PA-500, PA-2000 Series, and PA-4000 Series Firewalls Security Policy Version: B Palo Alto Networks Revision Date: 1/24/2011 www.paloaltonetworks.com © 2011 Palo Alto Networks. May be reproduced only in its original entirety (without revision). Palo Alto Networks, PAN-OS, and Panorama are trademarks of Palo Alto Networks, Inc. All other trademarks are the property of their respective owners. P/N 880-000018-00B Palo Alto Networks 880-000018-00B CHANGE RECORD Table 1 - Change Record Revision Date Author Description of Change A 8/23/2010 N. Campagna Initial authoring Added detail to the identity and authentication of B 1/24/2011 N. Campagna IPSec endpoints. Palo Alto Networks Firewall Security Policy Page 2 of 49 Palo Alto Networks 880-000018-00B Contents 1  Module Overview ............................................................................................................................................ 6  2  Security Level ................................................................................................................................................. 13  3  Modes of Operation ...................................................................................................................................... 14  3.1  FIPS Approved Mode of Operation ............................................................................................................................ 14  3.2  Approved and Allowed Algorithms  ........................................................................................................................... 15  . 3.3  Non‐Approved, Non‐Allowed Algorithms .................................................................................................................. 15  4  Ports and Interfaces ...................................................................................................................................... 17  5  Identification and Authentication Policy ....................................................................................................... 19  5.1  Assumption of Roles .................................................................................................................................................. 19  6  Access Control Policy ..................................................................................................................................... 21  6.1  Roles and Services ..................................................................................................................................................... 21  6.2  Unauthenticated Services  ......................................................................................................................................... 21  . 6.3  Definition of Critical Security Parameters (CSPs) ...................................................................................................... 22  5.3a   Definition of Public Keys  ........................................................................................................................................... 23  . 6.4  Definition of CSPs Modes of Access ........................................................................................................................... 25  7  Operational Environment .............................................................................................................................. 26  8  Security Rules ................................................................................................................................................ 26  9  Physical Security Policy .................................................................................................................................. 28  9.1  Physical Security Mechanisms ................................................................................................................................... 28  9.2  Operator Required Actions ........................................................................................................................................ 32  10  Mitigation of Other Attacks Policy ................................................................................................................ 33  11  References ..................................................................................................................................................... 33  12  Definitions and Acronyms ............................................................................................................................. 33  13  Appendix A – PA‐500 – FIPS Accessories/Tamper Seal Installation .............................................................. 35  14  Appendix B ‐ PA‐2000 Series – FIPS Accessories/Tamper Seal Installation ................................................... 40  15  Appendix C ‐ PA‐4000 Series – FIPS Accessories/Tamper Seal Installation ................................................... 44    Palo Alto Networks Firewall Security Policy Page 3 of 49 Palo Alto Networks 880-000018-00B Tables Table 1 ‐ Change Record .......................................................................................................................................... 2  Table 2 ‐ Validated Version Information ................................................................................................................ 11  Table 3 ‐ Module Security Level Specification ........................................................................................................ 13  Table 4 ‐ FIPS Approved Algorithms Used in Current Module ............................................................................... 15  Table 5 – FIPS Allowed Algorithms Used in Current Module ................................................................................. 15  Table 6 ‐ Non‐Approved, Non‐Allowed Algorithms Used in Current Module ........................................................ 