All modules
CMVP Validated Module · FIPS 140-3 Security Policy

PAN-OS 10.1 Next-Generation Hardware Firewalls

Certificate#4841StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorPalo Alto Networks, Inc.
High review priority  ·  exposes firmware-update authentication, debug/recovery interface  ·  last validated 16 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date10/15/2029
CaveatWhen installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy
VendorPalo Alto Networks, Inc.
Hardware versions910-000128 with Physical Kit 920-000084, 910-000147 with Physical Kit 920-000226, [910-000231, 910-000212, 910-000232, and 910-000230] with Physical Kit 920-000454, [910-000120 and 910-000119] with Physical Kit 920-000185, [910-000162, 910-000163, and 910-000164] with Physical Kit 920-000212, [910-000132, 910-000131, 910-000125, 910-000157, 910-000257, and 910-000357] with Physical Kit 920-000186, 910-000223 with components 920-000293, 910-000195, 910-000194, and 910-000204 with Physical Kit 920-000309, 910-000102 with components 910-000137, 910-000136, 910-000156, 910-000256, 910-000356, 910-000183, 910-0000014, 910-000169, 910-000185, 910-000285, 910-000385, and 910-000013 with Physical Kit 920-000112, and 910-000122 with components 910-000137, 910-000136, 910-000156, 910-000256, 910-000356, 910-000183, 910-0000014, 910-000169, 910-000186, 910-000286, 910-000386, and 910-000012 with Physical Kit 920-000119

Approved Algorithms (35)

AlgorithmACVP Cert
AES-CBCA2137
AES-CCMA2137
AES-CFB128A2137
AES-CTRA2137
AES-GCMA2137
Conditioning Component AES-CBC-MAC SP800-90BA1791
Conditioning Component AES-CBC-MAC SP800-90BA2138
Conditioning Component AES-CBC-MAC SP800-90BA2153
Conditioning Component AES-CBC-MAC SP800-90BA2165
Counter DRBGA2137
ECDSA KeyGen (FIPS186-4)A2137
ECDSA KeyVer (FIPS186-4)A2137
ECDSA SigGen (FIPS186-4)A2137
ECDSA SigVer (FIPS186-4)A2137
HMAC-SHA-1A2137
HMAC-SHA2-224A2137
HMAC-SHA2-256A2137
HMAC-SHA2-384A2137
HMAC-SHA2-512A2137
KAS-ECC-SSC Sp800-56Ar3A2137
KAS-FFC-SSC Sp800-56Ar3A2137
KDF IKEv2A2137
KDF SNMPA2137
KDF SSHA2137
KDF TLSA2137
RSA KeyGen (FIPS186-4)A2137
RSA SigGen (FIPS186-4)A2137
RSA SigVer (FIPS186-4)A2137
Safe Primes Key GenerationA2137
Safe Primes Key VerificationA2137
SHA-1A2137
SHA2-224A2137
SHA2-256A2137
SHA2-384A2137
SHA2-512A2137

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces2
Software/Firmware Security2
Operational EnvironmentN/A
Physical Security2
Non-Invasive SecurityN/A
Sensitive Security Parameter Management2
Self-Tests2
Life-Cycle Assurance3
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for PAN-OS 10.1 Next-Generation Hardware Firewalls
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>10.1.5</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Update<br/>RSA SigVer (FIPS 186-4)</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show Status<br/>Zeroize<br/>Self-Tests</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>Micro USB Console (PA-220, PA-220R, PA-800 Series,…<br/>RJ45 Console<br/>RJ45 Ethernet</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C4,C5,C6 clue;
  class I1,I2,I3,I4,I5,I6 infer;
  class R1,R2,R3,R4,R5,R6 risk;
  class E1,E2,E3,E4,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for PAN-OS 10.1 Next-Generation Hardware Firewalls
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>10.1.5</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Update<br/>RSA SigVer (FIPS 186-4)</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show Status<br/>Zeroize<br/>Self-Tests</i><br/>src: securityPolicy.services"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>Micro USB Console (PA-220, PA-220R, PA-800 Series,…<br/>RJ45 Console<br/>RJ45 Ethernet</i><br/>src: securityPolicy.portsAndInterfaces"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3,C4 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

PAN-OS 10.1 Next-Generation Hardware Firewalls Version: 1.4 Revision Date: February 7, 2025 Palo Alto Networks, Inc.​ www.paloaltonetworks.com​ © 2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. This document may be freely reproduced and

Page 2
Table of Contents
#SectionPage
1General​3
2Cryptographic Module Specification​4
3Cryptographic Module Interfaces​20
4Roles, Services, and Authentication​21
5Software/Firmware Security​28
6Operational Environment​29
7Physical Security​29
8Non-Invasive Security​29
9Sensitive Security Parameter Management​30
10Self-Tests​34
11Life-Cycle Assurance​36
12Mitigation of Other Attacks​37
13Definitions and Acronyms​37
14Reference Documents​38
1General2
2Cryptographic Module Specification2
3Cryptographic Module Interfaces2
4Roles, Services, Authentication3
5Software/Firmware Security2
7Physical Security2
9Sensitive Security Parameter Management2
10Self-Tests2
11Life-Cycle Assurance3
Page 3

1.​General Palo Alto Networks offers a full line of next-generation security appliances that range from the PA-220, designed for enterprise remote offices, to the PA-7080, which is a modular chassis designed for high-speed datacenters. Our platform architecture is based on our single-pass engine, PAN-OS, for networking, security, threat prevention, and management functionality that is consistent across all platforms. The devices differ only in capacities, performance, and physical configuration. The Palo Alto Networks PAN-OS 10.1 Next-Generation Hardware Firewalls (hereafter referred to as the modules) are multi-chip standalone hardware modules that provide network security by enabling enterprises to see and control applications, users, and content

Page 4
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic Module Specification2
33Cryptographic Module Interfaces2
44Roles, Services, Authentication3
55Software/Firmware Security2
66Operational EnvironmentN/A
77Physical Security2
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management2
1010Self-Tests2
1111Life-Cycle Assurance3
1212Mitigation of Other AttacksN/A
Overall LevelOverall Level2
Module configuration
NameModelHardware VersionFirmware VersionFeatures
PA-220PA-220910-000128, Physical Kit: 920-00008410.1.5RJ45 Ports, Micro-USB, LEDs, USB, Power Supply
PA-220RPA-220R910-000147, Physical Kit: 920-00022610.1.5RJ-45 Ports, SFP, USBs, Micro-USB, LEDs, Power Supply
PA-410PA-410910-000231, Physical Kit: 920-00045410.1.5RJ45 interfaces, USB, LED, Power supply, Ground stud
PA-440PA-440910-000212, Physical Kit: 920-00045410.1.5RJ45 ports, USB, LEDs, 1 Micro USB
PA-450PA-450910-000232, Physical Kit: 920-00045410.1.5RJ45 ports, USB, LEDs, 1 Micro USB
PA-460PA-460910-000230, Physical Kit: 920-00045410.1.5RJ45 ports, USB, LEDs, 1 Micro USB
PA-820PA-820910-000120, Physical Kit: 920-00018510.1.5RJ45 Ports, Micro-USB, SFP, SFP/SFP+, Power, LEDs, USB
PA-850PA-850910-000119, Physical Kit: 920-00018510.1.5RJ45 Ports, Micro-USB, SFP, SFP/SFP+, Power, LEDs, USB
PA-3220PA-3220910-000162, Physical Kit: 920-00021210.1.5RJ45 ports, SFP/SFP+ ports, QSFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power
PA-3250PA-3250910-000163, Physical Kit: 920-00021210.1.5RJ45 ports, SFP/SFP+ ports, QSFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power
PA-3260PA-3260910-000164, Physical Kit: 920-00021210.1.5RJ45 ports, SFP/SFP+ ports, QSFP+ ports, HSCI ports, USB ports, Micro-USB, LED, Power
PA-5220PA-5220910-000132, Physical Kit: 920-00018610.1.5RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+
PA-5250PA-5250910-000131, Physical Kit: 920-00018610.1.5RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5260PA-5260910-000125, Physical Kit: 920-00018610.1.5RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5280PA-5280910-000157, Physical Kit: 920-00018610.1.5RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5280-K2-EXPPA-5280-K2-EXP910-000257, Physical Kit: 920-00018610.1.5RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5280-K2-SECPA-5280-K2-SEC910-000357, Physical Kit: 920-00018610.1.5RJ45 ports, SFP/SFP+, QSFP28 port, QSFP+ ports, HSCI ports, SFTP+ ports, Power supply, LEDs, USB
PA-5450*PA-5450*910-000223, Physical Kit: 920-00030910.1.5Networking cards, Data processing cards, Base cards, Management processor cards, Electrostatic Discharge, LEDs, Logging Drive Corner, USB, Console port, HSCI-A/B, Logging ports, Management Ports, HA ports, Ejector Tabs, RJ45, QSFP28, SFP/SFP+, Ground Studs, Fans, Power
PA-7050**PA-7050**910-000102, Physical Kit: 920-00011210.1.5Networking cards, Log/Data processing cards, Log forwarding cards, Management processor cards, RJ45 ports, SFP ports, SFP+ ports, HSCI ports, QSFP+ ports, Power supply, Power Switch, LEDs, USB
PA-7080**PA-7080**910-000122, Physical Kit: 920-00011910.1.5Networking cards, Log/Data processing cards, Log forwarding cards, Management processor cards, RJ45 ports, SFP+, HSCI, QSFP+, Power Switch, LEDs, USB

