All modules
CMVP Validated Module · FIPS 140-3 Security Policy

PAN-OS 11.0 running on PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs

Certificate#4829StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorPalo Alto Networks, Inc.
Low review priority  ·  exposes firmware-update authentication, debug/recovery interface  ·  last validated 10 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date10/10/2026
CaveatInterim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy
VendorPalo Alto Networks, Inc.
Hardware versions910-000102 with components 910-000185, 910-000169, 910-000183 and 910-000156 with Physical Kit 920-000112 [1], 910-000122 with components 910-000186, 910-000169, 910-000183 and 910-000156 with Physical Kit 920-000119 [1], 910-000223 with components 920-000293, 910-000195, 910-000194 and 910-000204 with Physical Kit 920-000309 [1], [910-000119 and 910-000120] with Physical Kit 920-000185 [1], [910-000125, 910-000131, 910-000132, and 910-000157] with Physical Kit 920-000186 [1], [910-000162, 910-000163, and 910-000164] with Physical Kit 920-000212 [1], [910-000212, 910-000230, 910-000231, and 910-000232] with Physical Kit 920-000454 [1], [910-000241, 910-000242, 910-000243, and 910-000244] with Physical Kit 920-000333 [1], [910-000252, 910-000253, 910-000254, and 910-000255] with Physical Kit 920-000320 [2], [910-000267 and 910-000269] with Physical Kit 920-000392 [1], and [910-000280 and 910-000281] with Physical Kit 920-000455 [1]

Approved Algorithms (35)

AlgorithmACVP Cert
AES-CBCA3453
AES-CCMA3453
AES-CFB128A3453
AES-CTRA3453
AES-GCMA3453
Conditioning Component AES-CBC-MAC SP800-90BA2138
Conditioning Component AES-CBC-MAC SP800-90BA2153
Conditioning Component AES-CBC-MAC SP800-90BA2165
Conditioning Component AES-CBC-MAC SP800-90BA2541
Counter DRBGA3453
ECDSA KeyGen (FIPS186-4)A3453
ECDSA KeyVer (FIPS186-4)A3453
ECDSA SigGen (FIPS186-4)A3453
ECDSA SigVer (FIPS186-4)A3453
HMAC-SHA-1A3453
HMAC-SHA2-224A3453
HMAC-SHA2-256A3453
HMAC-SHA2-384A3453
HMAC-SHA2-512A3453
KAS-ECC-SSC Sp800-56Ar3A3453
KAS-FFC-SSC Sp800-56Ar3A3453
KDF IKEv2A3453
KDF SNMPA3453
KDF SSHA3453
RSA KeyGen (FIPS186-4)A3453
RSA SigGen (FIPS186-4)A3453
RSA SigVer (FIPS186-4)A3453
Safe Primes Key GenerationA3453
Safe Primes Key VerificationA3453
SHA-1A3453
SHA2-224A3453
SHA2-256A3453
SHA2-384A3453
SHA2-512A3453
TLS v1.2 KDF RFC7627A3453

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces2
Software/Firmware Security2
Operational EnvironmentN/A
Physical Security2
Non-Invasive SecurityN/A
Sensitive Security Parameter Management2
Self-Tests2
Life-Cycle Assurance3
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for PAN-OS 11.0 running on PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>11.0.3-h12 [1] and 11.0.6-h2 [2]</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Update</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show Status<br/>Zeroize<br/>Self-Tests</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>Micro USB Console (PA-800 Series, PA-1400 Series,…<br/>RJ45 Console<br/>RJ45 Ethernet</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C4,C5,C6 clue;
  class I1,I2,I3,I4,I5,I6 infer;
  class R1,R2,R3,R4,R5,R6 risk;
  class E1,E2,E3,E4,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for PAN-OS 11.0 running on PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>11.0.3-h12 [1] and 11.0.6-h2 [2]</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Update</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show Status<br/>Zeroize<br/>Self-Tests</i><br/>src: securityPolicy.services"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>Micro USB Console (PA-800 Series, PA-1400 Series,…<br/>RJ45 Console<br/>RJ45 Ethernet</i><br/>src: securityPolicy.portsAndInterfaces"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3,C4 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

PAN-OS 11.0 running on PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs Version: 1.3 Revision Date: May 6, 2025 Palo Alto Networks, Inc.​ www.paloaltonetworks.com​ © 2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. This document may be freely reproduced and

Page 2
Table of Contents
#SectionPage
1General​3
2Cryptographic Module Specification​3
3Cryptographic Module Interfaces​23
4Roles, Services, and Authentication​25
5Software/Firmware Security​31
6Operational Environment​31
7Physical Security​32
8Non-Invasive Security​32
9Sensitive Security Parameter Management​33
10Self-Tests​37
11Life-Cycle Assurance​39
12Mitigation of Other Attacks​40
13Definitions and Acronyms​40
14Reference Documents​41
1General2
2Cryptographic Module Specification2
3Cryptographic Module Interfaces2
4Roles, Services, Authentication3
5Software/Firmware Security2
7Physical Security2
9Sensitive Security Parameter Management2
10Self-Tests2
11Life-Cycle Assurance3
Page 3
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic Module Specification2
33Cryptographic Module Interfaces2
44Roles, Services, Authentication3
55Software/Firmware Security2
66Operational EnvironmentN/A
77Physical Security2
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management2
1010Self-Tests2
1111Life-Cycle Assurance3
1212Mitigation of Other AttacksN/A
Overall LevelOverall Level2

Palo Alto Networks offers a full line of next-generation security appliances. Our platform architecture is based on our single-pass engine, PAN-OS, for networking, security, threat prevention, and management functionality that is consistent across all platforms. The devices differ only in capacities, performance, and physical configuration. The cryptographic modules meet the overall requirements applicable to Level 2 security of FIPS 140-3. Table 1 - Security Levels N/A N/A N/A Purpose The Palo Alto Networks PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs (hereafter referred to as the modules) are multi-chip standalone hardware modules that provide network security by enabling enterprises to see and control applications, users, and content