15  Table 7 – PA‐500 FIPS 140‐2 Ports and Interfaces ................................................................................................. 17  Table 8 – PA‐2000 Series FIPS 140‐2 Ports and Interfaces ..................................................................................... 17  Table 9 – PA‐4000 Series FIPS 140‐2 Ports and Interfaces ..................................................................................... 17  Table 10 ‐ Roles and Required Identification and Authentication ......................................................................... 19  Table 11 – Strengths of Authentication Mechanisms ............................................................................................ 20  Table 12 – Authenticated Service Descriptions  ..................................................................................................... 21  . Table 13 – Authenticated Services ......................................................................................................................... 21  Table 14 ‐ Unauthenticated Services ..................................................................................................................... 21  Table 15 ‐ Private Keys and CSPs ............................................................................................................................ 22  Table 16 ‐ Public Keys ............................................................................................................................................. 23  Table 17 ‐ CSP Access Rights within Roles & Services ............................................................................................ 25  Table 18 ‐ Inspection/Testing of Physical Security Mechanisms  ........................................................................... 32  . Figures Figure 1 ‐ PA‐500 Front Image ................................................................................................................................. 8  Figure 2 ‐ PA‐500 Back Image ................................................................................................................................... 8  Figure 3 ‐ PA‐500 with Front Opacity Sheild ............................................................................................................ 8  Figure 4 ‐ PA‐500 with Side Opacity Shield .............................................................................................................. 8  Figure 5 ‐ PA‐2020 / PA‐2050 Front Images ............................................................................................................. 9  Figure 6 ‐ PA‐2020 / PA‐2050 Back Image ................................................................................................................ 9  Figure 7 ‐ PA‐2020 / PA‐2050 Front Opacity Shield ................................................................................................. 9  Figure 8 ‐ PA‐2020 / PA‐2050 with Side Opacity Shield ........................................................................................... 9  Figure 9 ‐ PA‐4020 / PA‐4050 Front Image ............................................................................................................ 10  Figure 10 ‐ PA‐4060 Front Image ........................................................................................................................... 10  Figure 11 ‐ PA‐4020 / PA‐4050 / PA‐4060 Back Image ........................................................................................... 10  Figure 12 ‐ Logical Block Diagram .......................................................................................................................... 12  Palo Alto Networks Firewall Security Policy Page 4 of 49 Palo Alto Networks 880-000018-00B Figure 13 ‐ PA‐500 Front Tamper Seal Placement (1) ............................................................................................ 28  Figure 14 ‐ PA‐500 Left Side Tamper Seal Placement (2) ....................................................................................... 28  Figure 15 ‐ PA‐500 Right Side Tamper Seal Placement (2) ..................................................................................... 29  Figure 16 ‐ PA‐500 Rear Tamper Seal Placement (4) ............................................................................................. 29  Figure 17 ‐ PA‐2000 Series Front Tamper Seal Placement (1)  ............................................................................... 29  . Figure 18 ‐ PA‐2000 Series Left Side Tamper Seal Placement (3) .......................................................................... 29  Figure 19 ‐ PA‐2000 Series Right Side Tamper Seal Placement (3) ........................................................................ 30  Figure 20 ‐ PA‐2000 Series Rear Tamper Seal Placement (2) ................................................................................. 30  Figure 21 ‐ PA‐4000 Series Rear Tamper Seal Placement – From Top (4)  ............................................................. 30  . Figure 22 ‐ PA‐4000 Series Rear Side Tamper Seal Placement – From Underside (4) ........................................... 31  Figure 23 ‐ PA‐4000 Series Right Side Tamper Seal Placement (1) ........................................................................ 31  Figure 24 ‐ PA‐4000 Series Left Side Tamper Seal Placement (1) .......................................................................... 