figure 16 - PA-5200 Rear Figure 17 - PA-5410/5420/5430/5440 Front (Note: All modules are identical) Figure 18 - PA-5410/5420/5430/5440 Rear (Note: All modules are identical) © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 17
Figure 19 - PA-5450 Front Figure 20 - PA-5450 Management Processor Card
© 2025 Palo Alto Networks, Inc.
Figure 21 - PA-5450 Networking Card Figure 22 - PA-5450 Data Processing Card © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 19
Figure 23 - PA-5450 Rear Figure 24 - PA-7050 Front1 Note: The PA-7050 can include various cards
© 2025 Palo Alto Networks, Inc.
Figure 25 - PA-7050 Back © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 21
Figure 26 - PA-7080 Front (on Left) and Back (on Right) Interfaces2 Figure 27 - PA-820 / PA-850 Front Interfaces Note: The PA-7080 can include various cards
© 2025 Palo Alto Networks, Inc.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| HSCI (PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5450, PA-7000 Series) | HSCI (PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5450, PA-7000 Series) | Data input, control input, data output, status output | SSH |
| LED | LED | Status output | Module status via LED indicators |
| Micro USB Console (PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-415/PA-445, PA-440/PA-450/PA-460, PA-5400 Series, PA-5450, PA-7050, PA-7080) | Micro USB Console (PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-415/PA-445, PA-440/PA-450/PA-460, PA-5400 Series, PA-5450, PA-7050, PA-7080) | Status output | Self-test output |
| Power | Power | Power | N/A |
| Power switch (PA-7000 Series) | Power switch (PA-7000 Series) | Control input | Power input switch |
| QSFP+ (PA-3260, PA-3430/PA-3440, PA-5250, PA-5260, PA-5280, PA-5400 Series, PA-7000 Series) | QSFP+ (PA-3260, PA-3430/PA-3440, PA-5250, PA-5260, PA-5280, PA-5400 Series, PA-7000 Series) | Data input, control input, data output, status output | TLS, IPsec, or SSH |
| QSFP28 (PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7000 Series) | QSFP28 (PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7000 Series) | Data input, control input, data output, status output | TLS, IPsec, or SSH |
| RJ45 Console | RJ45 Console | Status output | Self-test output |
| RJ45 Ethernet | RJ45 Ethernet | Data input, control input, data output, status output | TLS, IPSec |
| RJ45 HA (PA-1400 Series, PA-3200 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7050, PA-7080) | RJ45 HA (PA-1400 Series, PA-3200 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7050, PA-7080) | Data input, control input, data output, status output | SSH |
| RJ45 Log (PA-5450) | RJ45 Log (PA-5450) | Data input, control input, data output, status output | TLS, IPsec |
| RJ45 MGT (PA-400 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-440/PA-450/PA-460, PA-5400 Series, PA-5450, PA-7000 Series) | RJ45 MGT (PA-400 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-440/PA-450/PA-460, PA-5400 Series, PA-5450, PA-7000 Series) | Data input, control input, data output, status output | TLS, SSH |
| SFP (PA-415, PA-455, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-7000 Series) | SFP (PA-415, PA-455, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-7000 Series) | Data input, control input, data output, status output | TLS, IPSec, or SSH |
| SFP+ (PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7050, PA-7080) | SFP+ (PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7050, PA-7080) | Data input, control input, data output, status output | TLS, IPSec, or SSH |
| SFP28 (PA-3400 Series, PA-5400 Series) | SFP28 (PA-3400 Series, PA-5400 Series) | Data input, control input, data output, status output | TLS, IPSec |
Figure 28 - PA-820 Rear Interfaces Figure 29 - PA-850 Rear Interfaces 3.Cryptographic Module Interfaces The modules are multi-chip standalone modules with ports and interfaces as shown below. The modules do not implement a Table 5 - Ports and Interfaces3 N/A Interfaces depicted in Figures 2-29 above, but not listed in this table are disabled or do not transfer any data. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 23
© 2025 Palo Alto Networks, Inc.
| Name | Roles | Input | Output |
|---|---|---|---|
| Show Version | Crypto Officer | Query module for version | Module provides version |
| Security Configuration Management | Crypto Officer, User | Configuring and managing cryptographic parameters and setting/modifying security policy, including creating User accounts and additional CO accounts via CLI or WebUI | Confirmation of service via Configuration Logs |
| Other Configuration | Crypto Officer | Networking parameter configuration, logging configuration, and other non-security relevant configuration via CLI or WebUI | Confirmation of service via Configuration Logs |
| View Other Configuration | Crypto Officer, User | Query module for current non-security relevant configuration via WebUI or CLI | Confirmation of service via Configuration Logs |
| Show Status | Crypto Officer, User, RA VPN, S-S VPN | Query status of the module via WebUI or CLI | Module status information via CLI or System Logs |
| VPN | RA VPN, S-S VPN | Initialize VPN connection | Confirmation of service via System Logs |
| Firmware Update | Crypto Officer | Loading new image | Message output noting version updated successfully |
| Zeroize | Unauthenticated | Initiate zeroization command | Console Output |
| Self-Tests | Unauthenticated | Power removal | Console Output |
| Show Status (LEDs) | Unauthenticated | N/A | LEDs |
4.Roles, Services, and Authentication Services While in the Approved mode of operation, all CO and User services are accessed via SSH or TLS sessions. Approved and allowed algorithms, relevant CSPs, and public keys related to these protocols are accessed to support the following services. CSP access by services is further described in the following tables. Table 6 - Roles, Service Commands, Input and Output N/A Assumption of Roles The modules support four distinct operator roles, User and Cryptographic Officer (CO), Remote Access VPN, and Site-to-site VPN. The cryptographic modules enforce the separation of roles using unique authentication credentials associated with operator accounts. The modules support concurrent operators. The modules do not provide a maintenance role or bypass capability. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 25
| Name | Use Function | |
|---|---|---|
| Authentication Strength | Authentication Method | Role |
| Password-based The minimum length is eight (8) characters4 (95 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(958) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(958), which is less than 1/100,000. The firewall’s configuration supports at most ten failed attempts to authenticate in a one-minute period. Certificate/Public key-based The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521. The minimum equivalent strength supported is 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 288,000,000/(2112), which is less than 1/100,000. The firewall supports at most 4,800,000 new sessions per second. | Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authentication) | Cryptographic Officer |
| User | Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authentication | User |
| Remote Access VPN (RA VPN) | Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authentication | Remote Access VPN (RA VPN) |
| The pre-shared key authentication method has a minimum security strength5 of 956. The probability of successfully authenticating to the module is 1/(956), which is less than 1/1,000,000. The number of authentication attempts is limited by the number of new connections per second supported (4,800,000) on the fastest platform of the Palo Alto Networks firewalls. The probability of successfully authenticating to the module within a one minute period is 288,000,000/(956), which is less than 1/100,000. The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521. | IKE/IPSec Pre-shared keys - Identification with the IP Address and authentication with the Pre-Shared Key or certificate based authentication | Site-to-Site VPN (S-S VPN) |
The modules all support the use of a password (i.e. Memorized Secret as per SP 800-140E). Upon first boot, the module enforces a maximum of 10 failed attempts. Passwords stored in the module are hashed using SHA-256, and any passwords that are transported into/out of the module are protected via TLS 1.2. The passwords for the RA VPN and S-S VPN roles are created as part of the Security Configuration Management service Table 7 - Roles and Authentication In FIPS-CC Mode, the module checks and enforces the minimum password length of eight (8) as specified in SP 800-63B. Passwords are securely stored hashed with salt value, with very restricted access control, and rate limiting mechanism for random number password allowance that sets a baseline minimum acceptable strength of 106.