Page 4
4 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 5
Module configuration
NameModelHardware VersionFirmware VersionFeatures
PA-410PA-410910-000231, Physical Kit: 920-00045411.0.3-h12RJ45 interfaces, USB, LED, Power supply, Ground stud
PA-415PA-415910-000280, Physical Kit: 920-00045511.0.3-h12RJ45 ports, SFP/SFP+ ports, USB ports, Micro-USB, LED, Power
PA-440PA-440910-000212, Physical Kit: 920-00045411.0.3-h12RJ 45 interfaces, USB, LEDs, Micro USB
PA-445PA-445910-000281, Physical Kit: 920-00045511.0.3-h12RJ 45 interfaces, USB, LEDs, Micro USB
PA-450PA-450910-000232, Physical Kit: 920-00045411.0.3-h12RJ 45 interfaces, USB, LEDs, Micro USB
PA-460PA-460910-000230, Physical Kit: 920-00045411.0.3-h12RJ 45 interfaces, USB, LEDs, 1 Micro USB
PA-820PA-820910-000120, Physical Kit: 920-00018511.0.3-h12RJ45 Ports, Micro-USB, SFP, SFP/SFP+, Power, LEDs, USB
PA-850PA-850910-000119, Physical Kit: 920-00018511.0.3-h12RJ45 Ports, Micro-USB, SFP, SFP/SFP+, Power, LEDs, USB
PA-1410PA-1410910-000267, Physical Kit: 920-00039211.0.3-h12RJ45 ports, SFP/SFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power
PA-1420PA-1420910-000269, Physical Kit: 920-00039211.0.3-h12RJ45 ports, SFP/SFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power
PA-3220PA-3220910-000162, Physical Kit: 920-00021211.0.3-h12RJ45 ports, SFP/SFP+ ports, QSFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power
PA-3250PA-3250910-000163, Physical Kit: 920-00021211.0.3-h12RJ45 ports, SFP/SFP+ ports, QSFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power
PA-3260PA-3260910-000164, Physical Kit: 920-00021211.0.3-h12RJ45 ports, SFP/SFP+ ports, QSFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power
PA-3410PA-3410910-000241, Physical Kit: 920-00033311.0.3-h121 x 1000Base-T (management) - RJ-45, 1 x 10Gb Ethernet (HA) - SFP+, 1 x console - RJ-45, 1 x management (USB) - micro-USB, 10 x 1Gb Ethernet/10Gb Ethernet - SFP/SFP+, 12 x 1/2.5/5/10GBase-T - RJ-45, 2 x 1000Base-T (HA) - RJ-45, 4 x 25Gb Ethernet - SFP28
PA-3420PA-3420910-000242, Physical Kit: 920-00033311.0.3-h121 x 1000Base-T (management) - RJ-45, 1 x 10Gb Ethernet (HA) - SFP+, 1 x console - RJ-45, 1 x management (USB) - micro-USB, 10 x 1Gb Ethernet/10Gb Ethernet - SFP/SFP+, 12 x 1/2.5/5/10GBase-T - RJ-45, 2 x 1000Base-T (HA) - RJ-45, 4 x 25Gb Ethernet - SFP28
PA-3430PA-3430910-000243, Physical Kit: 920-00033311.0.3-h121 x 1000Base-T (management) - RJ-45, 1 x 10Gb Ethernet (HA) - SFP+, 1 x console - RJ-45, 1 x management (USB) - micro-USB, 10 x 1Gb Ethernet/10Gb Ethernet - SFP/SFP+, 12 x 1/2.5/5/10GBase-T - RJ-45, 2 x 1000Base-T (HA) - RJ-45, 4 x 25Gb Ethernet - SFP28
PA-3440PA-3440910-000244, Physical Kit: 920-00033311.0.3-h121 x 1000Base-T (management) - RJ-45, 1 x 10Gb Ethernet (HA) - SFP+, 1 x console - RJ-45, 1 x management (USB) - micro-USB, 10 x 1Gb Ethernet/10Gb Ethernet - SFP/SFP+, 12 x 1/2.5/5/10GBase-T - RJ-45, 2 x 1000Base-T (HA) - RJ-45, 4 x 25Gb Ethernet - SFP28
PA-5220PA-5220910-000132, Physical Kit: 920-00018611.0.3-h12RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5250PA-5250910-000131, Physical Kit: 920-00018611.0.3-h12RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5260PA-5260910-000125, Physical Kit: 920-00018611.0.3-h12RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5280PA-5280910-000157, Physical Kit: 920-00018611.0.3-h12RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5410PA-5410910-000252, Physical Kit: 920-00032011.0.6-h21 x 1000Base-X (management) – SFP, 1 x 40Gb Ethernet (management) - QSFP+, 1 x console - RJ-45, 1 x micro-USB, 12 x 10Gb Ethernet - SFP+, 2 x 1 Gigabit Ethernet (High Availability) – SFP, 4 x 25Gb Ethernet - SFP28, 4 x 40Gb Ethernet/100Gb Ethernet - QSFP28, 8 x 1/2.5/5/10GBase-T - RJ-45
PA-5420PA-5420910-000253, Physical Kit: 920-00032011.0.6-h21 x 1000Base-X (management) – SFP, 1 x 40Gb Ethernet (management) - QSFP+, 1 x console - RJ-45, 1 x micro-USB, 12 x 10Gb Ethernet - SFP+, 2 x 1 Gigabit Ethernet (High Availability) – SFP, 4 x 25Gb Ethernet - SFP28, 4 x 40Gb Ethernet/100Gb Ethernet - QSFP28, 8 x 1/2.5/5/10GBase-T - RJ-45
PA-5430PA-5430910-000254, Physical Kit: 920-00032011.0.6-h21 x 1000Base-X (management) – SFP, 1 x 40Gb Ethernet (management) - QSFP+, 1 x console - RJ-45, 1 x micro-USB, 12 x 10Gb Ethernet - SFP+, 2 x 1 Gigabit Ethernet (High Availability) – SFP, 4 x 25Gb Ethernet - SFP28, 4 x 40Gb Ethernet/100Gb Ethernet - QSFP28, 8 x 1/2.5/5/10GBase-T - RJ-45
PA-5440PA-5440910-000255, Physical Kit: 920-00032011.0.6-h21 x 1000Base-X (management) – SFP, 1 x 40Gb Ethernet (management) - QSFP+, 1 x console - RJ-45, 1 x micro-USB, 12 x 10Gb Ethernet - SFP+, 2 x 1 Gigabit Ethernet (High Availability) – SFP, 4 x 25Gb Ethernet - SFP28, 4 x 40Gb Ethernet/100Gb Ethernet - QSFP28, 8 x 1/2.5/5/10GBase-T - RJ-45
PA-5450*PA-5450*910-000223, Physical Kit: 920-000309, PA-5400 BC-A: 920-000293, PA-5400 MPC-A: 910-000195, PA-5400 NC-A: 910-000194, PA-5400 DPC-A: 910-00020411.0.3-h12Networking cards, Data processing cards, Base cards, Management processor cards, Electrostatic Discharge, LEDs, Logging Drive Corner, USB, Console port, HSCI-A/B, Logging ports, Management Ports, HA ports, Ejector Tabs, RJ45, QSFP28, SFP/SFP+, Ground Studs, Fans, Power
PA-7050**PA-7050**910-000102, Physical Kit: 920-000112, PAN-PA-7050-SMC-B: 910-000185,11.0.3-h12Networking cards, Log/Data processing cards, Log forwarding cards, Management processor cards,
PAN-PA-7000-DPC-A: 910-000169, PAN-PA-7000-LFC-A: 910-000183, PAN-PA-7000-100G-NPC-A: 910-000156PAN-PA-7000-DPC-A: 910-000169, PAN-PA-7000-LFC-A: 910-000183, PAN-PA-7000-100G-NPC-A: 910-000156RJ45 ports, SFP ports, SFP+ ports, HSCI ports, QSFP+ ports, Power supply, Power Switch, LEDs, USB
PA-7080**PA-7080**910-000122, Physical Kit: 920-000119, PAN-PA-7080-SMC-B: 910-000186, PAN-PA-7000-DPC-A: 910-000169, PAN-PA-7000-LFC-A: 910-000183, PAN-PA-7000-100G-NPC-A: 910-00015611.0.3-h12Networking cards, Log/Data processing cards, Log forwarding cards, Management processor cards, RJ45 ports, SFP+, HSCI, QSFP+, Power Switch, LEDs, USB

© 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 5

Page 6
6 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 7

Table 2 - Cryptographic Module Tested Configuration The following procedure will put the modules into the Approved mode of operation:

Page 8
Approved algorithm
NameCAVP CertMode MethodKey SizeUse FunctionUse / Function
Conditioning Component AES-CBC-MAC SP 800-90BA2138AES-CBC-MAC128 bitsVetted conditioning component for ESV
A2153A2153Vetted conditioning component for ESV
A2165A2165Vetted conditioning component for ESV
A2541A2541Vetted conditioning component for ESV
AES-CBC [SP 800-38A]A3453CBC128, 192 and 256 bitsEncryption Decryption
AES-CCM [SP 800-38C]A3453CCM128 bitsEncryption Decryption
AES-CFB128 [SP 800-38A]A3453CFB128128 bitsEncryption Decryption
AES-CTR [SP 800-38A]A3453CTR128, 192 and 256 bitsEncryption Decryption
AES-GCM [SP 800-38D]A3453GCM**128 and 256 bitsEncryption Decryption
Counter DRBG [SP 800-90Arev1]A3453CTR DRBGAES 256 bits with Derivation Function EnabledRandom Bit Generator
ECDSA KeyGen (FIPS 186-4)A3453ECDSA KeyGenP-256, P-384, P-521Key Generation
ECDSA KeyVer (FIPS 186-4)A3453ECDSA KeyVerP-256, P-384, P-521Public Key Validation
ECDSA SigGen (FIPS 186-4)A3453ECDSA SigGenP-256, P-384, P-521 with SHA2-224, SHA2-256, SHA2-384, and SHA2-512Signature Generation
ECDSA SigVer (FIPS 186-4)A3453ECDSA SigVerP-256, P-384, P-521 with SHA-1, SHA2-224, SHA2-256, SHA2-384, and SHA2-512Signature Verification
HMAC-SHA-1 [FIPS 198-1]A3453HMACHMAC-SHA-1 with λ=96, 160Authentication for protocols
HMAC-SHA2-224 [FIPS 198-1]A3453HMACHMAC-SHA2-224 with λ=224Authentication for protocols
HMAC-SHA2-256 [FIPS 198-1]A3453HMACHMAC-SHA2-256 with λ=256Authentication for protocols
HMAC-SHA2-384 [FIPS 198-1]A3453HMACHMAC-SHA2-384 with λ=384Authentication for protocols
HMAC-SHA2-512 [FIPS 198-1]A3453HMACHMAC-SHA2-512 with λ=512Authentication for protocols
KAS-ECC-SSC Sp800-56Ar3A3453KASP-256/P-384/P-521Key Exchange
KAS-FFC-SSC SP 800-56Ar3A3453KASMODP-2048/3072/4096Key Exchange
KDF IKEv2 [SP 800-135rev1] (CVL)A3453IKEv2 KDFSHA2-256, SHA2-384, SHA2-512IKEv2
KDF SNMP [SP 800-135rev1] (CVL)A3453SNMPv3 KDFEngine ID: 80001F88043030303030 343935323630SNMPv3
KDF SSH [SP 800-135rev1] (CVL)A3453SSHv2 KDFSHA-1, SHA2-256, SHA2-512SSH
RSA KeyGen (FIPS 186-4)A3453RSA KeyGen (FIPS 186-4)2048, 3072, and 4096 bitsKey Pair Generation
RSA SigGen (FIPS 186-4)A3453RSA SigGen (FIPS 186-4)2048, 3072, and 4096-bit with hashes 256/384/512Signature Generation
RSA SigVer (FIPS 186-4)A3453RSA SigVer (FIPS 186-4)2048, 3072, 4096-bit (per IG C.F) with hashes SHA-1/224+++/256/384/512 (Signature Verification)Signature Verification