31  Palo Alto Networks Firewall Security Policy Page 5 of 49 Palo Alto Networks 880-000018-00B 1 Module Overview The Palo Alto Networks PA-500, PA-2000 Series, and PA-4000 Series firewalls (hereafter referred to as the modules) are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content – not just ports, IP addresses, and packets – using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies – safely enabling organizations to adopt new applications, instead of the traditional “all-or-nothing” approach offered by traditional port-blocking firewalls used in many security infrastructures. Features and Benefits • Application visibility and control: Accurate identification of the applications traversing the network enables policy-based control over application usage at the firewall, the strategic center of the security infrastructure. • Visualization tools: Graphical visibility tools, customizable reporting and logging enables administrators to make a more informed decision on how to treat the applications traversing the network. • Application browser: Helps administrators quickly research what the application is, its’ behavioral characteristics and underlying technology resulting in a more informed decision making process on how to treat the application. • User-based visibility and control: Seamless integration with enterprise directory services (Active Directory, LDAP, eDirectory) facilitates application visibility and policy creation based on user and group information, not just IP address. In Citrix and terminal services environments, the identity of users sitting behind Citrix or terminal services can be used to enable policy-based visibility and control over applications, users and content. An XML API enables integration with other, 3rd party user repositories. • Real-time threat prevention: Detects and blocks application vulnerabilities, viruses, spyware, and worms; controls web activity; all in real-time, dramatically improving performance and accuracy. • File and data filtering: Taking full advantage of the in-depth application inspection being performed by App-ID, administrators can implement several different types of policies that reduce the risk associated with unauthorized file and data transfer. • Legacy firewall support: Support for traditional inbound and outbound port-based firewall rules mixed with application-based rules smoothes the transition to a Palo Alto Networks next generation firewall. Palo Alto Networks Firewall Security Policy Page 6 of 49 Palo Alto Networks 880-000018-00B • Networking architecture: Support for dynamic routing (OSPF, RIP, BGP), virtual wire mode and layer 2/layer 3 modes facilitates deployment in nearly any networking environment. • Policy-based Forwarding: Forward traffic based on policy defined by application, source zone/interface, source/destination address, source user/group, and service. • Virtual Systems: Create multiple virtual “firewalls” within a single device as a means of supporting specific departments or customers. Each virtual system can include dedicated administrative accounts, interfaces, networking configuration, security zones, and policies for the associated network traffic. • VPN connectivity: Secure site-to-site connectivity is enabled through standards-based IPSec VPN support while remote user access is delivered via SSL VPN connectivity. • Quality of Service (QoS): Deploy traffic shaping policies (guaranteed, maximum and priority) to enable positive policy controls over bandwidth intensive, non-work related applications such as streaming media while preserving the performance of business applications. • Real-time bandwidth monitor: View real-time bandwidth and session consumption for applications and users within a selected QoS class. • Purpose-built platform: combines single pass software with parallel processing hardware to deliver the multi-Gbps performance necessary to protect today’s high speed networks. Palo Alto Networks Firewall Security Policy Page 7 of 49 Palo Alto Networks 880-000018-00B Note: Modules are shown in figures with no opacity shields included to demonstrate module interfaces and other physical characteristics. Pictures are included of each chassis with the opacity shields in place. Figure 1 - PA-500 Front Image Figure 2 - PA-500 Back Image Figure 3 - PA-500 with Front Opacity Sheild Figure 4 - PA-500 with Side Opacity Shield Palo Alto Networks Firewall Security Policy Page 8 of 49 Palo Alto Networks 880-000018-00B Figure 5 - PA-2020 / PA-2050 Front Images Figure 6 - PA-2020 / PA-2050 Back Image Figure 7 - PA-2020 / PA-2050 Front Opacity Shield Figure 8 - PA-2020 / PA-2050 with Side Opacity Shield Palo Alto Networks Firewall Security Policy Page 9 of 49 Palo Alto Networks 880-000018-00B Figure 9 - PA-4020 / PA-4050 Front Image Figure 10 - PA-4060 Front Image Figure 11 - PA-4020 / PA-4050 / PA-4060 Back Image Figure 12 - PA-4020 / PA-4050 / PA-4060 Left Side with Opacity Shield Palo Alto Networks Firewall Security Policy Page 10 of 49 Palo Alto Networks 880-000018-00B The configurations for this validation are: Table 2 - Validated Version Information Module Part Number Hardware FIPS Kit Part FIPS Kit Firmware Version Number Hardware Version Version PA-500 910-000006-00D Rev. D 920-000005-001 Rev. 1 3.1.2 PA-2020 910-000004-00K Rev. K 920-000004-001 Rev. 1 3.1.2 PA-2050 910-000003-00K Rev. K 920-000004-001 Rev. 1 3.1.2 PA-4020 910-000002-00Q Rev. Q 920-000003-001 Rev. 1 3.1.2 PA-4050 910-000001-00P Rev. P 920-000003-001 Rev. 1 3.1.2 PA-4060 910-000005-00G Rev. G 920-000003-001 Rev. 1 3.1.2 Palo Alto Networks Firewall Security Policy Page 11 of 49 Palo Alto Networks 880-000018-00B Figure 12 depicts the logical block diagram for the modules. The cryptographic boundary includes all of the logical components of the modules and the boundary is the physical enclosure of the firewall. Figure 12 - Logical Block Diagram Palo Alto Networks Firewall Security Policy Page 12 of 49 Palo Alto Networks 880-000018-00B 2 Security Level The cryptographic modules meet the overall requirements applicable to Level 2 security of FIPS 140-2. Table 3 - Module Security Level Specification Security Requirements Section Level Cryptographic Module Specification 3 Module Ports and Interfaces 2 Roles, Services and Authentication 3 Finite State Model 2 Physical Security 2 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 2 Self-Tests 2 Design Assurance 3 Mitigation of Other Attacks N/A Palo Alto Networks Firewall Security Policy Page 13 of 49 Palo Alto Networks 880-000018-00B 3 Modes of