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | |
|---|---|---|---|---|---|---|---|
| Show Version | Query the module to display the version | CO | N/A | N/A | N/A | Version displayed via System Logs / CLI / UI | |
| Security Configuration Management | Configuring and managing cryptographic parameters and setting/modifying security policy, including creating User accounts and additional CO accounts | CO | RSA Private Keys | CKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4) | G/W/E | Configuration/System Logs | |
| CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | CO | ECDSA Private Keys | CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4) | G/W/E | |||
| KAS | CO | TLS Pre-Master Secret | KAS | G/E/Z | TLS v1.2 KDF RFC7627 | ||
| TLS v1.2 KDF RFC7627 | CO | TLS Master Secret | G/E/Z | TLS v1.2 KDF RFC7627 | |||
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | CO | TLS DHE/ECDHE Private Components | G/E/Z | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | |||
| TLS DHE/ECDHE Public Components | TLS DHE/ECDHE Public Components | G/E/R/W/Z | |||||
| KTS | CO | TLS HMAC Keys | KTS | G/E/Z | HMAC-SHA2- 256 HMAC-SHA2- 384 | ||
| AES-CBC | CO | TLS Encryption Keys | G/E/Z | AES-CBC | |||
| KTS | KTS | AES-GCM | |||||
| KTS | CO | SSH Session Authentication Keys | KTS | G/E/Z | HMAC-SHA-1 HMAC-SHA2- 256 | ||
| AES-CBC, AES-CTR | CO | SSH Session Encryption Keys | G/E/Z | AES-CBC, AES-CTR | |||
| KTS | KTS | AES-GCM | |||||
| KAS | CO | SSH DHE/ECDHE Private Components | KAS | G/E/Z | KDF SSH | ||
| SSH DHE/ECDHE Public Components | SSH DHE/ECDHE Public Components | G/E/R/W/Z | |||||
| N/A | CO | CO, User, RA VPN Password | N/A | G/E/W | |||
| Counter DRBG | CO | DRBG Seed | Counter DRBG | G/E | |||
| KDF SNMP | CO | SNMPv3 Authentication Secret | KDF SNMP | W/E | |||
| KDF SNMP | CO | SNMPv3 Privacy Secret | KDF SNMP | W/E | |||
| HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | CO | Authentication Key | HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 | G/E/Z | |||
| AES-CFB | CO | Session Key | AES-CFB | G/E/Z | |||
| N/A | CO | Protocol Secrets | N/A | W/E | |||
| RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | CO | CA Certificates | RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | G/R/E/W | |||
| ECDSA SigVer (FIPS 186-4) | CO | ECDSA Public Keys | ECDSA SigVer (FIPS 186-4) | G/R/E/W | |||
| RSA SigVer (FIPS 186-4) | CO | RSA Public Keys | RSA SigVer (FIPS 186-4) | G/R/E/W | |||
| RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | CO | SSH Host Public Key | RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | G/R/E/W | |||
| RSA SigVer (FIPS 186-4) | CO | SSH Client Public Key | RSA SigVer (FIPS 186-4) | W/E | |||
| RSA SigVer (FIPS 186-4) | CO | Public key for software load test | RSA SigVer (FIPS 186-4) | W/E | |||
| Other Configuration | Networking parameter configuration, logging configuration, and other non-security relevant configuration | CO | RSA Private Keys | RSA SigGen (FIPS 186-4) | G/W/E | Configuration/System Logs | |
| ECDSA SigGen (FIPS 186-4) | CO | ECDSA Private Keys | ECDSA SigGen (FIPS 186-4) | G/W/E | |||
| KAS | CO | TLS Pre-Master Secret | KAS | G/E/Z | TLS v1.2 KDF RFC7627 | ||
| TLS v1.2 KDF RFC7627 | CO | TLS Master Secret | G/E/Z | TLS v1.2 KDF RFC7627 | |||
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | CO | TLS DHE/ECDHE Private Components | G/E/Z | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | |||
| TLS DHE/ECDHE Public Components | TLS DHE/ECDHE Public Components | G/E/R/W/Z | |||||
| HMAC-SHA2-256 HMAC-SHA2-384 | CO | TLS HMAC Keys | HMAC-SHA2-256 HMAC-SHA2-384 | G/E/Z | |||
| AES-CBC or AES-GCM | CO | TLS Encryption Keys | AES-CBC or AES-GCM | G/E/Z G/Z | |||
| HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 | CO | SSH Session Authentication Keys | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 | ||||
| AES-CBC, AES-CTR, or AES-GCM | CO | SSH Session Encryption Keys | AES-CBC, AES-CTR, or AES-GCM | G/E/Z | |||
| KAS | CO | SSH DHE/ECDHE Private Components | KAS | G/E/Z | KDF SSH | ||
| N/A | CO | CO, User, RA VPN Password | N/A | G/E/W | |||
| Counter DRBG | CO | DRBG Seed | Counter DRBG | G/E | |||
| RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | CO | SSH Host Public Key | RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) | G/R/E/W | |||
| RSA SigVer (FIPS 186-4) | CO | SSH Client Public Key | RSA SigVer (FIPS 186-4) | W/E | |||
| View Other Configuration | Read-only of non-security relevant configuration | CO, User | CO, User, RA VPN Password Note: includes all items in “Other Configuration” | N/A | W/E | Configuration/System Logs | |
| Show Status | Provides status information of the module | CO, User | RSA Private Keys | RSA SigGen (FIPS 186-4) | E | Configuration/System Logs | |
