Module Name
PAN-OS 9.0 Firewalls PA-220, PA-220R, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series
Caveat
When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy.
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Palo Alto Networks PA-220, PA-220R, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series and PA-7000 Series Firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security policies to safely enabling organizations to adopt new applications.
Approved Algorithms
| AES |
Cert. #C1005 |
| CKG |
vendor affirmed |
| CVL |
Cert. #C1005 |
| DRBG |
Cert. #C1005 |
| DSA |
Cert. #C1005 |
| ECDSA |
Cert. #C1005 |
| HMAC |
Cert. #C1005 |
| KAS |
KAS-SSC Cert. #A2670 and CVL Cert. #C1005 |
| KAS-SSC |
Cert. #A2670 |
| KTS |
AES Cert. #C1005 and HMAC Cert. #C1005; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
AES Cert. #C1005; key establishment methodology provides 128 or 256 bits of encryption strength |
| RSA |
Cert. #C1005 |
| SHS |
Cert. #C1005 |
Allowed Algorithms
MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
PA-220 P/N 910-000128 Rev. A with [1], PA-220R P/N 910-000147 Rev. B with [2], PA-820 P/N 910-000120 Rev. A with [3], PA-850 P/N 910-000119 Rev. A with [3], PA-3020 P/N 910-000017 Rev. J with [4], PA-3050 P/N 910-000016 Rev. J with [4], PA-3060 P/N 910-000104 Rev. C with [5], PA-3220 P/N 910-000162 Rev. A with [6], PA-3250 P/N 910-000163 Rev. A with [6], PA-3260 P/N 910-000164 Rev. A with [6], PA-5220 P/N 910-000132 Rev. A with [7], PA-5250 P/N 910-000131 Rev. A with [7], PA-5260 P/N 910-000125 Rev. A with [7], PA-5280 P/N 910-000157 Rev. A with [7], PA-5280-K2-EXP: P/N: 910-000257 Rev. A with [7], PA-5280-K2-SEC: P/N: 910-000357 Rev. B with [7], PA-7050 P/N 910-000102 Rev. B with [8], [12], [14] and at least one from [10]; PA-7080 P/N 910-000122 Rev. A with [9], [12], [15] and at least one from [10]; PA-7050 P/N 910-000102 Rev. B with [8], [13], one from [11] and one from [17]; PA-7080 P/N 910-000122 Rev. A with [9], [13], one from [11] and one from [16]; FIPS Kit: P/Ns 920-000084 Rev. A [1], 920-000226 Rev. A [2], 920-000185 Rev. A [3], 920-000081 Rev. A [4], 920-000138 Rev. A [5], 920-000212 Rev. A [6], 920-000186 Rev. A [7], 920-000112 Rev. A [8] and 920-000119 Rev. A [9];
Network Processing Cards [10]: P/Ns 910-000028-00B, 910-000117-00A, 910-000137-00A, 910-000136-00A, 910-000156-00A, 910-000256-00A and 910-000356-00B; Network Processing Cards [11]: P/Ns 910-000156-00A, 910-000256-00A, and 910-000356-00B; Log Processing Card [12]: P/N 910-0000014-00A; Log Forwarding Card [13]: P/N 910-000183-00A; Switch Management Card [14]: P/N 910-000013-00P; Switch Management Card [15]: P/N 910-000012-00L; Switch Management Cards [16]: P/Ns 910-000186-00A, 910-000286-00D, 910-000386-00D; Switch Management Cards [17]: P/Ns 910-000185-00A, 910-000285-00C, 910-000385-00C
Firmware Versions
9.0.9-h1