Operation 3.1 FIPS Approved Mode of Operation The modules support both a FIPS mode and a non-FIPS mode. The following procedure will put the modules into the FIPS mode of operation: • During initial boot up, break the boot sequence via the console port connection (by pressing the m button when instructed to do so) to access the main menu. • Select “Continue.” • Select the “Set FIPS Mode” option to enter FIPS mode. • Select “Enable FIPS Mode”. • When prompted, select “Reboot” and the module will re-initialize and continue into FIPS mode. • The module will reboot. • In FIPS mode, the console port is available only as a status output port. The module will automatically indicate the FIPS Approved mode of operation in the following manner: • Status output interface will indicate “**** FIPS MODE ENABLED ****” via the CLI session. • Status output interface will indicate “FIPS Mode Enabled Successfully” via the console port. • The module will display “FIPS mode” at all times in the status bar at the bottom of the web interface. Should one or more power-up self-tests fail, the FIPS Approved mode of operation will not be achieved. Feedback will consist of: • The module will reboot and enter a state in which the reason for the reboot can be determined. • To determine which self-test caused the system to reboot into the error state, connect the console cable and follow the on-screen instructions to view the self-test output. • Install FIPS kit opacity shields and tamper evidence seals according to Section 9. • The tamper evidence seals and opacity shields shall be installed for the module to operate in a FIPS Approved mode of operation. Palo Alto Networks Firewall Security Policy Page 14 of 49 Palo Alto Networks 880-000018-00B 3.2 Approved and Allowed Algorithms The cryptographic modules support the following FIPS Approved algorithms. Table 4 - FIPS Approved Algorithms Used in Current Module FIPS Approved Algorithm CAVP Cert. # AES 1378 TDES 950 RSA 675 DSA 451 HMAC-SHA-1, HMAC-SHA-256 810 SHA-1, SHA-2 1259 ANSI x9.31 RNG 760 The cryptographic modules support the following non-FIPS Approved algorithms that are allowed for use in FIPS mode. Table 5 – FIPS Allowed Algorithms Used in Current Module FIPS Allowed Algorithm Diffie-Hellman (key establishment methodology provides 112 bits of encryption strength) RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength) NDRNG (used to seed ANSI x9.31 RNG) MD5 (within TLS) 3.3 Non-Approved, Non-Allowed Algorithms The cryptographic modules support the following non-Approved algorithms. No security claim is made in the current modules for any of the following non-Approved algorithms. Table 6 - Non-Approved, Non-Allowed Algorithms Used in Current Module Non-FIPS Allowed Algorithm in Non-FIPS Mode MD5 – used for hashing of non-security relevant data; in CHAP authentication with RADIUS servers; in authentication for OSPF, RIP, and BGP dynamic routing protocols; for password hashing on Data Leakage Protection and Administrator passwords; and to integrity check URL filtering database downloads (note this is in addition to HMAC-SHA-1 authentication/integrity check). MD5 is also used to authenticate communications with the security module. MD5 is also used to hash administrator passwords. Palo Alto Networks Firewall Security Policy Page 15 of 49 Palo Alto Networks 880-000018-00B Non-FIPS Allowed Algorithm in Non-FIPS Mode RC4 – used to encrypt SSL communications with the security module. Camellia - used to encrypt SSL communications with the security module. RC2 - used to encrypt SSL communications with the security module. SEED - used to encrypt SSL communications with the security module. DES - used to encrypt SSL communications with the security module. Palo Alto Networks Firewall Security Policy Page 16 of 49 Palo Alto Networks 880-000018-00B 4 Ports and Interfaces The modules are multi-chip standalone modules with ports and interfaces as shown below. Table 7 – PA-500 FIPS 140-2 Ports and Interfaces Interface PA-500 FIPS 140-2 Designation Name and Description RJ45 1 Data input, control input, data output, Console port status output RJ45 1 Data input, control input, data output, Out of band management status output RJ45 8 Data input, control input, data output, 10/100/1000 Ethernet interface status output 100-240 Vcc 1 Power input Power interface LEDs 6 Status output Status indicators USB 1 Disabled except for power Used in manufacturing Table 8 – PA-2000 Series FIPS 140-2 Ports and Interfaces Interface PA-2050 PA-2020 FIPS 140-2 Designation Name and Description RJ45 1 1 Data input, control input, data Console port output, status output RJ45 1 1 Data input, control input, data Out of band management output, status output SFP 4 2 Data input, control input, data Ethernet optical gigabit interface output, status output RJ45 16 12 Data input, control input, data 10/100/1000 Ethernet interface output, status output 100-240 1 1 Power input Power interface Vcc LEDs 6 6 Status output Status indicators USB 1 1 Disabled except for power Used in manufacturing Table 9 – PA-4000 Series FIPS 140-2 Ports and Interfaces Interface PA-4060 PA-4050 PA-4020 FIPS 140-2 Designation Name and Description DB9 1 1 1 Data input, control input, Console port data output, status output RJ45 1 1 1 Data input, control input, Out of band Palo Alto Networks Firewall Security Policy Page 17 of 49 Palo Alto Networks 880-000018-00B Interface PA-4060 PA-4050 PA-4020 FIPS 140-2 Designation Name and Description data output, status output management XFP 4 0 0 Data input, control input, Ethernet optical 10- data output, status output gigabit interface SFP 4 8 8 Data input, control input, Ethernet optical gigabit data output, status output interfaces RJ45 2 2 2 Data input, control input, 10/100/1000 HA data output, status output Ethernet interface RJ45 0 16 16 Data input, control input, 10/100/1000 Ethernet data output, status output Interfaces 100-240 2 2 2 Power input Power interface Vcc LEDs 8 8 8 Status output Status indicators