| ECDSA SigGen (FIPS 186-4) | CO, User | ECDSA Private Keys | ECDSA SigGen (FIPS 186-4) | E | |||
| KAS | CO, User | TLS Pre-Master Secret | KAS | G/E/Z | TLS v1.2 KDF RFC7627 | ||
| TLS v1.2 KDF RFC7627 | CO, User | TLS Master Secret | G/E/Z | TLS v1.2 KDF RFC7627 | |||
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | CO, User | TLS DHE/ECDHE Private Components | G/E/Z | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | |||
| TLS DHE/ECDHE Public Components | TLS DHE/ECDHE Public Components | G/E/R/W/Z | |||||
| HMAC-SHA2-256 HMAC-SHA2-384 | CO, User | TLS HMAC Keys | HMAC-SHA2-256 HMAC-SHA2-384 | G/E/Z | |||
| AES-CBC or AES-GCM | CO, User | TLS Encryption Keys | AES-CBC or AES-GCM | G/E/Z | |||
| HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 | CO, User | SSH Session Authentication Keys | HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512 | G/E/Z | |||
| AES-CBC, AES-CTR, or AES-GCM | CO, User | SSH Session Encryption Keys | AES-CBC, AES-CTR, or AES-GCM | G/E/Z | |||
| Counter DRBG | RA VPN | DRBG Seed | Counter DRBG | G/E | |||
| KAS | CO | SSH DHE/ECDHE Private Components | KAS | G/E/Z | KDF SSH | ||
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | SSH DHE/ECDHE Public Components | G/E/R/W/Z | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification | ||||
| VPN | Provide network access for remote users or site-to-site connection | S-S VPN | S-S VPN IPSec/IKE Authentication Keys | KTS | G/E/Z | Configuration/System Logs | HMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 512 |
| AES-CBC | S-S VPN | S-S VPN IPSec/IKE Session Keys | G/E/Z | AES-CBC | |||
| KTS | KTS | AES-CCM | |||||
| KTS | KTS | AES-GCM | |||||
| KAS | S-S VPN | S-S VPN IPSec/IKE DHE/ECDHE Private Components | KAS | G/E/Z | KDF IKEv2 | ||
| N/A | S-S VPN | S-S VPN IPSec Pre-Shared Keys | N/A | W/E | |||
| ECDSA SigVer (FIPS 186-4) | S-S VPN | ECDSA Public Keys | ECDSA SigVer (FIPS 186-4) | W/E | |||
| RSA SigVer (FIPS 186-4) | S-S VPN | RSA Public Keys | RSA SigVer (FIPS 186-4) | W/E | |||
| RSA SigGen (FIPS 186-4) | RA VPN | RSA Private Keys | RSA SigGen (FIPS 186-4) | E | |||
| ECDSA SigGen (FIPS 186-4) | RA VPN | ECDSA Private Keys | ECDSA SigGen (FIPS 186-4) | E | |||
| KAS | RA VPN | TLS Pre-Master Secret | KAS | G/E/Z | TLS v1.2 KDF RFC7627 | ||
| TLS v1.2 KDF RFC7627 | TLS Master Secret | G/E/Z | TLS v1.2 KDF RFC7627 | ||||
| CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes | RA VPN | TLS DHE/ECDHE Public Components | G/E/R/W/Z | CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes | |||
| TLS DHE/ECDHE Private Components | RA VPN | TLS DHE/ECDHE Private Components | G/E/Z | ||||
| KTS | RA VPN | TLS HMAC Keys | KTS | G/E/Z | HMAC-SHA2- 256 HMAC-SHA2- 384 | ||
| AES-CBC | RA VPN | TLS Encryption Keys | G/E/Z | AES-CBC | |||
| KTS | KTS | AES-GCM | |||||
| CKG, AES-CBC or AES-GCM | RA VPN | RA VPN IPSec Session Keys | CKG, AES-CBC or AES-GCM | G/E/Z | |||
| CKG, HMAC-SHA-1 | RA VPN | RA VPN IPSec Authentication | CKG, HMAC-SHA-1 | G/E/Z | |||
| Counter DRBG | RA VPN | DRBG Seed | Counter DRBG | G/E | |||
| RSA SigVer (FIPS 186-4)) ECDSA SigVer (FIPS 186-4) | RA VPN | CA Certificates | RSA SigVer (FIPS 186-4)) ECDSA SigVer (FIPS 186-4) | W/E | |||
| ECDSA SigVer (FIPS 186-4) | RA VPN | ECDSA Public Keys | ECDSA SigVer (FIPS 186-4) | W/E | |||
| RSA SigVer (FIPS 186-4) | RA VPN | RSA Public Keys | RSA SigVer (FIPS 186-4) | W/E | |||
| Firmware Update | Provides a method to update the firmware of the module | CO | Public key for firmware content load test Note: Includes all keys from Other Configuration | RSA SigVer (FIPS 186-4) | E | Configuration/System Logs | |
| Zeroize | Destroys all keys in the module | CO | All keys and SSPs | N/A | Z | Zeroization indicator | |
| Self-Test | Initiates self-tests and integrity test | CO | Software integrity verification key | HMAC-SHA2-256, ECDSA SigVer (FIPS 186-4) | E | System Logs | |
| Show Status | Provides status of the module | All | N/A | N/A | R | LEDs |
The minimum equivalent strength supported is 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 288,000,000/(2112), which is less than 1/100,000. The fastest firewall supports at most 288,000,000 new sessions per second to authenticate in a one-minute period. The table below defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. Table 8 - Approved Services © 2024 Palo Alto Networks, Inc. N/A HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2256 N/A N/A G/W/E G/W/E G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/Z PAN-OS 11.0 Firewalls Security Policy 27
G/E/Z G/E/Z G/E/R/W/Z G/E/W G/E W/E W/E G/E/Z G/E/Z W/E G/R/E/W G/R/E/W G/R/E/W G/R/E/W W/E W/E G/W/E G/W/E G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/Z G/E/R/W/Z © 2025 Palo Alto Networks, Inc.
