Module Name
Panorama Virtual Appliance 8.1
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
- Roles, Services, and Authentication: Level 2
- Physical Security: N/A
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
Panorama Virtual Appliance 8.1 module provides centralized management and visibility of multiple Palo Alto Networks next-generation firewalls and supports distributed management and logging functions. It allows you to oversee all applications, users, and content traversing the network and then create application enablement policies that protect and control the entire network.
Tested Configuration(s)
- KVM on CentOS 7.2 running on a Dell Power Edge R730 with Intel Xeon E5-2630 CPU
- Microsoft Hyper-V 2012 R2 running on a Dell PowerEdge R730 with Intel Xeon E5-2640 CPU (single user mode)
- Vmware ESXi v5.5 running on a Dell PowerEdge R730 with Intel Xeon E5-2640 CPU
- Vmware ESXi v5.5 running on a PacStar 451 with Intel Xeon E3-1258 CPU
Approved Algorithms
| AES |
Cert. #5902 |
| CKG |
vendor affirmed |
| CVL |
Certs. #2128, #2129, #2130 and #2131 |
| DRBG |
Cert. #2464 |
| DSA |
Cert. #1497 |
| ECDSA |
Cert. #1575 |
| HMAC |
Cert. #3882 |
| KAS |
SP 800-56Arev2 with CVL Certs. #2128 and #2130, vendor affirmed |
| KTS |
AES Cert. #5902; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
AES Cert. #5902 and HMAC Cert. #3882; key establishment methodology provides between 128 and 256 bits of encryption strength |
| RSA |
Cert. #3090 |
| SHS |
Cert. #4658 |
Allowed Algorithms
Diffie-Hellman (CVL Certs. #2128 and #2130, key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RSA (CVL Cert. #2131, key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