USB 2 2 2 Disabled except for power Used in manufacturing Palo Alto Networks Firewall Security Policy Page 18 of 49 Palo Alto Networks 880-000018-00B 5 Identification and Authentication Policy 5.1 Assumption of Roles The modules support four distinct operator roles, User and Cryptographic Officer (CO), Remote Access VPN, and Site-to-site VPN. The cryptographic modules enforce the separation of roles using unique authentication credentials associated with operator accounts. The modules support concurrent operators. The modules do not provide a maintenance role or bypass capability. Table 10 - Roles and Required Identification and Authentication Role Description Authentication Type Authentication Data CO This role has access to all services Identity-based operator Username and password offered by the modules. Within the authentication (optional certificate based PAN-OS software, this role maps to the authentication can be added “Superuser” administrator role. in addition to username and password) Username and password User This role has limited access to services Identity-based operator (optional certificate based offered by the modules. This role does authentication authentication can be added not have access to modify or view the in addition to username and passwords associated with other password) administrator accounts, it may not view or alter CSPs of any type stored on the module. Within the PAN-OS software, this role maps to the “Superuser (read- only)” administrator role (also referred to as “Superreader”). Username and password Remote Remote user accessing the network via Identity-based operator (optional certificate based Access VPN. authentication authentication can be added VPN in addition to username and (RA VPN) password) Site-to-site Remote VPN device establishing a Identity-based operator IKE/IPSec Pre-shared keys VPN VPN session to facilitate access to the authentication - Identification with the IP (S-S VPN) network. Address and authentication with the Pre-Shared Key . Palo Alto Networks Firewall Security Policy Page 19 of 49 Palo Alto Networks 880-000018-00B Table 11 – Strengths of Authentication Mechanisms Authentication Mechanism Strength of Mechanism Username and Password Minimum length is 6 alphanumeric characters (62 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(626 ) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(626), which is less than 1/100,000. The firewall’s configuration supports at most ten attempts to authenticate in a one-minute period. Certificate based The security modules support certificate-based authentication authentication using 2048 bit RSA keys. Such keys possess an equivalent strength of 112 bits. The probability that a random attempt will succeed is 1/(2112) which is less than 1/1,000,000. The probability of successfully authenticating to the module within a one minute period is 3,600,000/(2112), which is less than 1/100,000. The firewall supports at most 60,000 new sessions per second to authenticate in a one-minute period. The 160 bit key length supports 2160 different combinations. The IKE/IPSec pre-shared keys probability of successfully authenticating to the module is 1/(2160), which is less than 1/1,000,000. The number of authentication attempts is limited by the number of new connections per second supported (60,000) on the fastest platform of the Palo Alto Networks firewalls. The probability of successfully authenticating to the module within a one minute period is 3,600,000/(2160), which is less than 1/100,000. Palo Alto Networks Firewall Security Policy Page 20 of 49 Palo Alto Networks 880-000018-00B 6 Access Control Policy 6.1 Roles and Services Table 12 – Authenticated Service Descriptions Service Description Security Configuration Configuring and managing cryptographic parameters and Management setting/modifying security policy, including creating User accounts and additional CO accounts. Other Configuration Networking parameter configuration, logging configuration, and other non- security relevant configuration. View Other Read-only of non-security relevant configuration (see above). Configuration Show Status View status via the web interface or command line interface. VPN Provide network access for remote users or site-to-site connections. Firmware update Provides a method to update the firmware on the firewall. Table 13 – Authenticated Services Service Crypto Officer User RA VPN S-S VPN Security Configuration Y N N N Management Other Configuration Y N N N View Other Configuration Y Y N N Show Status Y Y Y Y VPN N N Y Y Firmware update Y N N N 6.2 Unauthenticated Services The cryptographic module supports the following unauthenticated services: Table 14 - Unauthenticated Services Service Description Zeroize The device will overwrite all CSPs. Self-Tests Run power up self-tests on demand by power cycling the module. Show Status (LEDs) View status of the module via the LEDs. Zeroize Palo Alto Networks Firewall Security Policy Page 21 of 49 Palo Alto Networks 880-000018-00B The zeroization procedure is invoked when the operator exits FIPS mode. The procedure consists of overwriting configuration data including all CSPs. The operator must be in control of the module during the entire procedure to ensure that it has successfully completed. During the zeroization procedure, no other services are available. 6.3 Definition of Critical Security Parameters (CSPs) The modules contain the following CSPs: Table 15 - Private Keys and CSPs CSP # Key Name Type Description 1 Web interface private RSA Decrypts TLS session key and provides key authentication services (admin web interface, captive portal, SSL VPN portal) 2 TLS PreMaster Secret TLS Secret value used to derive the TLS session keys Secret 3 TLS DH Private DH Diffie Hellman (Group 14) 2048 bit private Components component used in key establishment 4 TLS-HMAC HMAC- Authentication keys used in all https connections to SHA-1 the security module’s web interface. 