N/A © 2024 Palo Alto Networks, Inc. G/E/Z G/E/Z G/E/R/W/Z G/E/W G/E G/R/E/W W/E W/E E E G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E N/A G/E/R/W/Z PAN-OS 11.0 Firewalls Security Policy 29
HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 N/A
G/E/Z G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E/R/W/Z W/E W/E W/E E E G/E/Z G/E/Z G/E/R/W/Z G/E/Z © 2025 Palo Alto Networks, Inc.
HMAC-SHA2256 HMAC-SHA2384 N/A N/A G/E/Z G/E/Z G/E/Z G/E/Z G/E W/E W/E W/E E Z E N/A R Note: Configuration/System Logs for Approved services above will indicate FIPS-CC mode is enabled, configuration requirements from Section 11 are followed, and that the service succeeded. ECDSA Cert. #A3453) during the Pre-Operational Self-Test. In addition, the module also conducts the firmware load test by using RSA 2048 with SHA-256 (Cert. #A3453) for the new validated firmware to be uploaded into the module. The pre-operational self-tests can be initiated by power cycling the module. When this is performed, the module automatically runs the cryptographic algorithm self-tests in addition to the pre-operational firmware integrity test. 6.Operational Environment The FIPS 140-3 Operational Environment requirements are not applicable because the module does not contain a modifiable operational environment. The operational environment is limited since the modules include a firmware load service to support necessary updates. New firmware versions within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any other firmware loaded into these modules is out of the scope of this validation and requires a separate FIPS 140-3 validation. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 31
| Physical Security Mechanisms | Recommended Frequency of Inspection/Test | Inspection/Test Guidance Details |
|---|---|---|
| Tamper-Evident Seals (PA-7080, PA-7050, PA-5220, PA-5250, PA-5260, PA-5280, PA-3220, PA-3250, PA-3260,PA-410/440/450/460, PA-5450, PA-5410/5420/5430/5440, PA-3410/3420/3430/3440, PA-1410/1420, PA-415/PA-445, PA-820/PA-850) | 30 days | Verify integrity of tamper-evident seals in the locations identified in the Physical Kit Installation Guide. Seal integrity to be verified within the modules operating temperature range. |
| Top, Bottom, Front and Rear Opacity Shields (PA-7050 PA-5450) | 30 days | Verify that the plenums and opacity shields have not been deformed from their original shape, thereby reducing their effectiveness |
| Front and Rear Covers (PA-800 Series, PA-3220, PA-3250, PA-3260) | 30 days | Verify that front and rear covers have not been deformed from their original shape, thereby reducing their effectiveness |
| Front Cover (PA-7080, PA-5450, PA-5410/5420/5430/5440, PA-1410/1420, and PA-3410/3420/3430/3440) | 30 days | Verify that front cover has not been deformed from its original shape thereby reducing its effectiveness |
The multi-chip standalone modules are production quality containing standard passivation. Chip components are protected by an opaque enclosure. There are tamper evident seals that are applied on the modules by the Crypto-Officer. All unused seals are to be controlled by the Crypto-Officer. The seals prevent removal of the opaque enclosure without evidence. The Crypto-Officer must ensure that the module surface is clean and dry. Tamper evident seals must be pressed firmly onto the adhering surfaces during installation and once applied the Crypto- Officer shall permit 24 hours of cure time for all tamper-evident seals. The Crypto-Officer should inspect the seals and shields for evidence of tamper every 30 days. If the seals show evidence of tamper, the Crypto-Officer should assume that the modules have been compromised and contact Customer Support. Note: For ordering information, see tables in Cryptographic Module Specification for Kit part numbers and versions. Opacity shields and Tamper Seals are included for the kits. Refer to this document’s Appendices for instructions on installation of the tamper seals and opacity shields. 8.Non-Invasive Security No approved non-invasive attack mitigation test metrics are defined at this time.
© 2025 Palo Alto Networks, Inc.
