Cryptographic Module Validation Program CMVP

Certificate #2637

Details

Module Name
PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls
Standard
FIPS 140-2
Status
Active
Sunset Date
9/7/2021
Validation Dates
05/13/2016;09/08/2016;01/11/2018;02/13/2018;02/21/2020
Overall Level
2
Caveat
When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Stand Alone
Description
The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Cert. #3475
CVL Certs. #564, #565, #566 and #567
DRBG Cert. #870
ECDSA Cert. #713
HMAC Cert. #2220
KTS AES Cert. #3475; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS AES Cert. #3475 and HMAC Cert. #2220; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Cert. #1782
SHS Cert. #2870
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 bits or 192 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B Rev. B with 910-000028-00B or 910-000117-00A Rev. B [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6], and 920-000112-00A Rev. A [7]
Firmware Versions
7.0.1-h4, 7.0.3 or 7.0.8

Vendor

Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054
USA

Jake Bajic
certifications@paloaltonetworks.com
Phone: 408-753-4000

Lab

InfoGard Laboratories, Inc.
NVLAP Code: 100432-0