5 TLS session keys AES, Used in all https connections to the security TDES module’s web interface. 6 SSH-Firewall private key RSA Used to identify the security appliance in SSH. The security modules support 512, 1024, and 2048 bit keys and only 2048 bit keys are supported in FIPS mode. 7 SSH-HMAC HMAC- Authentication keys used in all SSH connections to SHA-1 the security module’s command line interface. 8 SSH session keys AES, Used in all SSH connections to the security TDES module’s command line interface. 9 SSH DH Private DH Diffie Hellman (Group 14) 2048 bit private Components component used in key establishment 10 S-S VPN IPSec/IKEv1 HMAC- Used to authenticate the peer in an IKE/IPSec tunnel authentication SHA-1 connection. 11 S-S VPN IPSec/IKEv1 AES, Used to encrypt IKE/IPSec data. These are AES session key TDES (128 bit, 192 bit, 256 bit) or triple DES keys. 12 S-S VPN IPSec/IKEv1 DH Diffie Hellman (Group 14) 2048 bit private Diffie Hellman Private component used in key establishment Components 13 S-S VPN IPSEC pre- Part of Entered manually by an administrator in the CO shared keys HMAC role. Used in authentication. Palo Alto Networks Firewall Security Policy Page 22 of 49 Palo Alto Networks 880-000018-00B CSP # Key Name Type Description 14 RA VPN IPSec session AES-128 Used to encrypt remote access sessions utilizing key IPSec. 15 RA VPN IPSec HMAC- Used in authentication of remote access IPSec data. authentication HMAC SHA-1 16 Firmware code integrity HMAC- Used to check the integrity of crypto-related code. check SHA-256 17 Firmware Content AES-256 Used to decrypt firmware, software, and content. encryption key 18 CO, User, RA VPN Password Entered by the Operator. Password 19 File encryption key AES-256 Used to encrypt crypto-related files on the firewall. 20 RNG seed key AES Seed key used in RNG. 21 RNG seed value Seed used to initialize RNG. 22 DLP Private key RSA Used to encrypt DLP data. Only 2048 bit keys are supported. 5.3a Definition of Public Keys The modules contain the following public keys: Table 16 - Public Keys Key Name Type Description Used to establish TLS sessions between Web interface certificates RSA-2048 firewall and user for web interface (management), captive portal, and remote access SSL VPN portal Used to trust a CA for SSL decryption CA certificate RSA-2048 sessions Used to verify client certificates for firewall Client CA certificate RSA-2048 administrators Used for certificate validation via OCSP Client OCSP verify CA certificate RSA-2048 Cert coming in from web server in outbound TLS peer public key RSA-2048 TLS decryption - used to encrypt the session key for client session with web server TLS DH public components DH – 2048 Used in key agreement (Group 14) SSH DH public components DH – 2048 Used in key agreement (Group 14) Used firewall in authentication process SSH – Firewall public key RSA-2048 Palo Alto Networks Firewall Security Policy Page 23 of 49 Palo Alto Networks 880-000018-00B S-S VPN - IPSec/IKEv1 Diffie DH – 2048 Used in key agreement Hellman public component (Group 14) Public key for firmware content load RSA-2048 Used to authenticate firmware and content to test be installed on the firewall DLP public key RSA-2048 Used to encrypt data loss prevention data Client public key RSA-2048 Used to authenticate User, CO, or remote access VPN users Palo Alto Networks Firewall Security Policy Page 24 of 49 Palo Alto Networks 880-000018-00B 6.4 Definition of CSPs Modes of Access Table 17 defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as: • R = Read: The module reads the CSP. The read access is typically performed before the module uses the CSP. • W = Write: The module writes the CSP. The write access is typically performed after a CSP is imported into the module, or the module generates a CSP, or the module overwrites an existing CSP. • Z = Zeroize: The module zeroizes the CSP. Table 17 - CSP Access Rights within Roles & Services Role Authorized Service Mode Cryptographic Key or CSP CO Security Configuration Management RW 1, 2, 3, 4, 5, 6, 7, 8, 9, 16, 17, 18, 19, 20, 21, 22 CO Other Configuration RW 1, 2, 3, 4, 5, 6, 7, 8, 9, User, CO Show Status R 1, 2, 3, 4, 5, 6, 7, 8, 9 Unauthenticated Zeroize Z All CSPs are zeroized. S-S VPN VPN R 10, 11, 12, 13 RA VPN VPN R 1, 2, 3, 4, 5, 14, 15 CO Firmware Update RW 17 Unauthenticated Self-Tests W 20, 21 Unauthenticated Show Status (LEDs) N/A N/A Palo Alto Networks Firewall Security Policy Page 25 of 49 Palo Alto Networks 880-000018-00B 7 Operational Environment The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the PA-500, PA-2000 Series, and PA-4000 Series Firewalls do not contain modifiable operational environments. 8 Security Rules The module design corresponds to the module security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-2 Level 2 module. 1. The cryptographic module shall provide four distinct operator roles. These are the User role, Remote Access VPN role, Site-to-site VPN role, and the Cryptographic Officer role. 2. The cryptographic module shall provide identity-based authentication. 3. The cryptographic module shall clear previous authentications on power cycle. 4. When the module has not been placed in a valid role, the operator shall not have access to any cryptographic services. 5. The cryptographic module shall perform the following tests A. Power up Self-Tests 1. Cryptographic algorithm tests a. TDES Known Answer Tests b. AES Known Answer Test c. DSA Pairwise Consistency Test d. RSA Known Answer Test e. HMAC-SHA-1, SHA-2 Known Answer Test f. SHA-1 Known Answer Test g. RNG Known Answer Test h. NDRNG Test 2. Firmware Integrity Test – A 128 bit EDC (using MD5) is calculated on non-security related code. Security related code is verified with HMAC-SHA-256. B. Critical Functions Tests N/A C. Conditional Self-Tests 1. Continuous Random Number Generator (RNG) test – performed on NDRNG and RNG, 128 bits 2. RSA Pairwise Consistency Test (when a key generation fails, the error message displayed is “Cannot verify key and certificate. Maybe the passphrase is incorrect.”) Palo Alto Networks Firewall Security Policy Page 26 of 49 Palo Alto Networks 880-000018-00B 3. Software/Firmware Load Test – Verify signature on software/firmware at time of load 6. The operator shall be capable of commanding the module to perform the power-up self-test by cycling power of the module. 