| Name | Strength | Security Function | Generation | Establishment | Storage | Zeroization | Import Export | Key/SSP/Name/Ty pe |
|---|---|---|---|---|---|---|---|---|
| ECDSA/RSA Public key - Used to trust a root CA intermediate CA and leaf /end entity certificates (RSA 2048, 3072, and 4096 bits) (ECDSA P-256, P-384, and P-521) | 112 bits minimum | RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A3453 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | HDD – Zeroize Service RAM - Zeroize at session termination | TLS or SSH Session Key Encrypted | CA Certificates |
| RSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (RSA 2048, 3072, or 4096-bit) | 112 bits minimum | RSA SigVer (FIPS 186-4) Cert. #A3453 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | Zeroize Service | TLS or SSH Session Key Encrypted or Plaintext TLS handshake | RSA Public Keys |
| RSA Private keys for generation of signatures, authentication or key establishment. (RSA 2048, 3072, or 4096-bit) | 112 bits minimum | RSA SigGen (FIPS 186-4) Cert. #A3453 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | HDD – Zeroize Service RAM - Zeroize at session termination | TLS or SSH Session Key Encrypted | RSA Private Keys |
| ECDSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (ECDSA P-256, P-384, or P-521) | 128 bits minimum | ECDSA SigVer (FIPS 186-4) Cert. #A3453 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | Zeroize Service | TLS or SSH Session Key Encrypted or Plaintext TLS handshake | ECDSA Public Keys |
| ECDSA Private key for generation of signatures and authentication (P-256, P-384, or P-521) | 128 bits minimum | ECDSA SigGen (FIPS 186-4) Cert. #A3453 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | HDD – Zeroize Service RAM - Zeroize at session termination | TLS or SSH Session Key Encrypted | ECDSA Private Keys |
| Ephemeral Diffie-Hellman private FFC or EC component used in TLS (DHE 2048, ECDHE P-256, P-384, P-521) | 112 bits minimum | KAS-ECC-SS C KAS-FFC-SS C Cert. #A3453 | DRBG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Zeroize at session termination | N/A | TLS DHE/ECDHE Private Components |
| Diffie_Hellman or EC Diffie-Hellman Ephemeral values used in key agreement (DHE 2048, ECDHE P-256, P-384, P-521) | 112 bits minimum | KAS-ECC-SS C KAS-FFC-SS C Cert. #A3453 | DRBG, SP 800-56A Rev. 3 | N/A | N/A | Zeroize at session termination | Plaintext - TLS handshake | TLS DHE/ECDHE Public Components |
| Secret value used to derive the TLS Master Secret along with client and server random nonces | N/A | TLS v1.2 KDF RFC7627, Cert. #A3453 | KAS SP 800-56A Rev. 3 | N/A | RAM – plaintext | Zeroize at session termination | N/A | TLS Pre-Master Secret |
| Secret value used to derive the TLS session keys | N/A | TLS v1.2 KDF RFC7627 Cert. #A3453 | TLS v1.2 KDF RFC7627 | N/A | RAM – plaintext | Zeroize at session termination | N/A | TLS Master Secret |
| AES (128 or 256 bit) keys used in TLS connections (GCM; CBC) | 128 bits minimum | AES-CBC or AES-GCM Cert. #A3453 | TLS v1.2 KDF RFC7627 | TLS, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | TLS Encryption Keys |
| HMAC keys used in TLS connections (HMAC-SHA2-256 /384) ( 256, 384 bits) | 256 bits minimum | HMAC-SHA2 -256 HMAC-SHA2 -384 Cert. #A3453 | TLS v1.2 KDF RFC7627 | TLS, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | TLS HMAC Keys |
| Diffie Hellman or EC Diffie-Hellman private (DH Group 14, ECDH P-256, ECDH P-384, ECDH P-521) | 112 bits minimum | KAS-ECC-SS C KAS-FFC-SS C Cert. #A3453 | DRBG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Zeroize at session termination | N/A | SSH DHE/ECDHE Private Components |
| Diffie Hellman or EC Diffie-Hellman public component (DH Group 14, ECDH P-256, ECDH P-384, ECDH P-521) | 112 bits minimum | KAS-ECC-SS C KAS-FFC-SS C Cert. #A3453 | DRBG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Zeroize at session termination | Plaintext SSH handshake | SSH DHE/ECDHE Public Components |
| SSH Host Public Key (RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521) | 112 bits minimum | RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A3453 | DRBG, FIPS 186-4 | N/A | HDD/RAM – plaintext | Zeroize Service | N/A | SSH Host Public Key |
| Public RSA key used to authenticate client. (RSA 2048, 3072, and 4096 bits) | 112 bits minimum | RSA SigVer (FIPS 186-4) Cert. #A3453 | N/A | N/A | HDD/RAM – plaintext | Zeroize Service | Encrypted via SSH or TLS | SSH Client Public Key |
| Used in all SSH connections to the security module’s command line interface. (128, 192, or 256 bits: AES CBC or CTR) (128 or 256 bits: AES GCM) | 128 bits minimum | AES-CBC, AES-CTR, or AES-GCM Cert. #A3453 | KDF SSH | SSH, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | SSH Session Encryption Keys |
| Authentication keys used in all SSH connections to the security module’s command line interface (HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-512) (160, 256, 512 bits) | 160 bits minimum | HMAC-SHA- 1 HMAC-SHA2 -256 HMAC-SHA2 -512 Cert. #A3453 | KDF SSH | SSH, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | SSH Session Authentication Keys |
| Diffie-Hellman or EC Diffie-Hellman private component used in key establishment (DHE 2048, DHE 3072, DHE 4096, | 112 bits minimum | KAS-ECC-SS C KAS-FFC-SS C Cert. #A3453 | DBRG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Power cycle | N/A | S-S VPN IPSec/IKE DHE or ECDHE Private Components |
| Diffie-Hellman or EC Diffie-Hellman public component used in key agreement (DHE 2048, DHE 3072, DHE 4096, ECDHE P-256, P-384, P-521) | 112 bits minimum | KAS-ECC-SS C KAS-FFC-SS C Cert. #A3453 | DRBG, SP 800-56A Rev. 3 | N/A | RAM - plaintext | Power cycle | N/A | S-S VPN IPSec/IKE DHE or ECDHE Public Components |
| Used to encrypt IKE/IPSec data. These are AES (128, 192, or 256 CBC) IKE keys and (128, 192 or 256 CBC, 128 CCM, 128 or 256 GCM) IPSec keys | 128 bits minimum | AES-CBC, AES-CCM, AES-GCM Cert. #A3453 | KDF IKEv2 | IPSec/IKE, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | S-S VPN IPSec/IKE Session Keys |