The cryptographic modules meet the overall requirements applicable to Level 2 security of FIPS 140-3. Table 1 - Security Levels N/A N/A N/A The configurations for this validation are highlighted in Table 2. Table 2 - Cryptographic Module Tested Configuration

4 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 5

PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 5

Page 6
6 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 7
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
Conditioning Component AES-CBC-MAC SP 800-90BA1791AES-CBC-MAC128 bitsVetted conditioning component for ESV Cert. #E129
AES-CBC [SP 800-38A]A2137CBC128, 192 and 256 bitsEncryption Decryption
AES-CCM [SP 800-38C]A2137CCM128 bitsEncryption Decryption
AES-CFB128 [SP 800-38A]A2137CFB128128 bitsEncryption Decryption
AES-CTR [SP 800-38A]A2137CTR128, 192 and 256 bitsEncryption Decryption
AES-GCM [SP 800-38D]A2137GCM**128 and 256 bitsEncryption Decryption
Counter DRBG [SP 800-90Arev1]A2137CTR DRBGAES 256 bits with Derivation Function EnabledRandom Bit Generator
ECDSA KeyGen (FIPS 186-4)A2137ECDSA KeyGenP-256, P-384, P-521Key Generation
ECDSA KeyVer (FIPS 186-4)A2137ECDSA KeyVerP-256, P-384, P-521Public Key Validation
ECDSA SigGen (FIPS 186-4)A2137ECDSA SigGenP-256, P-384, P-521 with SHA2-224, SHA2-256, SHA2-384, and SHA2-512Signature Generation
ECDSA SigVer (FIPS 186-4)A2137ECDSA SigVerP-256, P-384, P-521 with SHA-1, SHA2-224, SHA2-256, SHA2-384, and SHA2-512Signature Verification
HMAC-SHA-1 [FIPS 198-1]A2137HMACHMAC-SHA-1 with λ=160Authentication for protocols
HMAC-SHA2-224 [FIPS 198-1]A2137HMACHMAC-SHA2-224 with λ=224Authentication for protocols
HMAC-SHA2-256 [FIPS 198-1]A2137HMACHMAC-SHA2-256 with λ=256Authentication for protocols
HMAC-SHA2-384 [FIPS 198-1]A2137HMACHMAC-SHA2-384 with λ=384Authentication for protocols
HMAC-SHA2-512 [FIPS 198-1]A2137HMACHMAC-SHA2-512 with λ=512Authentication for protocols
KAS-ECC-SSC Sp800-56Ar3A2137KASP-256/P-384/P-521Key Exchange
KAS-FFC-SSC SP 800-56Ar3A2137KASMODP-2048Key Exchange
KDF IKEv2 [SP 800-135rev1] (CVL)A2137IKEv2 KDFSHA2-256, SHA2-384, SHA2-512IKEv2
KDF SNMP [SP 800-135rev1] (CVL)A2137SNMPv3 KDFEngine ID: 80001F880430303030303439353236 30SNMPv3
KDF SSH [SP 800-135rev1] (CVL)A2137SSHv2 KDFSHA-1, SHA2-256, SHA2-512SSH
KDF TLS [SP 800-135rev1] (CVL)A2137TLS 1.0/1.1 KDF, TLS1.2 KDFTLS v1.0/1.1 TLS v1.2 Hash Algorithm: SHA2-256, SHA2-384TLS
RSA KeyGen (FIPS 186-4)A2137RSA KeyGen (FIPS 186-4)2048, 3072, and 4096 bitsKey Pair Generation
RSA SigGen (FIPS 186-4)A2137RSA SigGen (FIPS 186-4)(ANSI X9.31, RSASSA-PKCS1_v1-5, RSASSA-PSS): 2048, 3072, and 4096-bit with hashes SHA2-256/384/512Signature Generation
RSA SigVer (FIPS 186-4)A2137RSA SigVer (FIPS 186-4)(ANSI X9.31, RSASSA-PKCS1_v1-5, RSASSA-PSS): 2048, 3072, 4096-bit (per IG C.F) with hashes SHA-1 and SHA2-224+++/256/384/512 (Signature Verification) +++ This Hash algorithm is not supported for ANSI X9.31Signature Verification
SHA-1 [FIPS 180-4]A2137SHASHA-1Digital Signature Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-224 [FIPS 180-4]A2137SHA2SHA-224Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-256 [FIPS 180-4]A2137SHA2SHA-256Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-384 [FIPS 180-4]A2137SHA2SHA-384Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
SHA2-512 [FIPS 180-4]A2137SHA2SHA-512Digital Signature Generation/Verification Non-Digital Signature Applications (e.g. component of HMAC)
Safe Primes Key Generation [RFC 3526]A2137Safe Primes Key GenerationMODP-2048Safe Primes Key Generation
Safe Primes Key Verification [RFC 3526]A2137Safe Primes Key VerificationMODP-2048Safe Primes Key Verification
Conditioning Component AES-CBC-MAC SP 800-90BA2138AES-CBC-MAC128 bitsVetted conditioning component for ESV Cert. #E129
Conditioning Component AES-CBC-MAC SP 800-90BA2153AES-CBC-MAC128 bitsVetted conditioning component for ESV Cert. #E129
Conditioning Component AES-CBC-MAC SP 800-90BA2165AES-CBC-MAC128 bitsVetted conditioning component for ESV Cert. #E129
KTS [SP 800-38F]AES Cert. #A2137 and HMAC Cert. #A2137SP 800-38A, FIPS 198-1, and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256-bit keys providing 128, 192, or 256 bits of encryption strengthKey Wrapping. AES-CBC or AES-CTR with HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-384, or HMAC-SHA2-512
KTS [SP 800-38F]AES-CCM Cert. #A2137SP 800-38C and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128-bit keys providing 128 bits of encryption strengthKey Wrapping. AES-CCM.
KTS [SP 800-38F]AES-GCM Cert. #A2137SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128 and 256-bit keys providing 128 or 256 bits of encryption strengthKey Wrapping. AES-GCM
SP 800-90BESV Cert. #128ESVOcteon III Entropy SourceEntropy
SP 800-90BESV Cert. #129ESVPalo Alto Networks DRNG RDSEED Entropy SourceEntropy
KAS [SP 800-56Arev3]KAS-ECC-S SC Cert. #A2137, KDF IKEv2 Cert. #A2137SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-ECC-S SC Cert. #A2137, KDF SSH Cert. #A2137SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-ECC-S SC Cert. #A2137,SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-256, P-384, and P-521 curves providing 128, 192, or 256 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-FFC-S SC Cert. #A2137, KDF IKEv2 Cert. #A2137SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2).2048-bit key providing 112 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-FFC-S SC Cert. #A2137, KDF SSH Cert. #A2137SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2).2048-bit key providing 112 bits of encryption strengthKey Exchange with protocol KDF
KAS [SP 800-56Arev3]KAS-FFC-S SC Cert. #A2137, KDF TLS Cert. #A2137SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2).2048-bit key providing 112 bits of encryption strengthKey Exchange with protocol KDF
CKG (SP 800-133rev2)Vendor AffirmedSection 5.1, Section 5.2, and Section 6.1Cryptographic Key Generation; SP 800- 133 and IG D.H (symmetric keys and asymmetric seeds).Key Generation Note: The symmetric keys and seeds used for asymmetric key pair generation are produced using the unmodified/direct output of the DRBG