7. Power-up self tests do not require any operator action. 8. Data output shall be inhibited during key generation, self-tests, zeroization, and error states. 9. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 10. The module ensures that the seed and seed key inputs to the Approved RNG are not equal. 11. There are no restrictions on which keys or CSPs are zeroized by the zeroization service. 12. The module maintains separation between concurrent operators. 13. The module does not support a maintenance interface or role. 14. The module does not have any external input/output devices used for entry/output of data. 15. The module does not enter or output plaintext CSPs. 16. The module does not output intermediate key generation values. Vendor imposed security rules: 1. The module does not support the update of the logical serial number or vendor ID. 2. The module does not provide access to revenue related data structures while plaintext CSPs are present. 3. If the cryptographic module remains inactive in any valid role for the administrator specified time interval, the module automatically logs out the operator. 4. The module enforces a timed access protection mechanism that supports at most ten authentication attempts per minute. After the administrator specified number of consecutive unsuccessful Password validation attempts have occurred, the cryptographic module shall enforce a wait period of at least 1 minute before any more login attempts can be attempted. This wait period shall be enforced even if the module power is momentarily removed. Palo Alto Networks Firewall Security Policy Page 27 of 49 Palo Alto Networks 880-000018-00B 9 Physical Security Policy 9.1 Physical Security Mechanisms The multi-chip standalone modules are production quality containing standard passivation. Chip components are protected by an opaque enclosure. There are tamper evident seals that are applied on the modules by the Crypto-Officer. The seals prevent removal of the opaque enclosure without evidence. The Crypto-Officer should inspect the seals for evidence of tamper every 30 days. If the seals show evidence of tamper, the Crypto-Officer should assume that the modules have been compromised and contact Customer Support. Note: For ordering information, see Table 2 for FIPS kit part numbers and versions. Refer to Appendix A for instructions on installation of the tamper seals and opacity shields. The locations of the nine (9) tamper evident seals implemented on the PA-500 are shown in Figure 13 through Figure 16 below. [1] Figure 13 - PA-500 Front Tamper Seal Placement (1) [2] [3] Figure 14 - PA-500 Left Side Tamper Seal Placement (2) Palo Alto Networks Firewall Security Policy Page 28 of 49 Palo Alto Networks 880-000018-00B [5] [4] Figure 15 - PA-500 Right Side Tamper Seal Placement (2) [6] [8] [7] [9] Figure 16 - PA-500 Rear Tamper Seal Placement (4) Refer to Appendix B for instructions on installation of the tamper seals and opacity shields. The locations of the nine (9) tamper evident seals on the PA-2000 Series modules are shown in Figure 17 through Figure 20 below. [1] Figure 17 - PA-2000 Series Front Tamper Seal Placement (1) [2] [3] [4] Figure 18 - PA-2000 Series Left Side Tamper Seal Placement (3) Palo Alto Networks Firewall Security Policy Page 29 of 49 Palo Alto Networks 880-000018-00B [7] [5] [6] Figure 19 - PA-2000 Series Right Side Tamper Seal Placement (3) [8] [9] Figure 20 - PA-2000 Series Rear Tamper Seal Placement (2) Refer to Appendix C for instructions on installation of the tamper seals and opacity shields. The locations of the ten (10) tamper evident seals implemented on the PA-4000 Series modules are shown in Figure 21 through Figure 24 below. [1] [2] [3] [4] Figure 21 - PA-4000 Series Rear Tamper Seal Placement – From Top (4) Palo Alto Networks Firewall Security Policy Page 30 of 49 Palo Alto Networks 880-000018-00B [8] [5] [6] [7] Figure 22 - PA-4000 Series Rear Side Tamper Seal Placement – From Underside (4) [9] Figure 23 - PA-4000 Series Right Side Tamper Seal Placement (1) [10] Figure 24 - PA-4000 Series Left Side Tamper Seal Placement (1) Palo Alto Networks Firewall Security Policy Page 31 of 49 Palo Alto Networks 880-000018-00B 9.2 Operator Required Actions Table 18 - Inspection/Testing of Physical Security Mechanisms Model Physical Recommended Security Frequency of Inspection/Test Guidance Details Mechanisms Inspection/Test Verify integrity of tamper evident seals PA-4060, PA-4050, Tamper Evident 30 Days in the locations identified in the FIPS PA-4020, PA-2050, Seals Kit Installation Guide PA-2020, PA-500 Verify that front cover has not been PA-4020, PA-4050, Front Cover 30 days deformed from its original shape PA-4060 thereby reducing its effectiveness Verify that front cover and side PA-500, PA-2020, Front Cover and 30 days plenums have not been deformed from PA-2050 Side Plenums their original shape thereby reducing their effectiveness Palo Alto Networks Firewall Security Policy Page 32 of 49 Palo Alto Networks 880-000018-00B 10 Mitigation of Other Attacks Policy The module has not been designed to mitigate any specific attacks outside of the scope of FIPS 140-2, so these requirements are not applicable. 