| (HMAC-SHA-1, SHA-256, SHA-384 or SHA-512) Used to authenticate the peer in an IKE/IPSec tunnel connection. (160, 256, 384, 512 bits) | 160 bits minimum | HMAC-SHA- 1 HMAC-SHA2 -256 HMAC-SHA2 -384 HMAC-SHA2 -512 Cert. #A3453 | KDF IKEv2 | IPSec/IKE, KAS SP 800-56A Rev. 3 | RAM - plaintext | Zeroize at session termination | N/A | S-S VPN IPSec/IKE Authentication Keys |
| PSK used in conjunction with HMAC listed above for authentication. Entered into the module by the Crypto Officer once authenticated | N/A | N/A | N/A | N/A | HDD/RAM – plaintext | Zeroize Service | Encrypted via SSH or TLS | S-S VPN IPSec Pre-Shared Keys |
| Used to encrypt remote access sessions utilizing IPSec. (AES 128-CBC, 128/256-GCM) | 128 bits minimum | AES-CBC or AES-GCM Cert. #A3453 | CKG, DRBG | N/A | RAM - plaintext | Zeroize at session termination | N/A | RA VPN IPSec Session Keys |
| (HMAC-SHA-1, 160 bits) Used in authentication of remote access IPSec data. | 160 bits | HMAC-SHA- 1 Cert. #A3453 | CKG, DRBG | N/A | RAM - plaintext | Zeroize at session termination | N/A | RA VPN IPSec Authentication |
| Used to check the integrity of all software code (HMAC-SHA-256 and ECDSA P-256) (Note: This is not considered an SSP) | 128 bits | HMAC-SHA2 -256, ECDSA SigVer (FIPS 186-4) Cert. #A3453 | N/A | N/A | HDD - plaintext | N/A | N/A | Firmware integrity verification key |
| Used to authenticate software/firmware and content to be installed on the firewall (RSA 2048 with SHA-256) | 112 bits | RSA SigVer (FIPS 186-4) Cert. #A3453 | N/A | N/A | HDD - plaintext | N/A | N/A | Public key for firmware content load test |
| Authentication string with a minimum length of eight (8) characters. | N/A | SHA2-256 Cert. #A3453 | External | N/A | HDD - a password hash (SHA2-256) | Zeroize Service | Encrypted via SSH or TLS | CO, User, RA VPN Password |
| Secrets used by RADIUS or TACACS+ (8 characters minimum) | N/A | N/A | N/A | N/A | HDD/RAM – plaintext | Zeroize Service | Encrypted via IPSEC, SSH or TLS | Protocol Secrets |
| Entropy input string coming from the entropy source Input length = 384 bits | 384 bits (Palo Alto Networks DRNG Entropy Source) 77,598 bits (AMD Random Number Generator) 194 bits (Octeon III Entropy Source) | CKG (vendor affirmed), Counter DRBG Cert. #A3453 | Entropy as per SP 800-90B | N/A | RAM - plaintext | Power cycle | N/A | Entropy Input String |
| DRBG seed coming from the entropy source Seed length = 384 bits | 384 bits (Palo Alto Networks DRNG Entropy Source) 77,598 bits (AMD Random Number Generator) 194 bits (Octeon III Entropy Source) | CKG (vendor affirmed), Counter DRBG Cert. #A3453 | Entropy as per SP 800-90B | N/A | RAM - Plaintext | Power cycle | N/A | DRBG Seed |
| AES 256 CTR DRBG state Key used in the generation of a random values | 256 bits | CKG (vendor affirmed), Counter DRBG Cert. #A3453 | Entropy as per SP 800-90B | N/A | RAM - plaintext | Power cycle | N/A | DRBG Key |
| AES 256 CTR DRBG state V used in the generation of a random values | 128 bits | CKG (vendor affirmed), Counter DRBG Cert. #A3453 | Entropy as per SP 800-90B | N/A | RAM - plaintext | Power cycle | N/A | DRBG V |
| Used to support SNMPv3 services (Minimum 8 characters) | N/A | KDF SNMP Cert. #A3453 | N/A | N/A | HDD/RAM – plaintext | Zeroize Service | Encrypted via TLS/SSH | SNMPv3 Authentication Secret |
| Used to support SNMPv3 services (Minimum 8 characters) | N/A | KDF SNMP Cert. #A3453 | N/A | N/A | HDD/RAM – plaintext | Zeroize Service | Encrypted via TLS/SSH | SNMPv3 Privacy Secret |
| HMAC–SHA-1/224 /256/384/512 Authentication protocol key (160 bits) | 160 bits minimum | HMAC-SHA- 1 HMAC-SHA2 -224 HMAC-SHA2 -256 HMAC-SHA2 -384 HMAC-SHA2 -512 Cert. #A3453 | KDF SNMP | N/A | HDD/RAM - Plaintext | Zeroize Service | N/A | Authentication Key |
| Privacy protocol encryption key (AES 128/192/256 CFB) | 128 bits minimum | AES-CFB Cert. #A3453 | KDF SNMP | N/A | HDD/RAM - Plaintext | Zeroize Service | N/A | Session Key |
9.Sensitive Security Parameter Management The following table details all the sensitive security parameters utilized by the module. Table 10 - SSPs N/A N/A N/A N/A N/A C C N/A N/A C C N/A N/A © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 33
© 2025 Palo Alto Networks, Inc.
C C N/A N/A N/A HMAC-SHA1 N/A N/A N/A N/A N/A N/A N/A HMAC-SHA1 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 35
| Name | Key Size | |
|---|---|---|
| Details | Minimum number of bits of entropy | Entropy Source |
| ESV Cert. #E68, E70, E71, E72, E73 Entropy source provides full entropy, which is provided in the 384 bit seed. | 384 bits | Palo Alto Networks DRNG Entropy Source |
| ESV Cert. #E27 The entropy source provides 1.31221 bits of entropy per 128-bit output. The DRBG is seeded with at least 7569408 bits of output from the entropy source. Therefore, the DRBG is seeded with at least 77,598 bits of entropy before generating keys. [PA-5410/5420/5430/5440] | 77,598 bits | AMD Random Number Generator |
| ESV Cert. #E128 The entropy source provides at least 0.506 bits of entropy per bit of output. The DRBG is seeded with 384-bits of output from the entropy source. Therefore the DRBG is seeded with at least 194 bits of entropy before generating keys. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy. [PA-800/PA-3200/PA-5200/PA-7000] | 194 bits | Octeon III Entropy Source |
Note: SSPs are implicitly zeroized when power is lost, or explicitly zeroized by the zeroize service. In the case of implicit zeroization, the SSPs are implicitly overwritten with random values due to their ephemeral memory being reset upon power loss. For the zeroization service and zeroization at session termination, the SSP's memory location is overwritten with random values. Table 11 - Non-Deterministic Random Number Generation Specification 10. Self-Tests The cryptographic module automatically performs the following tests below. The operator can command the module to perform the pre-operational and cryptographic algorithm self-tests by cycling power of the module; these tests do not require any additional operator action. Pre-operational Self-Tests Pre-operational Firmware Integrity Test
Conditional self-tests Cryptographic algorithm self-tests
© 2025 Palo Alto Networks, Inc.