The module will automatically indicate the Approved mode of operation in the following manner:

8 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 9

© 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 9

Page 10
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
SHA-1 [FIPS 180-4]A3453SHASHA-1Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-224 [FIPS 180-4]A3453SHA2SHA-224Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-256 [FIPS 180-4]A3453SHA2SHA-256Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-384 [FIPS 180-4]A3453SHA2SHA-384Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-512 [FIPS 180-4]A3453SHA2SHA-512Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
Safe Primes Key Generation [RFC 3526]A3453Safe Primes Key GenerationMODP-2048, MODP-3072, MODP-4096Safe Primes Key Generation
Safe Primes Key Verification [RFC 3526]A3453Safe Primes Key VerificationMODP-2048, MODP-3072, MODP-4096Safe Primes Key Verification
TLS v1.2 KDF RFC7627 (CVL)A3453TLS v1.2 KDF RFC7627TLS v1.2 Hash Algorithm: SHA2-256, SHA2-384TLS
KTS [SP 800-38F]AES Cert. #A3453 and HMAC Cert. #A3453SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.AES-CBC or AES-CTR plus HMAC 128, 192, and 256-bit keys providing 128, 192, or 256 bits of encryption strengthKey Wrapping
KTS [SP 800-38F]AES-CCM Cert. #A3453SP 800-38C and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.AES-CCM 128-bit keys providing 128 bits of encryption strengthKey Wrapping
KTS [SP 800-38F]AES-GCM Cert. #A3453SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.AES-GCM 128 and 256-bit keys providing 128 or 256 bits of encryption strengthKey Wrapping
KAS [SP 800-56Arev3]KAS-ECC-S SC Cert. #A3453, KDF IKEv2 Cert. #A3453SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-ECC-S SC Cert. #A3453, KDF SSH Cert. #A3453SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-ECC-S SC Cert. #A3453, TLS v1.2 KDF RFC7627 Cert. #A3453SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-FFC-S SC Cert. #A3453, KDF IKEv2 Cert. #A3453SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2).2048, 3072, and 4096-bit keys providing 112, 128, or 150 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-FFC-S SC Cert. #A3453, KDF SSH Cert. #A3453SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2).2048-bit key providing 112 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-FFC-S SC Cert. #A3453, TLS v1.2 KDF RFC7627 Cert. #A3453SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2).2048-bit key providing 112 bits of encryption strengthKey Exchange with protocol KDF
CKG (SP 800-133rev2)Vendor AffirmedSection 5.1, Section 5.2, Section 6.1Cryptographic Key Generation; SP 800- 133 and IG D.H (symmetric keys and asymmetric seeds).Key Generation Note: The symmetric keys and seeds used for asymmetric key pair generation are produced using the unmodified/direct output of the DRBG
10 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 11

The module is compliant to IG C.H: GCM is used in the context of TLS, IPsec/IKEv2, SSH:

Page 12

itself). During operational testing, the module was tested against an independent version of IPsec with IKEv2 and found to behave correctly.

12 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 13

Figure 1 - Logical Diagram Figures 2 - 29 depict the modules and their interfaces. Please refer to the appendices for depictions of the modules with the physical kits installed. Figure 2 - PA-410 Front Figure 3 - PA-410 Rear © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 13

Page 14

Figure 4 - PA-400 Front (PA-440/450/460 front panels are identical) Figure 5 - PA-400 Rear (PA-440/450/460 rear panels are identical) Figure 6 - PA-415/445 Front

14 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 15

Figure 7 - PA-415/445 Rear Figure 8 - PA-1400 Series Front Figure 9 - PA-1400 Series Rear Figure 10 - PA-3200 Series Front Figure 11 - PA-3200 Series Rear © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 15

Page 16

Figure 12 - PA-3410/3420 Front Figure 13 - PA-3430/3440 Front Figure 14 - PA-3400 Rear Figure 15 - PA-5200 Series Front

16 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 17

Figure 16 - PA-5200 Rear Figure 17 - PA-5410/5420/5430/5440 Front (Note: All modules are identical) Figure 18 - PA-5410/5420/5430/5440 Rear (Note: All modules are identical) © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 17

Page 18

Figure 19 - PA-5450 Front Figure 20 - PA-5450 Management Processor Card

18 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 19

Figure 21 - PA-5450 Networking Card Figure 22 - PA-5450 Data Processing Card © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 19

Page 20

Figure 23 - PA-5450 Rear Figure 24 - PA-7050 Front1 Note: The PA-7050 can include various cards

20 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 21

Figure 25 - PA-7050 Back © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 21

Page 22

Figure 26 - PA-7080 Front (on Left) and Back (on Right) Interfaces2 Figure 27 - PA-820 / PA-850 Front Interfaces Note: The PA-7080 can include various cards

22 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 23
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
HSCI (PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5450, PA-7000 Series)HSCI (PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5450, PA-7000 Series)Data input, control input, data output, status outputSSH
LEDLEDStatus outputModule status via LED indicators
Micro USB Console (PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-415/PA-445, PA-440/PA-450/PA-460, PA-5400 Series, PA-5450, PA-7050, PA-7080)Micro USB Console (PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-415/PA-445, PA-440/PA-450/PA-460, PA-5400 Series, PA-5450, PA-7050, PA-7080)Status outputSelf-test output
PowerPowerPowerN/A
Power switch (PA-7000 Series)Power switch (PA-7000 Series)Control inputPower input switch
QSFP+ (PA-3260, PA-3430/PA-3440, PA-5250, PA-5260, PA-5280, PA-5400 Series, PA-7000 Series)QSFP+ (PA-3260, PA-3430/PA-3440, PA-5250, PA-5260, PA-5280, PA-5400 Series, PA-7000 Series)Data input, control input, data output, status outputTLS, IPsec, or SSH
QSFP28 (PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7000 Series)QSFP28 (PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7000 Series)Data input, control input, data output, status outputTLS, IPsec, or SSH
RJ45 ConsoleRJ45 ConsoleStatus outputSelf-test output
RJ45 EthernetRJ45 EthernetData input, control input, data output, status outputTLS, IPSec
RJ45 HA (PA-1400 Series, PA-3200 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7050, PA-7080)RJ45 HA (PA-1400 Series, PA-3200 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7050, PA-7080)Data input, control input, data output, status outputSSH
RJ45 Log (PA-5450)RJ45 Log (PA-5450)Data input, control input, data output, status outputTLS, IPsec
RJ45 MGT (PA-400 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-440/PA-450/PA-460, PA-5400 Series, PA-5450, PA-7000 Series)RJ45 MGT (PA-400 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-440/PA-450/PA-460, PA-5400 Series, PA-5450, PA-7000 Series)Data input, control input, data output, status outputTLS, SSH
SFP (PA-415, PA-455, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-7000 Series)SFP (PA-415, PA-455, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-7000 Series)Data input, control input, data output, status outputTLS, IPSec, or SSH
SFP+ (PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7050, PA-7080)SFP+ (PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, PA-7050, PA-7080)Data input, control input, data output, status outputTLS, IPSec, or SSH
SFP28 (PA-3400 Series, PA-5400 Series)SFP28 (PA-3400 Series, PA-5400 Series)Data input, control input, data output, status outputTLS, IPSec

Figure 28 - PA-820 Rear Interfaces Figure 29 - PA-850 Rear Interfaces 3.​Cryptographic Module Interfaces The modules are multi-chip standalone modules with ports and interfaces as shown below. The modules do not implement a Table 5 - Ports and Interfaces3 N/A Interfaces depicted in Figures 2-29 above, but not listed in this table are disabled or do not transfer any data. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 23

