U.S. flag   An official website of the United States government

Cryptographic Module Validation Program CMVP

Certificate #1499

Details

Module Name
PA-500, PA-2000 Series and PA-4000 Series Firewalls
Standard
FIPS 140-2
Status
Historical
 Historical Reason
RNG SP800-131A Revision 1 Transition
Validation Dates
02/10/2011;06/21/2011
Overall Level
2
Caveat
When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy
Security Level Exceptions
  • Cryptographic Module Specification: Level 3
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
Module Type
Hardware
Embodiment
Multi-chip standalone
Description
Palo Alto Network's next-generation firewalls provide network security by enabling enterprises to see and control applications, users, and content - not just ports, IP addresses, and packets - using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls.
FIPS Algorithms
AES Cert. #1378
DSA Cert. #451
HMAC Cert. #810
RNG Cert. #760
RSA Cert. #675
SHS Cert. #1259
Triple-DES Cert. #950
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; Camellia; RC2; SEED; DES
Hardware Versions
HW P/N 910-000006-00D Rev. D with FIPS Kit P/N 920-000005-001 Rev. 1 (PA-500), HW P/N 910-000004-00K Rev. K with FIPS Kit P/N 920-000004-001 Rev. 1 (PA-2020), HW P/N 910-000003-00K Rev. K with FIPS Kit P/N 920-000004-001 Rev. 1 (PA-2050), HW P/N 910-000002-00Q Rev. Q with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4020), HW P/N 910-000001-00P Rev. P with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4050) and HW P/N 910-000005-00G Rev. G with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4060)
Firmware Versions
3.1.2 or 3.1.7-h1

Vendor

Palo Alto Networks
232 E. Java Drive
Sunnyvale, CA 94089
USA

Nicholas Campagna
certifications@paloaltonetworks.com
Phone: 408-738-7700
Fax: 408-738-7701

Lab

InfoGard
NVLAP Code: 100432-0