| Cause of Error | Error State Indicator |
|---|---|
| Conditional Cryptographic Algorithm Self-Test or Software Integrity Test Failure | FIPS-CC mode failure. <Algorithm test> failed. |
| Conditional Pairwise Consistency or Critical Functions Test Failure | System log prints an error message. |
| Conditional Software Load Test Failure | System prints Invalid image message. |
Table 12 - Errors and Indicators 11. Life-Cycle Assurance The vendor provided life-cycle assurance documentation describes configuration management, design, finite state model, development, testing, delivery & operation, end of life procedures, and guidance. For details regarding the approved mode of operation, see “Approved Mode of Operation''. For details regarding secure installation, initialization, startup, and operation of the module, see below. Palo Alto Network provides an Administrator Guide for additional information noted in the “Reference Documents” section of this Security Policy. Module Enforced Security Rules The module design corresponds to the module security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-3 Level 2 module. 1. The cryptographic module provides four distinct operator roles. These are the User role, Remote Access VPN role, Site-to-site VPN role, and the Cryptographic Officer role. 2. The cryptographic module provides identity-based authentication. 3. The cryptographic module clears previous authentications on each power cycle. 4. When the module has not been placed in a valid role, the operator does not have access to any cryptographic services. 5. Data output is inhibited during power-up self-tests, zeroization and error states. 6. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 7. There are no restrictions on which keys or SSPs are zeroized by the zeroization service. 8. The module maintains separation between concurrent operators. 9. The module does not support a maintenance interface or role. 10. The module does not have any external input/output devices used for entry/output of data. 11. The module does not enter or output plaintext SSPs. 12. The module does not output intermediate key generation values. 13. Pre-shared keys used for IKE/IPSec must be at least 6 bytes in length, but no more than 255 bytes. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 39
Vendor imposed security rules In FIPS-CC mode, the following rules shall apply: 1. The operator shall not enable TLSv1.0 or use RSA for key wrapping; it is disabled by default a. Checked via CLI using “show shared” command 2. The operator should not enable TLSv1.3, it is disabled by default. a. Checked via CLI using “show profiles” command 3. If using RADIUS, it must be configured using TLS. a. Checked via CLI using “show shared” command 4. If using TACACS+, configure the service route via an IPSec tunnel, and ensure the TACACS+ server is configured for a minimum password length of eight (8) characters or greater. a. Checked via CLI using “show deviceconfig” command
© 2025 Palo Alto Networks, Inc.
USB
Appendix B - PA-415 - FIPS Accessories/Tamper Seal Installation (5 Seals) The PA-415 requires 5 tamper labels in the following locations. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels. Affix the tamper labels as shown below: Attach one label on the top side that wraps around the rear side of the module: Affix four labels on the bottom of the device. One on each side that wraps to the bottom of the module, and two in locations
Appendix C - PA-440/450/460 FIPS Accessories/Tamper Seal Installation (4 Seals) The PA-440/450/460 require four tamper labels that are placed at the same location as the modules have the same enclosure. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels. Affix the tamper labels on the rear of the module as shown below:
© 2025 Palo Alto Networks, Inc.
Appendix D - PA-445 FIPS Accessories/Tamper Seal Installation (8 Seals) The Physical Kit for this module requires 8 tamper labels. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels. Placement is as follows. Apply 6 seals on the top of the module: Place one seal on the right and one seal on the left of the module: © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 43
Appendix E - PA-1400 and PA-3400 Series FIPS Accessories/Tamper Seal Installation (12 Seals) The PA-1410/PA-1420 and PA-3410/PA-3420/PA-3430/PA-3440 require 12 tamper labels that are placed at the same location on all devices in the series. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels and opacity shields. Affix the tamper labels and install the opacity shields on the module as shown below in the diagrams. Install the front opacity shield as such:
© 2025 Palo Alto Networks, Inc.
Note: Depending on the module, there may be 1 or 2 power supplies provided. Regardless of 1 or 2 being installed, the location of the tamper label is the same. Appendix F
2. Attach the bracket to the firewall that will be used. Note: The firewall can use a mid-mount, front-mount or four-post mount. All seal placement is the same for the various use cases.
© 2025 Palo Alto Networks, Inc.
3. Place 19 tamper seals on the module. Note: Tamper seal placement is the same for all mount types. Seal #16 is required only for the front-mount of four-post rack installations. It is not required for the mid-mount installation © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 47
Appendix G - PA-5200- FIPS Accessories/Tamper Seal Installation (28 Seals) The PA-5220/PA-5250/PA-5260/PA-5280 require 28 tamper labels that are placed at the same location on all devices in the series. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels and opacity shields. Affix the tamper labels and install the opacity shields as shown in the below diagrams. 1. Place the firewall upside down on a flat Electrostatic Discharge (ESD) protected surface and ground yourself by touching a metal surface on the firewall. 2. Install power cables: plug the power cords in to the power inlets located on the back of the firewall and connect the ground lug and ground cable to the ground lug bolts (you cannot access these back ports after you attach the FIPS back cover). 3. Place the FIPS back cover onto the back of the firewall and attach it to the firewall using four (4) #8-32 x 1/4” screws (two (2) screws on each side of the cover). Route the power cables through the back-cover cable-guide openings. 4. Attach the FIPS back-cover panel to the FIPS back cover using four (4) #4-40 x 1/4” screws (one (1) screw on each side of the cover and two (2) screws on the back of the cover).
© 2025 Palo Alto Networks, Inc.
5. Place the FIPS front cover onto the front of the firewall and place the rack-mount brackets over the holes on the front cover. Attach the front cover and rack-mount brackets to the firewall using eighteen (18) #8-32 x 5/16” screws (shipped with the firewall)—use nine (9) screws on each side. 6. Apply a tamper-evident seal to each location shown in the illustrations (28 seals). © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 49
© 2025 Palo Alto Networks, Inc.
© 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 51
Appendix F - PA-5450 FIPS Accessories/Tamper Seal Installation (12 Seals) The PA-5450 requires twelve tamper seals. Follow the directions below to install the Physical Kit. Affix 7 seals at the locations on the rear of the device: On the top cover of the module, place one seal at the following location: Affix the front opacity shield to the front of the device and screw into the locations as below:
© 2025 Palo Alto Networks, Inc.