Page 24
24 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 25
Service
NameRolesInputOutput
Show VersionCrypto OfficerQuery module for versionModule provides version
Security Configuration ManagementCrypto Officer, UserConfiguring and managing cryptographic parameters and setting/modifying security policy, including creating User accounts and additional CO accounts via CLI or WebUIConfirmation of service via Configuration Logs
Other ConfigurationCrypto OfficerNetworking parameter configuration, logging configuration, and other non-security relevant configuration via CLI or WebUIConfirmation of service via Configuration Logs
View Other ConfigurationCrypto Officer, UserQuery module for current non-security relevant configuration via WebUI or CLIConfirmation of service via Configuration Logs
Show StatusCrypto Officer, User, RA VPN, S-S VPNQuery status of the module via WebUI or CLIModule status information via CLI or System Logs
VPNRA VPN, S-S VPNInitialize VPN connectionConfirmation of service via System Logs
Firmware UpdateCrypto OfficerLoading new imageMessage output noting version updated successfully
ZeroizeUnauthenticatedInitiate zeroization commandConsole Output
Self-TestsUnauthenticatedPower removalConsole Output
Show Status (LEDs)UnauthenticatedN/ALEDs

4.​Roles, Services, and Authentication Services While in the Approved mode of operation, all CO and User services are accessed via SSH or TLS sessions. Approved and allowed algorithms, relevant CSPs, and public keys related to these protocols are accessed to support the following services. CSP access by services is further described in the following tables. Table 6 - Roles, Service Commands, Input and Output N/A Assumption of Roles The modules support four distinct operator roles, User and Cryptographic Officer (CO), Remote Access VPN, and Site-to-site VPN. The cryptographic modules enforce the separation of roles using unique authentication credentials associated with operator accounts. The modules support concurrent operators. The modules do not provide a maintenance role or bypass capability. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 25

Page 26
Approved algorithm
NameUse Function
Authentication StrengthAuthentication MethodRole
Password-based The minimum length is eight (8) characters4 (95 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(958) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(958), which is less than 1/100,000. The firewall’s configuration supports at most ten failed attempts to authenticate in a one-minute period. Certificate/Public key-based The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521. The minimum equivalent strength supported is 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 288,000,000/(2112), which is less than 1/100,000. The firewall supports at most 4,800,000 new sessions per second.Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authentication)Cryptographic Officer
UserMemorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authenticationUser
Remote Access VPN (RA VPN)Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authenticationRemote Access VPN (RA VPN)
The pre-shared key authentication method has a minimum security strength5 of 956. The probability of successfully authenticating to the module is 1/(956), which is less than 1/1,000,000. The number of authentication attempts is limited by the number of new connections per second supported (4,800,000) on the fastest platform of the Palo Alto Networks firewalls. The probability of successfully authenticating to the module within a one minute period is 288,000,000/(956), which is less than 1/100,000. The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521.IKE/IPSec Pre-shared keys - Identification with the IP Address and authentication with the Pre-Shared Key or certificate based authenticationSite-to-Site VPN (S-S VPN)

The modules all support the use of a password (i.e. Memorized Secret as per SP 800-140E). Upon first boot, the module enforces a maximum of 10 failed attempts. Passwords stored in the module are hashed using SHA-256, and any passwords that are transported into/out of the module are protected via TLS 1.2. The passwords for the RA VPN and S-S VPN roles are created as part of the Security Configuration Management service Table 7 - Roles and Authentication In FIPS-CC Mode, the module checks and enforces the minimum password length of eight (8) as specified in SP 800-63B. Passwords are securely stored hashed with salt value, with very restricted access control, and rate limiting mechanism for random number password allowance that sets a baseline minimum acceptable strength of 106.

26 PAN-OS HW 11.0 Firewalls Security Policy
Page 27
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Show VersionQuery the module to display the versionCON/AN/AN/AVersion displayed via System Logs / CLI / UI
Security Configuration ManagementConfiguring and managing cryptographic parameters and setting/modifying security policy, including creating User accounts and additional CO accountsCORSA Private KeysCKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4)G/W/EConfiguration/System Logs
CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)COECDSA Private KeysCKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)G/W/E
KASCOTLS Pre-Master SecretKASG/E/ZTLS v1.2 KDF RFC7627
TLS v1.2 KDF RFC7627COTLS Master SecretG/E/ZTLS v1.2 KDF RFC7627
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCOTLS DHE/ECDHE Private ComponentsG/E/ZCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsTLS DHE/ECDHE Public ComponentsG/E/R/W/Z
KTSCOTLS HMAC KeysKTSG/E/ZHMAC-SHA2- 256 HMAC-SHA2- 384
AES-CBCCOTLS Encryption KeysG/E/ZAES-CBC
KTSKTSAES-GCM
KTSCOSSH Session Authentication KeysKTSG/E/ZHMAC-SHA-1 HMAC-SHA2- 256
AES-CBC, AES-CTRCOSSH Session Encryption KeysG/E/ZAES-CBC, AES-CTR
KTSKTSAES-GCM
KASCOSSH DHE/ECDHE Private ComponentsKASG/E/ZKDF SSH
SSH DHE/ECDHE Public ComponentsSSH DHE/ECDHE Public ComponentsG/E/R/W/Z
N/ACOCO, User, RA VPN PasswordN/AG/E/W
Counter DRBGCODRBG SeedCounter DRBGG/E
KDF SNMPCOSNMPv3 Authentication SecretKDF SNMPW/E
KDF SNMPCOSNMPv3 Privacy SecretKDF SNMPW/E
HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512COAuthentication KeyHMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512G/E/Z
AES-CFBCOSession KeyAES-CFBG/E/Z
N/ACOProtocol SecretsN/AW/E
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)COCA CertificatesRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/W
ECDSA SigVer (FIPS 186-4)COECDSA Public KeysECDSA SigVer (FIPS 186-4)G/R/E/W
RSA SigVer (FIPS 186-4)CORSA Public KeysRSA SigVer (FIPS 186-4)G/R/E/W
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)COSSH Host Public KeyRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/W
RSA SigVer (FIPS 186-4)COSSH Client Public KeyRSA SigVer (FIPS 186-4)W/E
RSA SigVer (FIPS 186-4)COPublic key for software load testRSA SigVer (FIPS 186-4)W/E
Other ConfigurationNetworking parameter configuration, logging configuration, and other non-security relevant configurationCORSA Private KeysRSA SigGen (FIPS 186-4)G/W/EConfiguration/System Logs
ECDSA SigGen (FIPS 186-4)COECDSA Private KeysECDSA SigGen (FIPS 186-4)G/W/E
KASCOTLS Pre-Master SecretKASG/E/ZTLS v1.2 KDF RFC7627
TLS v1.2 KDF RFC7627COTLS Master SecretG/E/ZTLS v1.2 KDF RFC7627
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCOTLS DHE/ECDHE Private ComponentsG/E/ZCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsTLS DHE/ECDHE Public ComponentsG/E/R/W/Z
HMAC-SHA2-256 HMAC-SHA2-384COTLS HMAC KeysHMAC-SHA2-256 HMAC-SHA2-384G/E/Z
AES-CBC or AES-GCMCOTLS Encryption KeysAES-CBC or AES-GCMG/E/Z G/Z
HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512COSSH Session Authentication KeysHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512
AES-CBC, AES-CTR, or AES-GCMCOSSH Session Encryption KeysAES-CBC, AES-CTR, or AES-GCMG/E/Z
KASCOSSH DHE/ECDHE Private ComponentsKASG/E/ZKDF SSH
N/ACOCO, User, RA VPN PasswordN/AG/E/W
Counter DRBGCODRBG SeedCounter DRBGG/E
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)COSSH Host Public KeyRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/W
RSA SigVer (FIPS 186-4)COSSH Client Public KeyRSA SigVer (FIPS 186-4)W/E
View Other ConfigurationRead-only of non-security relevant configurationCO, UserCO, User, RA VPN Password Note: includes all items in “Other Configuration”N/AW/EConfiguration/System Logs
Show StatusProvides status information of the moduleCO, UserRSA Private KeysRSA SigGen (FIPS 186-4)EConfiguration/System Logs
ECDSA SigGen (FIPS 186-4)CO, UserECDSA Private KeysECDSA SigGen (FIPS 186-4)E
KASCO, UserTLS Pre-Master SecretKASG/E/ZTLS v1.2 KDF RFC7627
TLS v1.2 KDF RFC7627CO, UserTLS Master SecretG/E/ZTLS v1.2 KDF RFC7627
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCO, UserTLS DHE/ECDHE Private ComponentsG/E/ZCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsTLS DHE/ECDHE Public ComponentsG/E/R/W/Z
HMAC-SHA2-256 HMAC-SHA2-384CO, UserTLS HMAC KeysHMAC-SHA2-256 HMAC-SHA2-384G/E/Z
AES-CBC or AES-GCMCO, UserTLS Encryption KeysAES-CBC or AES-GCMG/E/Z
HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512CO, UserSSH Session Authentication KeysHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512G/E/Z
AES-CBC, AES-CTR, or AES-GCMCO, UserSSH Session Encryption KeysAES-CBC, AES-CTR, or AES-GCMG/E/Z
Counter DRBGRA VPNDRBG SeedCounter DRBGG/E
KASCOSSH DHE/ECDHE Private ComponentsKASG/E/ZKDF SSH
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationSSH DHE/ECDHE Public ComponentsG/E/R/W/ZCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
VPNProvide network access for remote users or site-to-site connectionS-S VPNS-S VPN IPSec/IKE Authentication KeysKTSG/E/ZConfiguration/System LogsHMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 512
AES-CBCS-S VPNS-S VPN IPSec/IKE Session KeysG/E/ZAES-CBC
KTSKTSAES-CCM
KTSKTSAES-GCM
KASS-S VPNS-S VPN IPSec/IKE DHE/ECDHE Private ComponentsKASG/E/ZKDF IKEv2
N/AS-S VPNS-S VPN IPSec Pre-Shared KeysN/AW/E
ECDSA SigVer (FIPS 186-4)S-S VPNECDSA Public KeysECDSA SigVer (FIPS 186-4)W/E
RSA SigVer (FIPS 186-4)S-S VPNRSA Public KeysRSA SigVer (FIPS 186-4)W/E
RSA SigGen (FIPS 186-4)RA VPNRSA Private KeysRSA SigGen (FIPS 186-4)E
ECDSA SigGen (FIPS 186-4)RA VPNECDSA Private KeysECDSA SigGen (FIPS 186-4)E
KASRA VPNTLS Pre-Master SecretKASG/E/ZTLS v1.2 KDF RFC7627
TLS v1.2 KDF RFC7627TLS Master SecretG/E/ZTLS v1.2 KDF RFC7627
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe PrimesRA VPNTLS DHE/ECDHE Public ComponentsG/E/R/W/ZCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes
TLS DHE/ECDHE Private ComponentsRA VPNTLS DHE/ECDHE Private ComponentsG/E/Z
KTSRA VPNTLS HMAC KeysKTSG/E/ZHMAC-SHA2- 256 HMAC-SHA2- 384
AES-CBCRA VPNTLS Encryption KeysG/E/ZAES-CBC
KTSKTSAES-GCM
CKG, AES-CBC or AES-GCMRA VPNRA VPN IPSec Session KeysCKG, AES-CBC or AES-GCMG/E/Z
CKG, HMAC-SHA-1RA VPNRA VPN IPSec AuthenticationCKG, HMAC-SHA-1G/E/Z
Counter DRBGRA VPNDRBG SeedCounter DRBGG/E
RSA SigVer (FIPS 186-4)) ECDSA SigVer (FIPS 186-4)RA VPNCA CertificatesRSA SigVer (FIPS 186-4)) ECDSA SigVer (FIPS 186-4)W/E
ECDSA SigVer (FIPS 186-4)RA VPNECDSA Public KeysECDSA SigVer (FIPS 186-4)W/E
RSA SigVer (FIPS 186-4)RA VPNRSA Public KeysRSA SigVer (FIPS 186-4)W/E
Firmware UpdateProvides a method to update the firmware of the moduleCOPublic key for firmware content load test Note: Includes all keys from Other ConfigurationRSA SigVer (FIPS 186-4)EConfiguration/System Logs
ZeroizeDestroys all keys in the moduleCOAll keys and SSPsN/AZZeroization indicator
Self-TestInitiates self-tests and integrity testCOSoftware integrity verification keyHMAC-SHA2-256, ECDSA SigVer (FIPS 186-4)ESystem Logs
Show StatusProvides status of the moduleAllN/AN/ARLEDs