Non-Compliant State Failure to follow the directions in the Approved Mode of Operation above or rules noted in Section 11 will result in the module operating in a non-compliant state, which is considered out of scope of this validation. Zeroization The following procedure will zeroize the module:

Page 8
8 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 9

D.G. D.G. D.G. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 9

Page 10

The module is compliant to IG C.H: GCM is used in the context of TLS, IPsec/IKEv2, SSH:

10 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 11
Approved algorithm
NameUse Function
MD5Only allowed as the PRF in TLSv1.1 per IG 2.4.AMessage digest used in TLSv1.0 / v1.1

The module is compliant to IG C.F: The module utilizes Approved modulus sizes 2048, 3072, and 4096 bits for RSA signatures. This functionality has been CAVP tested as noted above. The minimum number of Miller Rabin tests for each modulus size is implemented according to Table C.2 of FIPS 186-4. For modulus size 4096, the module implements the largest number of Miller-Rabin tests shown in Table C.2. RSA SigVer is CAVP tested for all three supported modulus sizes as noted above. The module does not perform FIPS 186-2 SigVer. All supported modulus sizes are CAVP testable and tested as noted above. The module does not implement RSA key transport in the approved mode. The module does not have any algorithms that fall under: -​ Non-Approved Algorithms Allowed in the Approved Mode of Operation -​ Non-Approved Algorithms Not Allowed in the Approved Mode of Operation The following table documents the module’s algorithms that are non-approved and not allowed for use in the approved mode of operation. Table 4 - Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed Table 5 - Supported Protocols in the Approved Mode SSHv2 IPSec and IKEv2 SNMPv3 Note: These protocols were not reviewed or tested by the CMVP or CAVP. Module Diagrams Figure 1 depicts the logical block diagram for the modules. The cryptographic boundary includes the physical perimeter of the enclosure of the appliance with the physical kit installed and all logical components within. © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 11

Page 12

Figure 1 - Logical Diagram Figures 2 - 24 depict the modules and their interfaces. Please refer to the appendices for depictions of the modules with the physical kits installed. Figure 2 - PA-220 Front Interfaces Figure 3 - PA-220 Rear Interfaces

12 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 13

Figure 4 - PA-220R Front Interfaces Figure 5 - PA-220R Rear Interfaces Figure 6 - PA-820 / PA-850 Front Interfaces Figure 7 - PA-820 Rear Interfaces Figure 8 - PA-850 Rear Interfaces © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 13

Page 14

Figure 9 - PA-3200 Series Front Interfaces Figure 10 - PA-3200 Series Rear Interfaces Figure 11 - PA-5200 Series Front Interfaces

14 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 15

Figure 12 - PA-5200 Rear Interfaces Figure 13 - PA-7050 Front Interfaces Figure 14 - PA-7050 Back Interfaces © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 15

Page 16

Figure 15 - PA-7080 Front (on Left) and Back (on Right) Interfaces

16 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 17

Figure 16 - PA-410 Front Interfaces Figure 17 - PA-410 Rear Interfaces Figure 18 - PA-400 Front Interfaces (PA-440/450/460 front panels are identical) Figure 19 - PA-400 Rear Interfaces (PA-440/450/460 rear panels are identical) © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 17

Page 18

Figure 20 - PA-5450 Front Interfaces Figure 21 - PA-5450 Management Processor Card

18 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 19

Figure 22 - PA-5450 Networking Card Figure 23 - PA-5450 Data Processing Card © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 19

Page 20
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
HSCI (PA-3200 Series, PA-5200 Series, PA-5450, PA-7000 Series)HSCI (PA-3200 Series, PA-5200 Series, PA-5450, PA-7000 Series)Data input, control input, data output, status outputSSH
LEDLEDStatus outputModule status via LED indicators
Micro USB Console (PA-220, PA-220R, PA-800 Series, PA-3200 Series,Micro USB Console (PA-220, PA-220R, PA-800 Series, PA-3200 Series,Status outputSelf-test output
PA-440/PA-450/PA-460, PA-5450, PA-7050, PA-7080)PA-440/PA-450/PA-460, PA-5450, PA-7050, PA-7080)
PowerPowerPowerN/A
Power switch (PA-7000 Series)Power switch (PA-7000 Series)Control inputPower input switch
QSFP+ (PA-3260, PA-5250, PA-5260, PA-5280, PA-7000 Series)QSFP+ (PA-3260, PA-5250, PA-5260, PA-5280, PA-7000 Series)Data input, control input, data output, status outputTLS, IPsec, or SSH
QSFP28 (PA-5200 Series, PA-5450, PA-7000 Series)QSFP28 (PA-5200 Series, PA-5450, PA-7000 Series)Data input, control input, data output, status outputTLS, IPsec, or SSH
RJ45 ConsoleRJ45 ConsoleStatus outputSelf-test output
RJ45 EthernetRJ45 EthernetData input, control input, data output, status outputTLS, IPSec
RJ45 HA (PA-3200 Series, PA-5200 Series, PA-5450, PA-7050, PA-7080)RJ45 HA (PA-3200 Series, PA-5200 Series, PA-5450, PA-7050, PA-7080)Data input, control input, data output, status outputSSH
RJ45 Log (PA-5450)RJ45 Log (PA-5450)Data input, control input, data output, status outputTLS, IPsec
RJ45 MGT (PA-400 Series, PA-3200 Series, PA-440/PA-450/PA-460, PA-5450, PA-7000 Series)RJ45 MGT (PA-400 Series, PA-3200 Series, PA-440/PA-450/PA-460, PA-5450, PA-7000 Series)Data input, control input, data output, status outputTLS, SSH
SFP (PA-220R, PA-800 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series)SFP (PA-220R, PA-800 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series)Data input, control input, data output, status outputTLS, IPSec, or SSH
SFP+ (PA-800 Series, PA-3200 Series, PA-5200 Series, PA-5450, PA-7050, PA-7080)SFP+ (PA-800 Series, PA-3200 Series, PA-5200 Series, PA-5450, PA-7050, PA-7080)Data input, control input, data output, status outputTLS, IPSec, or SSH

Figure 24 - PA-5450 Rear Interfaces 3. Cryptographic Module Interfaces The modules are multi-chip standalone modules with ports and interfaces as shown below. The modules do not implement a Table 6 - Ports and Interfaces1 Interfaces depicted in Figures 2-25 above, but not listed in this table are disabled or do not transfer any data.

20 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 21

N/A 4. Roles, Services, and Authentication Services While in the Approved mode of operation, all CO and User services are accessed via SSH or TLS sessions. Approved and allowed algorithms, relevant CSPs, and public keys related to these protocols are accessed to support the following services. CSP access by services is further described in the following tables. © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 21

Page 22
Service
NameRolesInputOutput
Show VersionCrypto OfficerQuery module for versionModule provides version
Security Configuration ManagementCrypto Officer, UserConfiguring and managing cryptographic parameters and setting/modifying security policy, including creating User accounts and additional CO accounts via CLI or WebUIConfirmation of service via Configuration Logs
Other ConfigurationCrypto OfficerNetworking parameter configuration, logging configuration, and other non-security relevant configuration via CLI or WebUIConfirmation of service via Configuration Logs
View Other ConfigurationCrypto Officer, UserQuery module for current non-security relevant configuration via WebUI or CLIConfirmation of service via Configuration Logs
Show StatusCrypto Officer, User, RA VPN, S-S VPNQuery status of the module via WebUI or CLIModule status information via CLI or System Logs
VPNRA VPN, S-S VPNInitialize VPN connectionConfirmation of service via System Logs
Firmware UpdateCrypto OfficerLoading new imageMessage output noting version updated successfully
ZeroizeUnauthenticatedInitiate zeroization commandConsole Output
Self-TestsUnauthenticatedPower removalConsole Output
Show Status (LEDs)UnauthenticatedN/ALEDs

Table 7 - Roles, Service Commands, Input and Output N/A Assumption of Roles The modules support four distinct operator roles, User and Cryptographic Officer (CO), Remote Access VPN, and Site-to-site VPN. The cryptographic modules enforce the separation of roles using unique authentication credentials associated with operator accounts. The modules support concurrent operators. The modules do not provide a maintenance role or bypass capability. The modules all support the use of a password (i.e. Memorized Secret as per SP 800-140E). Upon first boot, the module requires that the Cryptographic Officer change the password from the default one to a custom one. The module automatically enforces a minimum password length of at least 8 characters. In FIPS-CC mode, the module automatically enforces a maximum of 10 failed attempts. Passwords stored in the module are hashed using SHA-256, and any passwords that are transported into/out of the module are protected via TLS 1.2.