Finalize the process by adding four seals at the following locations to secure the screws: © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 53
Appendix H - PA-5400 Series FIPS Accessories/Tamper Seal Installation (11 Seals) The PA-5410/PA-5420/PA-5430/PA-5430 require 11 tamper labels. The location of the tamper labels placement is the same for all models in the series. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels and opacity shields. Affix the tamper labels and install the opacity shields as shown in the below diagrams.
© 2025 Palo Alto Networks, Inc.
Appendix I - PA-7050 - FIPS Accessories/Tamper Seal Installation (24 Seals) The PA-7050 requires 24 tamper labels. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels and opacity shields. Affix the tamper labels and install the opacity shields as shown in the below diagrams. 1. Attach front right rack mount brackets in 4-post rack position. Do not attach rear rack mount brackets. Note that brackets are rotated 180 degrees, so the screw holes lineup and the rack mount holes are now on the front of the chassis. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 55
2. Align right plenum bracket with five (5) open screw holes. Attach air plenum brackets using five (5) of the remaining bracket screws as shown. Repeat for left side. 3. Attach bottom plenum to the front right rack mount bracket. Place only the middle two (2) screws.
© 2025 Palo Alto Networks, Inc.
4. Attach the bottom plenum to the rearward right plenum bracket. 5. Rotate PA-7050 chassis clockwise 90 degrees onto the bottom plenum. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 57
6. Assemble top plenum and cable guide hardware. 7. Attach top plenum to the front left rack mount bracket
© 2025 Palo Alto Networks, Inc.
8. Attach front opacity shield using the four (4) captive screws 9. Attach top plenum to the rearward left plenum bracket along with plenum’s rear opacity shield as shown © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 59
10. Loosen four (4) screws on the panel containing the power supply vent. Insert the power supply vent opacity shield and tighten screws. 11. Facing the front of the module, affix two (2) seals to top of the front opacity shield, one (1) near left edge and one (1) near the right edge. Ensure the seals, when placed, overlap onto the top of the plenum, as shown. (2 total)
© 2025 Palo Alto Networks, Inc.
12. Facing the front of the module affix one (1) seal centered to the bottom of the front opacity shield to the bottom air plenum, as shown. (1 total) 13. Facing the rear of the module, affix two (2) seals to top of the rear opacity shield, one (1) near left edge and one (1) near the right edge. Ensure the seals, when placed, overlap onto the top of the plenum, as shown. (2 total) © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 61
14. Facing the rear of the module; A. Affix one (1) seal to the top plenum/opacity shield, covering the left and right outermost screws, as shown. B. Affix one (1) seal to the left and right edge of the top plenum bracket folding over the outer edge of the module, as shown. C. Affix one (1) seal to the top of each rear panel (three (3). Ensure that the seals lap onto the top rear plenum brackets, as shown. (7 total)
© 2025 Palo Alto Networks, Inc.
15. Facing the rear of the module, A. Affix one (1) seal to the bottom of each rear panel (three (3). Ensure that the seals laps onto the bottom rear plenum brackets, as shown. B. Affix one (1) seal to the left and right edge of the bottom plenum bracket folding over the outer edge of the module, as shown. C. Affix one (1) seal to the bottom plenum’s rear side and the bottom plenum rear bracket. (6 total) © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 63
16. Facing the rear of the module;
© 2025 Palo Alto Networks, Inc.
Appendix J - PA-7080 - FIPS Accessories/Tamper Seal Installation (10 Seals) The PA-7080 requires 10 tamper labels. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels and opacity shields. Affix the tamper labels and install the opacity shields as shown in the below diagrams. 1. Using the supplied screws attach the Cable Manager Kit with upper opacity lip to the front of the PA-7080, as shown. 2. Using the supplied screws, attach the Left and Right Front Cover brackets to the sides of the PA-7080, as shown. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 65
3. Using the supplied screws attach front opacity shield to the PA-7080 as shown. 4. The final assembly for the PA-7080 with the Physical Kit is as shown.
© 2025 Palo Alto Networks, Inc.
5. Facing the front of the PA-7080: A. Affix one (1) seal to the front and center of the exhaust fan tray. Ensure the seal overlaps the seam with the front PA-7080 branding panel as shown. (1 total) B. Affix one (1) seal to the left and right outer edge of mounting flanges for the front opacity shield. Seals should fold over the edge of the cover flange and mounting bracket onto the side of the PA-7080. (2 total) C. Affix one (1) seal to the front and center of the air intake fan tray. Ensure the seal overlaps the seam with the PA-7080 electrostatic discharge port panel as shown. (1 total) © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 67
6. Facing the rear of the PA-7080; D. Affix one (1) seal to the left and right outer edge of the upper back panel. Seals should be placed just below the rear exhaust vent as shown. Seals should wrap around onto the sides of the PA-7080 (2 total). E. Affix one (1) seal to the left and right outer edges of each power entry module as shown. Seals should wrap around onto the sides of the PA-7080 (4 total).
© 2025 Palo Alto Networks, Inc.
© 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 69
Appendix K - PA-800 Series - FIPS Accessories/Tamper Seal Installation (11 Seals) The PA-820/PA-850 require 11 tamper labels. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels and opacity shields. Affix the tamper labels and install the opacity shields as shown in the below diagrams. 1. Place the firewall on a flat Electrostatic Discharge (ESD) protected surface and ground yourself by touching a metal surface on the firewall. 2. Place the physical kit back cover onto the back of the firewall and attach it using four #4-40 x 5/16 screws (two screws on each side of the back cover). 3. Insert the front (network, management, and console) cables in to the front ports. 4. Place the physical kit front cover onto the front of the firewall and place the rack-mount brackets over the holes on the front cover. Attach the front cover and rack-mount brackets to the firewall using eight (8) #6-32 x 5/16” rack-mount bracket screws (shipped with the firewall)—use four (4) screws on each side. Route the front cables through the front-cover cable-guide opening.
© 2025 Palo Alto Networks, Inc.
5. Apply a tamper-evident seal to each location shown in the following illustrations (eleven (11) seals total). The seal placement over the power supply of the PA-820 firewall and PA-850 firewall is slightly different as shown. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 71
© 2025 Palo Alto Networks, Inc.