The minimum equivalent strength supported is 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 288,000,000/(2112), which is less than 1/100,000. The fastest firewall supports at most 288,000,000 new sessions per second to authenticate in a one-minute period. The table below defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. Table 8 - Approved Services © 2024 Palo Alto Networks, Inc. N/A HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2256 N/A N/A G/W/E G/W/E G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/Z PAN-OS 11.0 Firewalls Security Policy 27

Page 28
28 PAN-OS HW 11.0 Firewalls Security Policy

G/E/Z G/E/Z G/E/R/W/Z G/E/W G/E W/E W/E G/E/Z G/E/Z W/E G/R/E/W G/R/E/W G/R/E/W G/R/E/W W/E W/E G/W/E G/W/E G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/Z G/E/R/W/Z © 2025 Palo Alto Networks, Inc.

Page 29

N/A © 2024 Palo Alto Networks, Inc. G/E/Z G/E/Z G/E/R/W/Z G/E/W G/E G/R/E/W W/E W/E E E G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E N/A G/E/R/W/Z PAN-OS 11.0 Firewalls Security Policy 29

Page 30

HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 N/A

30 PAN-OS HW 11.0 Firewalls Security Policy

G/E/Z G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E/R/W/Z W/E W/E W/E E E G/E/Z G/E/Z G/E/R/W/Z G/E/Z © 2025 Palo Alto Networks, Inc.

Page 31

HMAC-SHA2256 HMAC-SHA2384 N/A N/A G/E/Z G/E/Z G/E/Z G/E/Z G/E W/E W/E W/E E Z E N/A R Note: Configuration/System Logs for Approved services above will indicate FIPS-CC mode is enabled, configuration requirements from Section 11 are followed, and that the service succeeded. ECDSA Cert. #A3453) during the Pre-Operational Self-Test. In addition, the module also conducts the firmware load test by using RSA 2048 with SHA-256 (Cert. #A3453) for the new validated firmware to be uploaded into the module. The pre-operational self-tests can be initiated by power cycling the module. When this is performed, the module automatically runs the cryptographic algorithm self-tests in addition to the pre-operational firmware integrity test. 6.​Operational Environment The FIPS 140-3 Operational Environment requirements are not applicable because the module does not contain a modifiable operational environment. The operational environment is limited since the modules include a firmware load service to support necessary updates. New firmware versions within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any other firmware loaded into these modules is out of the scope of this validation and requires a separate FIPS 140-3 validation. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 31

Page 32
Physical Security MechanismsRecommended Frequency of Inspection/TestInspection/Test Guidance Details
Tamper-Evident Seals (PA-7080, PA-7050, PA-5220, PA-5250, PA-5260, PA-5280, PA-3220, PA-3250, PA-3260,PA-410/440/450/460, PA-5450, PA-5410/5420/5430/5440, PA-3410/3420/3430/3440, PA-1410/1420, PA-415/PA-445, PA-820/PA-850)30 daysVerify integrity of tamper-evident seals in the locations identified in the Physical Kit Installation Guide. Seal integrity to be verified within the modules operating temperature range.
Top, Bottom, Front and Rear Opacity Shields (PA-7050 PA-5450)30 daysVerify that the plenums and opacity shields have not been deformed from their original shape, thereby reducing their effectiveness
Front and Rear Covers (PA-800 Series, PA-3220, PA-3250, PA-3260)30 daysVerify that front and rear covers have not been deformed from their original shape, thereby reducing their effectiveness
Front Cover (PA-7080, PA-5450, PA-5410/5420/5430/5440, PA-1410/1420, and PA-3410/3420/3430/3440)30 daysVerify that front cover has not been deformed from its original shape thereby reducing its effectiveness

The multi-chip standalone modules are production quality containing standard passivation. Chip components are protected by an opaque enclosure. There are tamper evident seals that are applied on the modules by the Crypto-Officer. All unused seals are to be controlled by the Crypto-Officer. The seals prevent removal of the opaque enclosure without evidence. The Crypto-Officer must ensure that the module surface is clean and dry. Tamper evident seals must be pressed firmly onto the adhering surfaces during installation and once applied the Crypto- Officer shall permit 24 hours of cure time for all tamper-evident seals. The Crypto-Officer should inspect the seals and shields for evidence of tamper every 30 days. If the seals show evidence of tamper, the Crypto-Officer should assume that the modules have been compromised and contact Customer Support. Note: For ordering information, see tables in Cryptographic Module Specification for Kit part numbers and versions. Opacity shields and Tamper Seals are included for the kits. Refer to this document’s Appendices for instructions on installation of the tamper seals and opacity shields. 8.​Non-Invasive Security No approved non-invasive attack mitigation test metrics are defined at this time.