22 PAN-OS 10.1 Next-Generation Hardware Firewalls

© 2025 Palo Alto Networks, Inc.

Page 23
Approved algorithm
NameUse Function
Authentication StrengthAuthentication MethodRole
Password-based The minimum length is eight (8) characters2 (95 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(958) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(958), which is less than 1/100,000. The firewall’s configuration supports at most ten failed attempts to authenticate in a one-minute period. Certificate/Public key-based The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521. The minimum equivalent strength supported is 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 288,000,000/(2112), which is less than 1/100,000. The firewall supports at most 4,800,000 new sessions per second.Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authentication)Cryptographic Officer
UserMemorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authenticationUser
Remote Access VPN (RA VPN)Memorized Secret (Unique Username/password) and/or Single-Factor Cryptographic Software (certificate common name / public key-based authenticationRemote Access VPN (RA VPN)
The pre-shared key authentication method has a minimum security strength3 of 956. The probability of successfully authenticating to the module is 1/(956), which is less than 1/1,000,000. The number of authentication attempts is limited by the number of new connections per second supported (4,800,000) on the fastest platform of the Palo Alto Networks firewalls. The probability of successfully authenticating to the module within a one minute period is 288,000,000/(956), which is less than 1/100,000. The security modules support public-key based authentication using RSA 2048 and certificate-based authentication using RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521. The minimum equivalent strength supported is 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 288,000,000/(2112), which is less than 1/100,000. The fastest firewall supports at most 288,000,000 new sessions per second to authenticate in a one-minute period.IKE/IPSec Pre-shared keys - Identification with the IP Address and authentication with the Pre-Shared Key or certificate based authenticationSite-to-Site VPN (S-S VPN)

Table 8 - Roles and Authentication In FIPS-CC Mode, the module checks and enforces the minimum password length of eight (8) as specified in SP 800-63B. Passwords are securely stored hashed with salt value, with very restricted access control, and rate limiting mechanism for random number password allowance that sets a baseline minimum acceptable strength of 106. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 23

Page 24
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Show VersionQuery the module to display the versionCON/AN/AN/AVersion displayed via System Logs / CLI / UI
Security Configuration ManagementConfiguring and managing cryptographic parameters and setting/modifying security policy, including creating User accounts and additional CO accountsCORSA Private KeysCKG RSA KeyGen (FIPS 186-4) RSA SigGen (FIPS 186-4)G/W/EConfiguration/System Logs
CKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)COECDSA Private KeysCKG ECDSA KeyGen (FIPS 186-4) ECDSA SigGen (FIPS 186-4)G/W/EConfiguration/System Logs
KASCOTLS Pre-Master SecretKASG/E/ZConfiguration/System LogsKDF TLS, MD5
KDF TLS, MD5COTLS Master SecretG/E/ZConfiguration/System LogsKDF TLS, MD5
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCOTLS DHE/ECDHE Private ComponentsG/E/ZConfiguration/System LogsCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsTLS DHE/ECDHE Public ComponentsG/E/R/W/Z
KTSCOTLS HMAC KeysKTSG/E/ZConfiguration/System LogsHMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 384
AES-CBCCOTLS Encryption KeysG/E/ZConfiguration/System LogsAES-CBC
KTSKTSAES-GCM
KTSCOSSH Session Authentication KeysKTSG/E/ZConfiguration/System LogsHMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 512
AES-CBC, AES-CTRCOSSH Session Encryption KeysG/E/ZConfiguration/System LogsAES-CBC, AES-CTR
KTSKTSAES-GCM
KASCOSSH DHE/ECDHE Private ComponentsKASG/E/ZConfiguration/System LogsKDF SSH
SSH DHE/ECDHE Public ComponentsSSH DHE/ECDHE Public ComponentsG/E/R/W/Z
N/ACOCO, User, RA VPN PasswordN/AG/E/WConfiguration/System Logs
Counter DRBGCOEntropy Input StringCounter DRBGG/EConfiguration/System Logs
KDF SNMPCOSNMPv3 Authentication SecretKDF SNMPW/EConfiguration/System Logs
KDF SNMPCOSNMPv3 Privacy SecretKDF SNMPW/EConfiguration/System Logs
HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512COAuthentication KeyHMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512G/E/ZConfiguration/System Logs
AES-CFBCOSession KeyAES-CFBG/E/ZConfiguration/System Logs
N/ACOProtocol SecretsN/AW/EConfiguration/System Logs
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)COCA CertificatesRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/WConfiguration/System Logs
ECDSA SigVer (FIPS 186-4)COECDSA Public KeysECDSA SigVer (FIPS 186-4)G/R/E/WConfiguration/System Logs
RSA SigVer (FIPS 186-4)CORSA Public KeysRSA SigVer (FIPS 186-4)G/R/E/WConfiguration/System Logs
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)COSSH Host Public KeyRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/WConfiguration/System Logs
RSA SigVer (FIPS 186-4)COSSH Client Public KeyRSA SigVer (FIPS 186-4)W/EConfiguration/System Logs
RSA SigVer (FIPS 186-4)COPublic key for Firmware load testRSA SigVer (FIPS 186-4)W/EConfiguration/System Logs
Other ConfigurationNetworking parameter configuration, logging configuration, and other non-security relevant configurationCORSA Private KeysRSA SigGen (FIPS 186-4)G/W/EConfiguration/System Logs
ECDSA SigGen (FIPS 186-4)COECDSA Private KeysECDSA SigGen (FIPS 186-4)G/W/EConfiguration/System Logs
KASCOTLS Pre-Master SecretKASG/E/ZConfiguration/System LogsKDF TLS, MD5
KDF TLS, MD5COTLS Master SecretG/E/ZConfiguration/System LogsKDF TLS, MD5
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCOTLS DHE/ECDHE Private ComponentsG/E/ZConfiguration/System LogsCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsTLS DHE/ECDHE Public ComponentsG/E/R/W/Z
HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384COTLS HMAC KeysHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384G/E/ZConfiguration/System Logs
AES-CBC or AES-GCMCOTLS Encryption KeysAES-CBC or AES-GCMG/E/Z G/ZConfiguration/System Logs
HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512COSSH Session Authentication KeysHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512Configuration/System Logs
AES-CBC, AES-CTR, or AES-GCMCOSSH Session Encryption KeysAES-CBC, AES-CTR, or AES-GCMG/E/ZConfiguration/System Logs
KASCOSSH DHE/ECDHE Private ComponentsKASG/E/ZConfiguration/System LogsKDF SSH
KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationSSH DHE/ECDHE Public ComponentsKAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
N/ACOCO, User, RA VPN PasswordN/AG/E/WConfiguration/System Logs
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)COCA CertificatesRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/WConfiguration/System Logs
ECDSA SigVer (FIPS 186-4)COECDSA Public KeysECDSA SigVer (FIPS 186-4)G/R/E/WConfiguration/System Logs
RSA SigVer (FIPS 186-4)CORSA Public KeysRSA SigVer (FIPS 186-4)G/R/E/WConfiguration/System Logs
RSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)COSSH Host Public KeyRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4)G/R/E/WConfiguration/System Logs
RSA SigVer (FIPS 186-4)COSSH Client Public KeyRSA SigVer (FIPS 186-4)W/EConfiguration/System Logs
Counter DRBGCODRBG SeedCounter DRBGG/EConfiguration/System Logs
View Other ConfigurationRead-only of non-security relevant configurationCO, UserCO, User, RA VPN Password Note: includes all items in “Other Configuration”N/AW/EConfiguration/System Logs
Show StatusProvides status information of the moduleCO, UserRSA Private KeysRSA SigGen (FIPS 186-4)EConfiguration/System Logs
ECDSA SigGen (FIPS 186-4)CO, UserECDSA Private KeysECDSA SigGen (FIPS 186-4)EConfiguration/System Logs
KASCO, UserTLS Pre-Master SecretKASG/E/ZConfiguration/System LogsKDF TLS, MD5
KDF TLS, MD5CO, UserTLS Master SecretG/E/ZConfiguration/System LogsKDF TLS, MD5
CKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key VerificationCO, UserTLS DHE/ECDHE Private ComponentsG/E/ZConfiguration/System LogsCKG, ECDSA KeyGen (FIPS 186-4), ECDSA KeyVer (FIPS 186-4), KAS-ECC-SSC, KAS-FFC-SSC, Safe Primes Key Generation, Safe Primes Key Verification
TLS DHE/ECDHE Public ComponentsTLS DHE/ECDHE Public ComponentsG/E/R/W/Z
HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384CO, UserTLS HMAC KeysHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384G/E/ZConfiguration/System Logs
AES-CBC or AES-GCMCO, UserTLS Encryption KeysAES-CBC or AES-GCMG/E/ZConfiguration/System Logs
HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512CO, UserSSH Session Authentication KeysHMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-512G/E/ZConfiguration/System Logs
AES-CBC, AES-CTR, or AES-GCMCO, UserSSH Session Encryption KeysAES-CBC, AES-CTR, or AES-GCMG/E/ZConfiguration/System Logs