32 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 33
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationImport ExportKey/SSP/Name/Ty pe
ECDSA/RSA Public key - Used to trust a root CA intermediate CA and leaf /end entity certificates (RSA 2048, 3072, and 4096 bits) (ECDSA P-256, P-384, and P-521)112 bits minimumRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A3453DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedCA Certificates
RSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (RSA 2048, 3072, or 4096-bit)112 bits minimumRSA SigVer (FIPS 186-4) Cert. #A3453DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key Encrypted or Plaintext TLS handshakeRSA Public Keys
RSA Private keys for generation of signatures, authentication or key establishment. (RSA 2048, 3072, or 4096-bit)112 bits minimumRSA SigGen (FIPS 186-4) Cert. #A3453DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedRSA Private Keys
ECDSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (ECDSA P-256, P-384, or P-521)128 bits minimumECDSA SigVer (FIPS 186-4) Cert. #A3453DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key Encrypted or Plaintext TLS handshakeECDSA Public Keys
ECDSA Private key for generation of signatures and authentication (P-256, P-384, or P-521)128 bits minimumECDSA SigGen (FIPS 186-4) Cert. #A3453DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedECDSA Private Keys
Ephemeral Diffie-Hellman private FFC or EC component used in TLS (DHE 2048, ECDHE P-256, P-384, P-521)112 bits minimumKAS-ECC-SS C KAS-FFC-SS C Cert. #A3453DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationN/ATLS DHE/ECDHE Private Components
Diffie_Hellman or EC Diffie-Hellman Ephemeral values used in key agreement (DHE 2048, ECDHE P-256, P-384, P-521)112 bits minimumKAS-ECC-SS C KAS-FFC-SS C Cert. #A3453DRBG, SP 800-56A Rev. 3N/AN/AZeroize at session terminationPlaintext - TLS handshakeTLS DHE/ECDHE Public Components
Secret value used to derive the TLS Master Secret along with client and server random noncesN/ATLS v1.2 KDF RFC7627, Cert. #A3453KAS SP 800-56A Rev. 3N/ARAM – plaintextZeroize at session terminationN/ATLS Pre-Master Secret
Secret value used to derive the TLS session keysN/ATLS v1.2 KDF RFC7627 Cert. #A3453TLS v1.2 KDF RFC7627N/ARAM – plaintextZeroize at session terminationN/ATLS Master Secret
AES (128 or 256 bit) keys used in TLS connections (GCM; CBC)128 bits minimumAES-CBC or AES-GCM Cert. #A3453TLS v1.2 KDF RFC7627TLS, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ATLS Encryption Keys
HMAC keys used in TLS connections (HMAC-SHA2-256 /384) ( 256, 384 bits)256 bits minimumHMAC-SHA2 -256 HMAC-SHA2 -384 Cert. #A3453TLS v1.2 KDF RFC7627TLS, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ATLS HMAC Keys
Diffie Hellman or EC Diffie-Hellman private (DH Group 14, ECDH P-256, ECDH P-384, ECDH P-521)112 bits minimumKAS-ECC-SS C KAS-FFC-SS C Cert. #A3453DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationN/ASSH DHE/ECDHE Private Components
Diffie Hellman or EC Diffie-Hellman public component (DH Group 14, ECDH P-256, ECDH P-384, ECDH P-521)112 bits minimumKAS-ECC-SS C KAS-FFC-SS C Cert. #A3453DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationPlaintext SSH handshakeSSH DHE/ECDHE Public Components
SSH Host Public Key (RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521)112 bits minimumRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A3453DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceN/ASSH Host Public Key
Public RSA key used to authenticate client. (RSA 2048, 3072, and 4096 bits)112 bits minimumRSA SigVer (FIPS 186-4) Cert. #A3453N/AN/AHDD/RAM – plaintextZeroize ServiceEncrypted via SSH or TLSSSH Client Public Key
Used in all SSH connections to the security module’s command line interface. (128, 192, or 256 bits: AES CBC or CTR) (128 or 256 bits: AES GCM)128 bits minimumAES-CBC, AES-CTR, or AES-GCM Cert. #A3453KDF SSHSSH, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ASSH Session Encryption Keys
Authentication keys used in all SSH connections to the security module’s command line interface (HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-512) (160, 256, 512 bits)160 bits minimumHMAC-SHA- 1 HMAC-SHA2 -256 HMAC-SHA2 -512 Cert. #A3453KDF SSHSSH, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ASSH Session Authentication Keys
Diffie-Hellman or EC Diffie-Hellman private component used in key establishment (DHE 2048, DHE 3072, DHE 4096,112 bits minimumKAS-ECC-SS C KAS-FFC-SS C Cert. #A3453DBRG, SP 800-56A Rev. 3N/ARAM - plaintextPower cycleN/AS-S VPN IPSec/IKE DHE or ECDHE Private Components
Diffie-Hellman or EC Diffie-Hellman public component used in key agreement (DHE 2048, DHE 3072, DHE 4096, ECDHE P-256, P-384, P-521)112 bits minimumKAS-ECC-SS C KAS-FFC-SS C Cert. #A3453DRBG, SP 800-56A Rev. 3N/ARAM - plaintextPower cycleN/AS-S VPN IPSec/IKE DHE or ECDHE Public Components
Used to encrypt IKE/IPSec data. These are AES (128, 192, or 256 CBC) IKE keys and (128, 192 or 256 CBC, 128 CCM, 128 or 256 GCM) IPSec keys128 bits minimumAES-CBC, AES-CCM, AES-GCM Cert. #A3453KDF IKEv2IPSec/IKE, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/AS-S VPN IPSec/IKE Session Keys
(HMAC-SHA-1, SHA-256, SHA-384 or SHA-512) Used to authenticate the peer in an IKE/IPSec tunnel connection. (160, 256, 384, 512 bits)160 bits minimumHMAC-SHA- 1 HMAC-SHA2 -256 HMAC-SHA2 -384 HMAC-SHA2 -512 Cert. #A3453KDF IKEv2IPSec/IKE, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/AS-S VPN IPSec/IKE Authentication Keys
PSK used in conjunction with HMAC listed above for authentication. Entered into the module by the Crypto Officer once authenticatedN/AN/AN/AN/AHDD/RAM – plaintextZeroize ServiceEncrypted via SSH or TLSS-S VPN IPSec Pre-Shared Keys
Used to encrypt remote access sessions utilizing IPSec. (AES 128-CBC, 128/256-GCM)128 bits minimumAES-CBC or AES-GCM Cert. #A3453CKG, DRBGN/ARAM - plaintextZeroize at session terminationN/ARA VPN IPSec Session Keys
(HMAC-SHA-1, 160 bits) Used in authentication of remote access IPSec data.160 bitsHMAC-SHA- 1 Cert. #A3453CKG, DRBGN/ARAM - plaintextZeroize at session terminationN/ARA VPN IPSec Authentication
Used to check the integrity of all software code (HMAC-SHA-256 and ECDSA P-256) (Note: This is not considered an SSP)128 bitsHMAC-SHA2 -256, ECDSA SigVer (FIPS 186-4) Cert. #A3453N/AN/AHDD - plaintextN/AN/AFirmware integrity verification key
Used to authenticate software/firmware and content to be installed on the firewall (RSA 2048 with SHA-256)112 bitsRSA SigVer (FIPS 186-4) Cert. #A3453N/AN/AHDD - plaintextN/AN/APublic key for firmware content load test
Authentication string with a minimum length of eight (8) characters.N/ASHA2-256 Cert. #A3453ExternalN/AHDD - a password hash (SHA2-256)Zeroize ServiceEncrypted via SSH or TLSCO, User, RA VPN Password
Secrets used by RADIUS or TACACS+ (8 characters minimum)N/AN/AN/AN/AHDD/RAM – plaintextZeroize ServiceEncrypted via IPSEC, SSH or TLSProtocol Secrets
Entropy input string coming from the entropy source Input length = 384 bits384 bits (Palo Alto Networks DRNG Entropy Source) 77,598 bits (AMD Random Number Generator) 194 bits (Octeon III Entropy Source)CKG (vendor affirmed), Counter DRBG Cert. #A3453Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/AEntropy Input String
DRBG seed coming from the entropy source Seed length = 384 bits384 bits (Palo Alto Networks DRNG Entropy Source) 77,598 bits (AMD Random Number Generator) 194 bits (Octeon III Entropy Source)CKG (vendor affirmed), Counter DRBG Cert. #A3453Entropy as per SP 800-90BN/ARAM - PlaintextPower cycleN/ADRBG Seed
AES 256 CTR DRBG state Key used in the generation of a random values256 bitsCKG (vendor affirmed), Counter DRBG Cert. #A3453Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/ADRBG Key
AES 256 CTR DRBG state V used in the generation of a random values128 bitsCKG (vendor affirmed), Counter DRBG Cert. #A3453Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/ADRBG V
Used to support SNMPv3 services (Minimum 8 characters)N/AKDF SNMP Cert. #A3453N/AN/AHDD/RAM – plaintextZeroize ServiceEncrypted via TLS/SSHSNMPv3 Authentication Secret
Used to support SNMPv3 services (Minimum 8 characters)N/AKDF SNMP Cert. #A3453N/AN/AHDD/RAM – plaintextZeroize ServiceEncrypted via TLS/SSHSNMPv3 Privacy Secret
HMAC–SHA-1/224 /256/384/512 Authentication protocol key (160 bits)160 bits minimumHMAC-SHA- 1 HMAC-SHA2 -224 HMAC-SHA2 -256 HMAC-SHA2 -384 HMAC-SHA2 -512 Cert. #A3453KDF SNMPN/AHDD/RAM - PlaintextZeroize ServiceN/AAuthentication Key
Privacy protocol encryption key (AES 128/192/256 CFB)128 bits minimumAES-CFB Cert. #A3453KDF SNMPN/AHDD/RAM - PlaintextZeroize ServiceN/ASession Key

9.​Sensitive Security Parameter Management The following table details all the sensitive security parameters utilized by the module. Table 10 - SSPs N/A N/A N/A N/A N/A C C N/A N/A C C N/A N/A © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 33

Page 34
34 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 35

C C N/A N/A N/A HMAC-SHA1 N/A N/A N/A N/A N/A N/A N/A HMAC-SHA1 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 35

Page 36
36 PAN-OS HW 11.0 Firewalls Security Policy
Page 37
Approved algorithm
NameKey Size
DetailsMinimum number of bits of entropyEntropy Source
ESV Cert. #E68, E70, E71, E72, E73 Entropy source provides full entropy, which is provided in the 384 bit seed.384 bitsPalo Alto Networks DRNG Entropy Source
ESV Cert. #E27 The entropy source provides 1.31221 bits of entropy per 128-bit output. The DRBG is seeded with at least 7569408 bits of output from the entropy source. Therefore, the DRBG is seeded with at least 77,598 bits of entropy before generating keys. [PA-5410/5420/5430/5440]77,598 bitsAMD Random Number Generator
ESV Cert. #E128 The entropy source provides at least 0.506 bits of entropy per bit of output. The DRBG is seeded with 384-bits of output from the entropy source. Therefore the DRBG is seeded with at least 194 bits of entropy before generating keys. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy. [PA-800/PA-3200/PA-5200/PA-7000]194 bitsOcteon III Entropy Source

Note: SSPs are implicitly zeroized when power is lost, or explicitly zeroized by the zeroize service. In the case of implicit zeroization, the SSPs are implicitly overwritten with random values due to their ephemeral memory being reset upon power loss. For the zeroization service and zeroization at session termination, the SSP's memory location is overwritten with random values. Table 11 - Non-Deterministic Random Number Generation Specification 10.​ Self-Tests The cryptographic module automatically performs the following tests below. The operator can command the module to perform the pre-operational and cryptographic algorithm self-tests by cycling power of the module; these tests do not require any additional operator action. Pre-operational Self-Tests Pre-operational Firmware Integrity Test

Page 38

Conditional self-tests Cryptographic algorithm self-tests

38 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 39
Cause of ErrorError State Indicator
Conditional Cryptographic Algorithm Self-Test or Software Integrity Test FailureFIPS-CC mode failure. <Algorithm test> failed.
Conditional Pairwise Consistency or Critical Functions Test FailureSystem log prints an error message.
Conditional Software Load Test FailureSystem prints Invalid image message.

Table 12 - Errors and Indicators 11. Life-Cycle Assurance The vendor provided life-cycle assurance documentation describes configuration management, design, finite state model, development, testing, delivery & operation, end of life procedures, and guidance. For details regarding the approved mode of operation, see “Approved Mode of Operation''. For details regarding secure installation, initialization, startup, and operation of the module, see below. Palo Alto Network provides an Administrator Guide for additional information noted in the “Reference Documents” section of this Security Policy. Module Enforced Security Rules The module design corresponds to the module security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-3 Level 2 module. 1.​ The cryptographic module provides four distinct operator roles. These are the User role, Remote Access VPN role, Site-to-site VPN role, and the Cryptographic Officer role. 2.​ The cryptographic module provides identity-based authentication. 3.​ The cryptographic module clears previous authentications on each power cycle. 4.​ When the module has not been placed in a valid role, the operator does not have access to any cryptographic services. 5.​ Data output is inhibited during power-up self-tests, zeroization and error states. 6.​ Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 7.​ There are no restrictions on which keys or SSPs are zeroized by the zeroization service. 8.​ The module maintains separation between concurrent operators. 9.​ The module does not support a maintenance interface or role. 10.​ The module does not have any external input/output devices used for entry/output of data. 11.​ The module does not enter or output plaintext SSPs. 12.​ The module does not output intermediate key generation values. 13.​ Pre-shared keys used for IKE/IPSec must be at least 6 bytes in length, but no more than 255 bytes. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 39

Page 40

Vendor imposed security rules In FIPS-CC mode, the following rules shall apply: 1.​ The operator shall not enable TLSv1.0 or use RSA for key wrapping; it is disabled by default a.​ Checked via CLI using “show shared” command 2.​ The operator should not enable TLSv1.3, it is disabled by default. a.​ Checked via CLI using “show profiles” command 3.​ If using RADIUS, it must be configured using TLS. a.​ Checked via CLI using “show shared” command 4.​ If using TACACS+, configure the service route via an IPSec tunnel, and ensure the TACACS+ server is configured for a minimum password length of eight (8) characters or greater. a.​ Checked via CLI using “show deviceconfig” command

  1. Mitigation of Other Attacks The module is not designed to mitigate any specific attacks outside the scope of FIPS 140-3. These requirements are not applicable.
  2. Definitions and Acronyms API – Application Programming Interface App-ID – Application Identification - Palo Alto Networks’ ability to identify applications and apply security policy based on the ID rather than the typical port and protocol-based classification. BGP – Border Gateway protocol – Dynamic routing protocol CA – Certificate authority Content-ID – Content Identification – Palo Alto Networks’ threat prevention features including Antivirus, Antispyware, and Intrusion Prevention. CO – Cryptographic Officer DLP – Data loss prevention Gbps – Gigabits per second HA – High Availability HSCI - High Speed Chassis Interconnect IKE – Internet Key Exchange IP – Internet Protocol IPSec – Internet Protocol Security LDAP – Lightweight Directory Access Protocol LED – Light Emitting DiodeOCSP – Online Certificate Status Protocol OSPF – Open Shortest Path First – Dynamic routing protocol PAN-OS – Palo Alto Networks’ Operating System QoS – Quality of Service QSFP - Quad Small Form-factor Pluggable RA VPN – Remote Access Virtual Private Network RIP – Routing Information Protocol – Dynamic routing protocol RJ45 – Networking Connector RNG –Random number generator S-S VPN – Site to site Virtual Private Network SFP – Small Form-factor Pluggable Transceiver SSL – Secure Sockets Layer TLS – Transport Layer Security
40 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 41

USB

Page 42

Appendix B - PA-415 - FIPS Accessories/Tamper Seal Installation (5 Seals) The PA-415 requires 5 tamper labels in the following locations. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels. Affix the tamper labels as shown below: Attach one label on the top side that wraps around the rear side of the module: Affix four labels on the bottom of the device. One on each side that wraps to the bottom of the module, and two in locations

3 and 4.

Appendix C - PA-440/450/460 FIPS Accessories/Tamper Seal Installation (4 Seals) The PA-440/450/460 require four tamper labels that are placed at the same location as the modules have the same enclosure. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels. Affix the tamper labels on the rear of the module as shown below:

42 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 43

Appendix D - PA-445 FIPS Accessories/Tamper Seal Installation (8 Seals) The Physical Kit for this module requires 8 tamper labels. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels. Placement is as follows. Apply 6 seals on the top of the module: Place one seal on the right and one seal on the left of the module: © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 43

Page 44

Appendix E - PA-1400 and PA-3400 Series FIPS Accessories/Tamper Seal Installation (12 Seals) The PA-1410/PA-1420 and PA-3410/PA-3420/PA-3430/PA-3440 require 12 tamper labels that are placed at the same location on all devices in the series. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels and opacity shields. Affix the tamper labels and install the opacity shields on the module as shown below in the diagrams. Install the front opacity shield as such:

44 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 45

Note: Depending on the module, there may be 1 or 2 power supplies provided. Regardless of 1 or 2 being installed, the location of the tamper label is the same. Appendix F

Page 46

2.​ Attach the bracket to the firewall that will be used. Note: The firewall can use a mid-mount, front-mount or four-post mount. All seal placement is the same for the various use cases.