The table below defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. Table 9 - Approved Services N/A HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2256 HMAC-SHA2512 N/A N/A G/W/E G/W/E G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z

24 PAN-OS 10.1 Next-Generation Hardware Firewalls

G/E/R/W/Z © 2025 Palo Alto Networks, Inc.

Page 25

N/A N/A © 2025 Palo Alto Networks, Inc. G/E/W G/E W/E W/E G/E/Z G/E/Z W/E G/R/E/W G/R/E/W G/R/E/W G/R/E/W W/E W/E G/W/E G/W/E G/E/Z G/E/Z G/E/Z G/E/Z G/E/Z G/Z G/E/Z G/E/Z G/E/R/W/Z G/E/R/W/Z PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 25

Page 26
26 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy G/E/R/W/Z © 2025 Palo Alto Networks, Inc.

Page 27
Sensitive security parameter
NameUseInputKAS Counter DRBGG/E/Z G/E/R/W/Z G/EConfiguration/System Logs Configuration/System Logs
AES-CCMKTS
AES-GCMKTS
N/AS-S VPNS-S VPN IPSec Pre-Shared KeysN/AW/EConfiguration/System Logs
ECDSA SigVer (FIPS 186-4)S-S VPNECDSA Public KeysECDSA SigVer (FIPS 186-4)W/EConfiguration/System Logs
RSA SigVer (FIPS 186-4)S-S VPNRSA Public KeysRSA SigVer (FIPS 186-4)W/EConfiguration/System Logs
RSA SigGen (FIPS 186-4)RA VPNRSA Private KeysRSA SigGen (FIPS 186-4)EConfiguration/System Logs
ECDSA SigGen (FIPS 186-4)RA VPNECDSA Private KeysECDSA SigGen (FIPS 186-4)EConfiguration/System Logs
KDF TLS, MD5TLS Master SecretG/E/Z
AES-GCMKTS
RSA SigVer (FIPS 186-4)) ECDSA SigVer (FIPS 186-4)RA VPNCA CertificatesRSA SigVer (FIPS 186-4)) ECDSA SigVer (FIPS 186-4)W/EConfiguration/System Logs
ECDSA SigVer (FIPS 186-4)RA VPNECDSA Public KeysECDSA SigVer (FIPS 186-4)W/EConfiguration/System Logs
RSA SigVer (FIPS 186-4)RA VPNRSA Public KeysRSA SigVer (FIPS 186-4)W/EConfiguration/System Logs
ZeroizeCOAll keys and SSPsN/AZZeroization indicatorZeroizeDestroys all keys in the module
Self-TestCOSoftware integrity verification keyHMAC-SHA2-256, ECDSA SigVer (FIPS 186-4)ESystem LogsSelf-TestInitiates self-tests and integrity test
Show StatusAllN/AN/ARLEDsShow StatusProvides status of the module

HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 N/A © 2025 Palo Alto Networks, Inc. G/E/Z G/E G/E/Z G/E/Z G/E/Z G/E/R/W/Z G/E/R/W/Z W/E W/E W/E E E G/E/Z G/E/Z G/E/R/W/Z G/E/Z PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 27

Page 28

HMAC-SHA2256 HMAC-SHA2384 N/A N/A G/E/Z G/E/Z G/E/Z G/E/Z G/E G/E G/E W/E W/E W/E E Z E N/A R Note: Configuration/System Logs for Approved services above will indicate FIPS-CC mode is enabled, configuration requirements from Section 11 are followed, and that the service succeeded. ECDSA Cert. #A2137) during the Pre-Operational Self-Test. In addition, the module also conducts the firmware load test by using RSA 2048 with SHA-256 (Cert. #A2137) for the new validated firmware to be uploaded into the module via the the Firmware Integrity and Firmware Load test, respectively, are generated externally and delivered as part of the module firmware image. The pre-operational self-tests can be initiated by power cycling the module. When this is performed, the module automatically runs the cryptographic algorithm self-tests in addition to the pre-operational firmware integrity test. The module’s executable code is in the form of the compiled firmware image loaded onto the module.

28 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 29
Physical Security MechanismsRecommended Frequency of Inspection/TestInspection/Test Guidance Details
Tamper-Evident Seals (PA-7080, PA-7050, PA-5220, PA-5250, PA-5260, PA-5280, PA-3220, PA-3250, PA-3260, PA-820, PA-850, PA-220R, PA-220, PA-410/440/450/460, PA-5450)30 daysVerify integrity of tamper-evident seals in the locations identified in the FIPS Kit Installation Guide. Seal integrity to be verified within the modules operating temperature range.
Top, Bottom, Front and Rear Opacity Shields (PA-7050 PA-5450)30 daysVerify that the plenums and opacity shields have not been deformed from their original shape, thereby reducing their effectiveness
Front and Rear Covers (PA-3220, PA-3250, PA-3260)30 daysVerify that front and rear covers have not been deformed from their original shape, thereby reducing their effectiveness
Front Cover (PA-7080, PA-5450)30 daysVerify that front cover has not been deformed from its original shape thereby reducing its effectiveness
Front cover and Cage Enclosure (PA-220)30 daysVerify that front cover and cage enclosure have not been deformed from their original shape, thereby reducing their effectiveness
  1. Operational Environment The FIPS 140-3 Operational Environment requirements are not applicable because the module does not contain a modifiable operational environment. The operational environment is limited since the modules include a firmware load service to support necessary updates. New firmware versions within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any other firmware loaded into these modules is out of the scope of this validation and requires a separate FIPS 140-3 validation. The multi-chip standalone modules are production quality containing standard passivation. Chip components are protected by an opaque enclosure. There are tamper evident seals that are applied on the modules by the Crypto-Officer. All unused seals are to be controlled by the Crypto-Officer. The seals prevent removal of the opaque enclosure without evidence. The Crypto-Officer must ensure that the module surface is clean and dry. Tamper evident seals must be pressed firmly onto the adhering surfaces during installation and once applied the Crypto- Officer shall permit 24 hours of cure time for all tamper-evident seals. The Crypto-Officer should inspect the seals and shields for evidence of tamper every 30 days. If the seals show evidence of tamper, the Crypto-Officer should assume that the modules have been compromised and contact Customer Support. Note: For ordering information, see tables in Cryptographic Module Specification for Kit part numbers and versions. Opacity shields and Tamper Seals are included for the kits. Table 10 - Physical Security Inspection Guidelines
  2. Non-Invasive Security No approved non-invasive attack mitigation test metrics are defined at this time. © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 29
Page 30
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationImport ExportKey/SSP/Name/Ty pe
ECDSA/RSA Public key - Used to trust a root CA intermediate CA and leaf /end entity certificates (RSA 2048, 3072, and 4096 bits) (ECDSA P-256, P-384, and P-521)112 - 256 bitsRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A2137DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedCA Certificates
RSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (RSA 2048, 3072, or 4096-bit)112 - 150 bitsRSA SigVer (FIPS 186-4) Cert. #A2137DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key Encrypted or Plaintext TLS handshakeRSA Public Keys
RSA Private keys for generation of signatures, authentication or key establishment. (RSA 2048, 3072, or 4096-bit)112 - 150 bitsRSA SigGen (FIPS 186-4) Cert. #A2137DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedRSA Private Keys
ECDSA public keys managed as certificates for the verification of signatures, establishment of TLS, operator authentication and peer authentication. (ECDSA P-256, P-384, or P-521)128 - 256 bitsECDSA SigVer (FIPS 186-4) Cert. #A2137DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key Encrypted or Plaintext TLS handshakeECDSA Public Keys
ECDSA Private key for generation of signatures and authentication (P-256, P-384, or P-521)128 - 256 bitsECDSA SigGen (FIPS 186-4) Cert. #A2137DRBG, FIPS 186-4N/AHDD/RAM – plaintextHDD – Zeroize Service RAM - Zeroize at session terminationTLS or SSH Session Key EncryptedECDSA Private Keys
Ephemeral Diffie-Hellman private FFC or EC component used in TLS (DHE 2048, ECDHE P-256, P-384, P-521)128 - 256 bitsKAS-ECC-SS C KAS-FFC-SS C Cert. #A2137DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationN/ATLS DHE/ECDHE Private Components
Diffie_Hellman or EC Diffie-Hellman Ephemeral values used in key agreement (DHE 2048, ECDHE P-256, P-384, P-521)128 - 256 bitsKAS-ECC-SS C KAS-FFC-SS C Cert. #A2137DRBG, SP 800-56A Rev. 3N/AN/AZeroize at session terminationPlaintext - TLS handshakeTLS DHE/ECDHE Public Components
Secret value used to derive the TLS Master Secret along with client and server random nonces112 bits minimumKDF TLS Cert. #A2137, MD5 (No Security ClaimedKAS-ECC-SS C or KAS-FFC-SS C, SP 800-56A Rev. 3N/ARAM – plaintextZeroize at session terminationN/ATLS Pre-Master Secret
Secret value used to derive the TLS session keys384 bitsKDF TLS Cert. #A2137, MD5 (No Security ClaimedKDF TLSN/ARAM – plaintextZeroize at session terminationN/ATLS Master Secret
AES (128 or 256 bit) keys used in TLS connections (GCM; CBC)128 or 256 bitsAES-CBC or AES-GCM Cert. #A2137KDF TLSTLS, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ATLS Encryption Keys
HMAC keys used in TLS connections (HMAC-SHA-1, HMAC-SHA2-256/ 384) (160, 256, 384 bits)160 - 256 bitsHMAC-SHA- 1 HMAC-SHA2 -256 HMAC-SHA2 -384 Cert. #A2137KDF TLSTLS, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ATLS HMAC Keys
Diffie Hellman or EC Diffie-Hellman private (DH Group 14, ECDH P-256, ECDH P-384, ECDH P-521)112 - 256 bitsKAS-ECC-SS C KAS-FFC-SS C Cert. #A2137DRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationN/ASSH DHE/ECDHE Private Components
Diffie Hellman or EC Diffie-Hellman public component112 - 256 bitsKAS-ECC-SS CDRBG, SP 800-56A Rev. 3N/ARAM - plaintextZeroize at session terminationPlaintext SSH handshakeSSH DHE/ECDHE Public Components
(DH Group 14, ECDH P-256, ECDH P-384, ECDH P-521)KAS-FFC-SS C Cert. #A2137
SSH Host Public Key (RSA 2048, RSA 3072, RSA 4096, ECDSA P-256, P-384, or P-521)112 - 256 bitsRSA SigVer (FIPS 186-4) ECDSA SigVer (FIPS 186-4) Cert. #A2137DRBG, FIPS 186-4N/AHDD/RAM – plaintextZeroize ServiceN/ASSH Host Public Key
Public RSA key used to authenticate client. (RSA 2048, 3072, and 4096 bits)112 - 150 bitsRSA SigVer (FIPS 186-4) Cert. #A2137N/AN/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key EncryptedSSH Client Public Key
Used in all SSH connections to the security module’s command line interface. (128, 192, or 256 bits: AES CBC or CTR) (128 or 256 bits: AES GCM)128 - 256 bitsAES-CBC, AES-CTR, or AES-GCM Cert. #A2137KDF SSHSSH, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ASSH Session Encryption Keys
Authentication keys used in all SSH connections to the security module’s command line interface (HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-512) (160, 256, 512 bits)160 - 256 bitsHMAC-SHA- 1 HMAC-SHA2 -256 HMAC-SHA2 -512 Cert. #A2137KDF SSHSSH, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/ASSH Session Authentication Keys
Diffie-Hellman or EC Diffie-Hellman private component used in key establishment (DHE 2048, ECDHE P-256, P-384)112 - 256 bitsKAS-ECC-SS C KAS-FFC-SS C Cert. #A2137DBRG, SP 800-56A Rev. 3N/ARAM - plaintextPower cycleN/AS-S VPN IPSec/IKE DHE or ECDHE Private Components
Diffie-Hellman or EC Diffie-Hellman public component used in key agreement (DHE 2048, ECDHE P-256, P-384)112 - 256 bitsKAS-ECC-SS C KAS-FFC-SS C Cert. #A2137DRBG, SP 800-56A Rev. 3N/ARAM - plaintextPower cycleN/AS-S VPN IPSec/IKE DHE or ECDHE Public Components
Used to encrypt IKE/IPSec data. These are AES (128, 192, or 256 CBC) IKE keys and (128, 192 or 256 CBC, 128 CCM, 128 or 256 GCM) IPSec keys128 - 256 bitsAES-CBC, AES-CCM, AES-GCM Cert. #A2137KDF IKEv2IPSec/IKE, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/AS-S VPN IPSec/IKE Session Keys
(HMAC-SHA-1, SHA-256, SHA-384 or SHA-512) Used to authenticate the peer in an IKE/IPSec tunnel connection. (160, 256, 384, 512 bits)160 - 256 bitsHMAC-SHA- 1 HMAC-SHA2 -256 HMAC-SHA2 -384 HMAC-SHA2 -512 Cert. #A2137KDF IKEv2IPSec/IKE, KAS SP 800-56A Rev. 3RAM - plaintextZeroize at session terminationN/AS-S VPN IPSec/IKE Authentication Keys
PSK used in conjunction with HMAC listed above for authentication. Entered into the module by the Crypto Officer once authenticatedN/AN/AN/AN/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key EncryptedS-S VPN IPSec Pre-Shared Keys
Used to encrypt remote access sessions utilizing IPSec. (AES 128-CBC, 128/256-GCM)128 or 256 bitsAES-CBC or AES-GCM Cert. #A2137CKG, DRBGN/ARAM - plaintextZeroize at session terminationN/ARA VPN IPSec Session Keys
(HMAC-SHA-1, 160 bits) Used in authentication of remote access IPSec data.160 bitsHMAC-SHA- 1 Cert. #A2137CKG, DRBGN/ARAM - plaintextZeroize at session terminationN/ARA VPN IPSec Authentication
Used to check the integrity of all software code (HMAC-SHA-256 and ECDSA P-256)128 bitsHMAC-SHA2 -256, ECDSA SigVer (FIPS 186-4) Cert. #A2137Factory preloadN/AHDD - plaintextN/AImport only, TLS or SSH Session Key EncryptedFirmware integrity verification key
Used to authenticate firmware and content to be installed on the firewall (RSA 2048 with SHA-256)112 bitsRSA SigVer (FIPS 186-4) Cert. #A2137Factory preloadN/AHDD - plaintextN/AImport only, TLS or SSH Session Key EncryptedPublic key for firmware content load test
Authentication string with a minimum length of eight (8) characters.N/ASHA2-256 Cert. #A2137ExternalN/AHDD - a password hash (SHA2-256)Zeroize ServiceTLS or SSH Session Key EncryptedCO, User, RA VPN Password
Secrets used by RADIUS or TACACS+ (8 characters minimum)N/AN/AExternalN/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key EncryptedProtocol Secrets
Entropy input string coming from the entropy source Input length = 384 bits194 bitsCKG (vendor affirmed), Counter DRBG Cert. #A2137Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/AEntropy Input String
DRBG seed coming from the entropy source Seed length = 384 bits194 bitsCKG (vendor affirmed), Counter DRBG Cert. #A2137Entropy as per SP 800-90BN/ARAM - PlaintextPower cycleN/ADRBG Seed
AES 256 CTR DRBG state Key used in the generation of a random values256 bitsCKG (vendor affirmed), Counter DRBG Cert. #A2137Entropy as per SP 800-90BN/ARAM - plaintextPower cycleN/ADRBG Key
AES 256 CTR DRBG state V used in the generation of a random values128 bitsCKG (vendor affirmed), Counter DRBGEntropy as per SP 800-90BN/ARAM - plaintextPower cycleN/ADRBG V
Used to support SNMPv3 services (Minimum 8 characters)N/AKDF SNMP Cert. #A2137N/AN/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key EncryptedSNMPv3 Authentication Secret
Used to support SNMPv3 services (Minimum 8 characters)N/AKDF SNMP Cert. #A2137N/AN/AHDD/RAM – plaintextZeroize ServiceTLS or SSH Session Key EncryptedSNMPv3 Privacy Secret
HMAC–SHA-1/224 /256/384/512 Authentication protocol key (160 bits)160 - 256 bitsHMAC-SHA- 1 HMAC-SHA2 -224 HMAC-SHA2 -256 HMAC-SHA2 -384 HMAC-SHA2 -512 Cert. #A2137KDF SNMPN/AHDD/RAM - PlaintextZeroize ServiceN/AAuthentication Key
Privacy protocol encryption key (AES 128/192/256 CFB)128 - 256 bitsAES-CFB Cert. #A2137KDF SNMPN/AHDD/RAM - PlaintextZeroize ServiceN/ASession Key