46 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 47

3.​ Place 19 tamper seals on the module. Note: Tamper seal placement is the same for all mount types. Seal #16 is required only for the front-mount of four-post rack installations. It is not required for the mid-mount installation © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 47

Page 48

Appendix G - PA-5200- FIPS Accessories/Tamper Seal Installation (28 Seals) The PA-5220/PA-5250/PA-5260/PA-5280 require 28 tamper labels that are placed at the same location on all devices in the series. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels and opacity shields. Affix the tamper labels and install the opacity shields as shown in the below diagrams. 1.​ Place the firewall upside down on a flat Electrostatic Discharge (ESD) protected surface and ground yourself by touching a metal surface on the firewall. 2.​ Install power cables: plug the power cords in to the power inlets located on the back of the firewall and connect the ground lug and ground cable to the ground lug bolts (you cannot access these back ports after you attach the FIPS back cover). 3.​ Place the FIPS back cover onto the back of the firewall and attach it to the firewall using four (4) #8-32 x 1/4” screws (two (2) screws on each side of the cover). Route the power cables through the back-cover cable-guide openings. ​ ​ 4.​ Attach the FIPS back-cover panel to the FIPS back cover using four (4) #4-40 x 1/4” screws (one (1) screw on each side of the cover and two (2) screws on the back of the cover). ​

48 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 49

5.​ Place the FIPS front cover onto the front of the firewall and place the rack-mount brackets over the holes on the front cover. Attach the front cover and rack-mount brackets to the firewall using eighteen (18) #8-32 x 5/16” screws (shipped with the firewall)—use nine (9) screws on each side. ​ 6.​ Apply a tamper-evident seal to each location shown in the illustrations (28 seals). © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 49

Page 50
50 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 51

© 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 51

Page 52

Appendix F - PA-5450 FIPS Accessories/Tamper Seal Installation (12 Seals) The PA-5450 requires twelve tamper seals. Follow the directions below to install the Physical Kit. Affix 7 seals at the locations on the rear of the device: On the top cover of the module, place one seal at the following location: Affix the front opacity shield to the front of the device and screw into the locations as below:

52 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 53

Finalize the process by adding four seals at the following locations to secure the screws: © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 53

Page 54

Appendix H - PA-5400 Series FIPS Accessories/Tamper Seal Installation (11 Seals) The PA-5410/PA-5420/PA-5430/PA-5430 require 11 tamper labels. The location of the tamper labels placement is the same for all models in the series. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels and opacity shields. Affix the tamper labels and install the opacity shields as shown in the below diagrams.

54 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 55

Appendix I - PA-7050 - FIPS Accessories/Tamper Seal Installation (24 Seals) The PA-7050 requires 24 tamper labels. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels and opacity shields. Affix the tamper labels and install the opacity shields as shown in the below diagrams. 1.​ Attach front right rack mount brackets in 4-post rack position. Do not attach rear rack mount brackets. Note that brackets are rotated 180 degrees, so the screw holes lineup and the rack mount holes are now on the front of the chassis. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 55

Page 56

2.​ Align right plenum bracket with five (5) open screw holes. Attach air plenum brackets using five (5) of the remaining bracket screws as shown. Repeat for left side. 3.​ Attach bottom plenum to the front right rack mount bracket. Place only the middle two (2) screws.

56 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 57

4.​ Attach the bottom plenum to the rearward right plenum bracket. 5.​ Rotate PA-7050 chassis clockwise 90 degrees onto the bottom plenum. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 57

Page 58

6.​ Assemble top plenum and cable guide hardware. 7.​ Attach top plenum to the front left rack mount bracket

58 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 59

8.​ Attach front opacity shield using the four (4) captive screws 9.​ Attach top plenum to the rearward left plenum bracket along with plenum’s rear opacity shield as shown © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 59

Page 60

10.​ Loosen four (4) screws on the panel containing the power supply vent. Insert the power supply vent opacity shield and tighten screws. 11.​ Facing the front of the module, affix two (2) seals to top of the front opacity shield, one (1) near left edge and one (1) near the right edge. Ensure the seals, when placed, overlap onto the top of the plenum, as shown. (2 total)

60 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 61

12.​ Facing the front of the module affix one (1) seal centered to the bottom of the front opacity shield to the bottom air plenum, as shown. (1 total) 13.​ Facing the rear of the module, affix two (2) seals to top of the rear opacity shield, one (1) near left edge and one (1) near the right edge. Ensure the seals, when placed, overlap onto the top of the plenum, as shown. (2 total) © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 61

Page 62

14.​ Facing the rear of the module; A.​ Affix one (1) seal to the top plenum/opacity shield, covering the left and right outermost screws, as shown. B.​ Affix one (1) seal to the left and right edge of the top plenum bracket folding over the outer edge of the module, as shown. C.​ Affix one (1) seal to the top of each rear panel (three (3). Ensure that the seals lap onto the top rear plenum brackets, as shown. (7 total)

62 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 63

15.​ Facing the rear of the module, A.​ Affix one (1) seal to the bottom of each rear panel (three (3). Ensure that the seals laps onto the bottom rear plenum brackets, as shown. B.​ Affix one (1) seal to the left and right edge of the bottom plenum bracket folding over the outer edge of the module, as shown. C.​ Affix one (1) seal to the bottom plenum’s rear side and the bottom plenum rear bracket. (6 total) © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 63

Page 64

16.​ Facing the rear of the module;

64 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 65

Appendix J - PA-7080 - FIPS Accessories/Tamper Seal Installation (10 Seals) The PA-7080 requires 10 tamper labels. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels and opacity shields. Affix the tamper labels and install the opacity shields as shown in the below diagrams. 1.​ Using the supplied screws attach the Cable Manager Kit with upper opacity lip to the front of the PA-7080, as shown. 2.​ Using the supplied screws, attach the Left and Right Front Cover brackets to the sides of the PA-7080, as shown. © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 65

Page 66

3.​ Using the supplied screws attach front opacity shield to the PA-7080 as shown. 4.​ The final assembly for the PA-7080 with the Physical Kit is as shown.

66 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 67

5.​ Facing the front of the PA-7080: A.​ Affix one (1) seal to the front and center of the exhaust fan tray. Ensure the seal overlaps the seam with the front PA-7080 branding panel as shown. (1 total) B.​ Affix one (1) seal to the left and right outer edge of mounting flanges for the front opacity shield. Seals should fold over the edge of the cover flange and mounting bracket onto the side of the PA-7080. (2 total) C.​ Affix one (1) seal to the front and center of the air intake fan tray. Ensure the seal overlaps the seam with the PA-7080 electrostatic discharge port panel as shown. (1 total) © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 67

Page 68

6.​ Facing the rear of the PA-7080; D.​ Affix one (1) seal to the left and right outer edge of the upper back panel. Seals should be placed just below the rear exhaust vent as shown. Seals should wrap around onto the sides of the PA-7080 (2 total). E.​ Affix one (1) seal to the left and right outer edges of each power entry module as shown. Seals should wrap around onto the sides of the PA-7080 (4 total).

68 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 69

© 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 69

Page 70

Appendix K - PA-800 Series - FIPS Accessories/Tamper Seal Installation (11 Seals) The PA-820/PA-850 require 11 tamper labels. Refer to Table 2 of this document for the part number of the physical kit containing the tamper labels and opacity shields. Affix the tamper labels and install the opacity shields as shown in the below diagrams. 1.​ Place the firewall on a flat Electrostatic Discharge (ESD) protected surface and ground yourself by touching a metal surface on the firewall. 2.​ Place the physical kit back cover onto the back of the firewall and attach it using four #4-40 x 5/16 screws (two screws on each side of the back cover). ​ 3.​ Insert the front (network, management, and console) cables in to the front ports. 4.​ Place the physical kit front cover onto the front of the firewall and place the rack-mount brackets over the holes on the front cover. Attach the front cover and rack-mount brackets to the firewall using eight (8) #6-32 x 5/16” rack-mount bracket screws (shipped with the firewall)—use four (4) screws on each side. Route the front cables through the front-cover cable-guide opening.

70 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Page 71

​ ​ ​ 5.​ Apply a tamper-evident seal to each location shown in the following illustrations (eleven (11) seals total). The seal placement over the power supply of the PA-820 firewall and PA-850 firewall is slightly different as shown. ​ © 2024 Palo Alto Networks, Inc. PAN-OS 11.0 Firewalls Security Policy 71

Page 72
72 PAN-OS HW 11.0 Firewalls Security Policy

© 2025 Palo Alto Networks, Inc.

Referenced URLs