9. Sensitive Security Parameter Management The following table details all the sensitive security parameters utilized by the module. “TLS or SSH Session Key Encrypted” corresponds to the following KTS entries listed in the Approved Algorithms table:

30 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 31

N/A N/A N/A C C N/A N/A C C N/A N/A N/A N/A N/A N/A N/A HMAC-SHA1 C C C © 2025 Palo Alto Networks, Inc. N/A N/A N/A N/A PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 31

Page 32

C N/A N/A N/A N/A N/A HMAC-SHA1 N/A C C N/A N/A C C N/A N/A N/A HMAC-SHA1 N/A

32 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 33

N/A N/A N/A N/A N/A N/A HMAC-SHA1 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2025 Palo Alto Networks, Inc. N/A N/A N/A N/A N/A N/A N/A N/A N/A PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 33

Page 34
Approved algorithm
NameKey Size
DetailsMinimum number of bits of entropyEntropy Source
ESV Cert. #129 The entropy source provides at least 0.506 bits of entropy per bit of output. The DRBG is seeded with 384-bits of output from the entropy source. Therefore the DRBG is seeded with at least 194 bits of entropy before generating keys. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy194 bitsPalo Alto Networks DRNG RDSEED Entropy Source
ESV Cert. #128 The entropy source provides at least 0.506 bits of entropy per bit of output. The DRBG is seeded with 384-bits of output from the entropy source. Therefore the DRBG is seeded with at least 194 bits of entropy before generating keys. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy194 bitsOcteon III Entropy Source

N/A N/A N/A N/A N/A N/A HMAC-SHA1 N/A N/A N/A N/A Note: SSPs are implicitly zeroized when power is lost, or explicitly zeroized by the zeroize service. In the case of implicit zeroization, the SSPs are implicitly overwritten with random values due to their ephemeral memory being reset upon power loss. For the zeroization service and zeroization at session termination, the SSP's memory location is overwritten with random values. Table 12 - Non-Deterministic Random Number Generation Specification

34 PAN-OS 10.1 Next-Generation Hardware Firewalls
Page 35

10. Self-Tests The cryptographic module performs the following tests below. The operator can command the module to perform the pre-operational and cryptographic algorithm self-tests by cycling power of the module; these tests do not require any additional operator action. Pre-operational Self-Tests Pre-operational Software Integrity Test

Page 36
Cause of ErrorError State Indicator
Conditional Cryptographic Algorithm Self-Test or Software Integrity Test FailureFIPS-CC mode failure. <Algorithm test> failed.
Conditional Pairwise Consistency or Critical Functions Test FailureSystem log prints an error message.
Conditional Firmware Load Test FailureSystem prints Invalid image message.
36 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 37

12.​ The module does not output intermediate key generation values. 13.​ Pre-shared keys used for IKE/IPSec must be at least 6 bytes in length, but no more than 255 bytes. Vendor imposed security rules In FIPS-CC mode, the following rules shall apply: 1.​ The operator should not enable TLSv1.0 or use RSA for key wrapping; it is disabled by default. a.​ Checked via CLI using “show shared” command 2.​ The operator should not enable TLSv1.3, it is disabled by default. a.​ Checked via CLI using “show profiles” command 3.​ If using RADIUS, it must be configured using TLS. a.​ Checked via CLI using “show shared” command 4.​ If using TACACS+, configure the service route via an IPSec tunnel, and ensure the TACACS+ server is configured for a minimum password length of eight (8) characters or greater. a.​ Checked via CLI using “show deviceconfig” command Failure to follow these Security Rules will cause the module to operate in a non-compliant state.

  1. Mitigation of Other Attacks The module is not designed to mitigate any specific attacks outside the scope of FIPS 140-3. These requirements are not applicable.
  2. Definitions and Acronyms API – Application Programming Interface App-ID – Application Identification - Palo Alto Networks’ ability to identify applications and apply security policy based on the ID rather than the typical port and protocol-based classification. BGP – Border Gateway protocol – Dynamic routing protocol CA – Certificate authority Content-ID – Content Identification – Palo Alto Networks’ threat prevention features including Antivirus, Antispyware, and Intrusion Prevention. CO – Cryptographic Officer DLP – Data loss prevention Gbps – Gigabits per second HA – High Availability HSCI - High Speed Chassis Interconnect IKE – Internet Key Exchange IP – Internet Protocol IPSec – Internet Protocol Security LDAP – Lightweight Directory Access Protocol LED – Light Emitting DiodeOCSP – Online Certificate Status Protocol OSPF – Open Shortest Path First – Dynamic routing protocol PAN-OS – Palo Alto Networks’ Operating System QoS – Quality of Service QSFP - Quad Small Form-factor Pluggable RA VPN – Remote Access Virtual Private Network RIP – Routing Information Protocol – Dynamic routing protocol © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 37
Page 38

RJ45

38 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 39

5.​ Route the front-port cables through the front-cover cable-guide openings. © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 39

Page 40

6.​ Attach the FIPS front-cover panel to the FIPS front cover by sliding the two (2) panel tabs under the FIPS chassis cover and then attach the panel using two (2) #4-40 x .25” screws. 7.​ Apply a tamper-evident seal to each location shown in the following illustration (six (6) seals total). After all seals are applied, place the firewall right-side up. 1​

40 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 41

Appendix B - PA-220R- FIPS Accessories/Tamper Seal Installation (5 Seals) 1.​ Place three tamper-evident seals on the top of the module. 2.​ Place two tamper-evident seals on the bottom of the module. © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 41

Page 42

Appendix C - PA-800 series - FIPS Accessories/Tamper Seal Installation (11 Seals) 1.​ Place the firewall on a flat Electrostatic Discharge (ESD) protected surface and ground yourself by touching a metal surface on the firewall. 2.​ Place the FIPS back cover onto the back of the firewall and attach it using four #4-40 x 5/16 screws (two screws on each side of the back cover). ​ 3.​ Insert the front (network, management, and console) cables in to the front ports. 4.​ Place the FIPS front cover onto the front of the firewall and place the rack-mount brackets over the holes on the front cover. Attach the front cover and rack-mount brackets to the firewall using eight (8) #6-32 x 5/16” rack-mount bracket screws (shipped with the firewall)—use four (4) screws on each side. Route the front cables through the front-cover cable-guide opening.

42 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 43

​ ​ ​ 5.​ Apply a tamper-evident seal to each location shown in the following illustrations (eleven (11) seals total). The seal placement over the power supply of the PA-820 firewall and PA-850 firewall is slightly different as shown. ​ © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 43

Page 44
44 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 45

Appendix D

Page 46

3.​ Place 19 tamper seals on the module. Note: Tamper seal placement is the same for all mount types. Seal #16 is required only for the front-mount of four-post rack installations. It is not required for the mid-mount installation

46 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 47

Appendix E - PA-5200- FIPS Accessories/Tamper Seal Installation (28 Seals) 1.​ Place the firewall upside down on a flat Electrostatic Discharge (ESD) protected surface and ground yourself by touching a metal surface on the firewall. 2.​ Install power cables: plug the power cords in to the power inlets located on the back of the firewall and connect the ground lug and ground cable to the ground lug bolts (you cannot access these back ports after you attach the FIPS back cover). 3.​ Place the FIPS back cover onto the back of the firewall and attach it to the firewall using four (4) #8-32 x 1/4” screws (two (2) screws on each side of the cover). Route the power cables through the back-cover cable-guide openings. ​ ​ 4.​ Attach the FIPS back-cover panel to the FIPS back cover using four (4) #4-40 x 1/4” screws (one (1) screw on each side of the cover and two (2) screws on the back of the cover). ​ © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 47

Page 48

5.​ Place the FIPS front cover onto the front of the firewall and place the rack-mount brackets over the holes on the front cover. Attach the front cover and rack-mount brackets to the firewall using eighteen (18) #8-32 x 5/16” screws (shipped with the firewall)—use nine (9) screws on each side. ​ 6.​ Apply a tamper-evident seal to each location shown in the illustrations (28 seals).

48 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 49

© 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 49

Page 50
50 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 51

Appendix F - PA-7050 - FIPS Accessories/Tamper Seal Installation (24 Seals) 1.​ Attach front right rack mount brackets in 4-post rack position. Do not attach rear rack mount brackets. Note that brackets are rotated 180 degrees, so the screw holes lineup and the rack mount holes are now on the front of the chassis. 2.​ Align right plenum bracket with five (5) open screw holes. Attach air plenum brackets using five (5) of the remaining bracket screws as shown. Repeat for left side. 3.​ Attach bottom plenum to the front right rack mount bracket. Place only the middle two (2) screws. © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 51

Page 52

4.​ Attach the bottom plenum to the rearward right plenum bracket. 5.​ Rotate PA-7050 chassis clockwise 90 degrees onto the bottom plenum.

52 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 53

6.​ Assemble top plenum and cable guide hardware. 7.​ Attach top plenum to the front left rack mount bracket © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 53

Page 54

8.​ Attach front opacity shield using the four (4) captive screws 9.​ Attach top plenum to the rearward left plenum bracket along with plenum’s rear opacity shield as shown

54 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 55

10.​ Loosen four (4) screws on the panel containing the power supply vent. Insert the power supply vent opacity shield and tighten screws. 11.​ Facing the front of the module, affix two (2) seals to top of the front opacity shield, one (1) near left edge and one (1) near the right edge. Ensure the seals, when placed, overlap onto the top of the plenum, as shown. (2 total) © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 55

Page 56

12.​ Facing the front of the module affix one (1) seal centered to the bottom of the front opacity shield to the bottom air plenum, as shown. (1 total) 13.​ Facing the rear of the module, affix two (2) seals to top of the rear opacity shield, one (1) near left edge and one (1) near the right edge. Ensure the seals, when placed, overlap onto the top of the plenum, as shown. (2 total)

56 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 57

14.​ Facing the rear of the module; A.​ Affix one (1) seal to the top plenum/opacity shield, covering the left and right outermost screws, as shown. B.​ Affix one (1) seal to the left and right edge of the top plenum bracket folding over the outer edge of the module, as shown. C.​ Affix one (1) seal to the top of each rear panel (three (3). Ensure that the seals lap onto the top rear plenum brackets, as shown. (7 total) © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 57

Page 58

15.​ Facing the rear of the module, A.​ Affix one (1) seal to the bottom of each rear panel (three (3). Ensure that the seals laps onto the bottom rear plenum brackets, as shown. B.​ Affix one (1) seal to the left and right edge of the bottom plenum bracket folding over the outer edge of the module, as shown. C.​ Affix one (1) seal to the bottom plenum’s rear side and the bottom plenum rear bracket. (6 total)

58 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 59

16.​ Facing the rear of the module;

Page 60

Appendix G - PA-7080 - FIPS Accessories/Tamper Seal Installation (10 Seals) 1.​ Using the supplied screws attach the Cable Manger Kit with upper opacity lip to the front of the PA-7080, as shown. 2.​ Using the supplied screws, attach the Left and Right Front Cover brackets to the sides of the PA-7080, as shown.

60 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 61

3.​ Using the supplied screws attach front opacity shield to the PA-7080 as shown. 4.​ The final assembly for the PA-7080 with the FIPS kit is as shown. © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 61

Page 62

5.​ Facing the front of the PA-7080: A.​ Affix one (1) seal to the front and center of the exhaust fan tray. Ensure the seal overlaps the seam with the front PA-7080 branding panel as shown. (1 total) B.​ Affix one (1) seal to the left and right outer edge of mounting flanges for the front opacity shield. Seals should fold over the edge of the cover flange and mounting bracket onto the side of the PA-7080. (2 total) C.​ Affix one (1) seal to the front and center of the air intake fan tray. Ensure the seal overlaps the seam with the PA-7080 electrostatic discharge port panel as shown. (1 total)

62 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 63

6.​ Facing the rear of the PA-7080; D.​ Affix one (1) seal to the left and right outer edge of the upper back panel. Seals should be placed just below the rear exhaust vent as shown. Seals should wrap around onto the sides of the PA-7080 (2 total). E.​ Affix one (1) seal to the left and right outer edges of each power entry module as shown. Seals should wrap around onto the sides of the PA-7080 (4 total). © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 63

Page 64
64 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 65

Appendix H - PA-5450 FIPS Accessories/Tamper Seal Installation (12 Seals) The PA-5450 requires twelve tamper seals. Follow the directions below to install the FIPS kit. Affix 7 seals at the locations on the rear of the device: On the top cover of the module, place one seal at the following location: Affix the front opacity shield to the front of the device and screw into the locations as below: © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 65

Page 66

Finalize the process by adding four seals at the following locations to secure the screws: Appendix I - PA-410 FIPS Accessories/Tamper Seal Installation (4 Seals) The PA-410 requires four tamper labels. The placement of these seals are needed in the following areas. Affix one seal to the front of the module that connects to the top/bottom.

66 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Page 67

The left and right side of the module requires one seal each in the same location, as noted in the following area. This wraps to the top and bottom of the module. The last seal is placed on the rear side of the module, and wraps to the top and bottom of the module. Appendix J - PA-440/450/460 FIPS Accessories/Tamper Seal Installation (4 Seals) The PA-440/450/460 require four tamper labels that are placed at the same location as the modules have the same enclosure. Affix four seals on the rear of the module as shown below: © 2025 Palo Alto Networks, Inc. PAN-OS 10.1 Next-Generation Hardware Firewalls Security Policy 67

Page 68
68 PAN-OS 10.1 Next-Generation Hardware Firewalls

Security Policy © 2025 Palo Alto Networks, Inc.

Referenced URLs