11 References [FIPS 140-2] FIPS Publication 140-2 Security Requirements for Cryptographic Modules 12 Definitions and Acronyms API – Application Programming Interface App-ID – Application Identification - Palo Alto Networks’ ability to identify applications and apply security policy based on the ID rather than the typical port and protocol-based classification. BGP – Border Gateway protocol – Dynamic routing protocol CA – Certificate authority Content-ID – Content Identification – Palo Alto Networks’ threat prevention features including Antivirus, Antispyware, and Intrusion Prevention. CO – Cryptographic Officer DB9 – Console port connector DLP – Data loss prevention Gbps – Gigabits per second HA – High Availability IKE – Internet Key Exchange IP – Internet Protocol IPSec – Internet Protocol Security LDAP – Lightweight Directory Access Protocol LED – Light Emitting Diode Palo Alto Networks Firewall Security Policy Page 33 of 49 Palo Alto Networks 880-000018-00B NDRNG – Non-deterministic random number generator OCSP – Online Certificate Status Protocol OSPF – Open Shortest Path First – Dynamic routing protocol PAN-OS – Palo Alto Networks’ Operating System QoS – Quality of Service RA VPN – Remote Access Virtual Private Network RIP – Routing Information Protocol – Dynamic routing protocol RJ45 – Networking Connector RNG –Random number generator S-S VPN – Site to site Virtual Private Network SFP – Small Form-factor Pluggable Transceiver SSL – Secure Sockets Layer TLS – Transport Layer Security USB – Universal Serial Bus User-ID – User Identification – Palo Alto Networks’ ability to apply security policy based on who initiates the traffic rather than the typical IP-based approach. VPN – Virtual Private Network XFP – 10 Gigabit Small Form Factor Pluggable Transceiver XML – Extensible Markup Language Palo Alto Networks Firewall Security Policy Page 34 of 49 Palo Alto Networks 880-000018-00B – PA-500 – FIPS Accessories/Tamper Seal Installation 13 Appendix A Remove the right side cover screws where as shown. (Repeat the same steps for left side cover screws.) Install the right side FIPS plenum and secure with 2x #4-40x1/4” SEMS screws provided by the kit. (Repeat the same steps for left side) Install the front FIPS panel with curve side up and align with the ear mounting screw holes. Palo Alto Networks Firewall Security Policy Page 35 of 49 Palo Alto Networks 880-000018-00B Sandwich the right side mounting ear between the front panel and the plenum as shown. (Repeat the same step with left side of the chassis) Install and secure the right side mounting ear with (2x) #6-32x1/2” Truss screws provided by the kit. (Repeat the same step on the left side of the chassis) Remove 1x upper-right fan screw. Palo Alto Networks Firewall Security Policy Page 36 of 49 Palo Alto Networks 880-000018-00B Install and tighten (do not tighten the screw all the way) the screw to one of the fan guard mounting holes as shown. Remove the other 3x fan screws Align the fan guard and secure with 3x screws as shown. Repeat above installation steps for the other fan. Warning: Over tighten the screw will result the fan guard to crack. Palo Alto Networks Firewall Security Policy Page 37 of 49 Palo Alto Networks 880-000018-00B Affix four tamper seals over the fan cover screws where as shown. Affix a tamper seal on top of the plenum/cover on the left side of the chassis where as shown. Affix a tamper seal over the bottom ear screw on the left side of the chassis. Affix a tamper seal on top of the plenum/cover on the right side of the chassis where as shown. Affix a tamper seal over the bottom ear screw on the right side of the chassis. Palo Alto Networks Firewall Security Policy Page 38 of 49 Palo Alto Networks 880-000018-00B Affix two tamper seals on top of the cover/panel where as shown. Palo Alto Networks Firewall Security Policy Page 39 of 49 Palo Alto Networks 880-000018-00B 14 Appendix B - PA-2000 Series – FIPS Accessories/Tamper Seal Installation Install front panel with curve side up and line up to left & right side ear mounting holes Install and secure the right side mounting ear with (2x) 6-32x1/2” screws provided by the kit. (Repeat the same step on the left side of the chassis) Palo Alto Networks Firewall Security Policy Page 40 of 49 Palo Alto Networks 880-000018-00B Remove the right side cover screws where as shown. (Repeat the same steps for left side cover screws.) Install the right side FIPS plenum and secure with 3x #4-40x1/4” SEM screws provided by the kit. (Repeat the same steps for left side) Palo Alto Networks Firewall Security Policy Page 41 of 49 Palo Alto Networks 880-000018-00B Affix a tamper seal to cover the right Affix a tamper seal at right side of the chassis between side bottom ear mounting bracket the top cover and the FIPS plenum. Affix another one screw. (Repeat the same steps for the between the bottom chassis and the FIPS plenum where left side) as shown. (Repeat the same steps for left side) Affix a tamper seal on the top Affix a tamper seal on the top cover/rear chassis where as shown. cover/HDD tray where as Palo Alto Networks Firewall Security Policy Page 42 of 49 Palo Alto Networks 880-000018-00B Affix a tamper seal on top of the cover/panel where as shown. Palo Alto Networks Firewall Security Policy Page 43 of 49 Palo Alto Networks 880-000018-00B 15 Appendix C - PA-4000 Series – FIPS Accessories/Tamper Seal Installation Install the front panel FIPS plenum as shown. Install right mounting bracket and secure with (2x) 8-32x3/8” screws provided by the kit. Repeat the same steps for the right mounting bracket. Palo Alto Networks Firewall Security Policy Page 44 of 49 Palo Alto Networks 880-000018-00B Remove 1x upper-left fan screw. Install and secure the fan guard with the fan screw to one of the fan guard mounting holes as shown. Palo Alto Networks Firewall Security Policy Page 45 of 49 Palo Alto Networks 880-000018-00B Remove the other 3x fan screws Align the fan guard and secure with 3x screws as shown. Repeat above installation steps for the other fans. Warning: Over tighten the screw will result cracking the fan guard. Palo Alto Networks Firewall Security Policy Page 46 of 49 Palo Alto Networks 880-000018-00B Install the fan filter and clip on the fan guard cover onto the fan guard as shown. Affix a tamper proof seal between the top cover/front FIPS plenum where as shown. Palo Alto Networks Firewall Security Policy Page 47 of 49 Palo Alto Networks 880-000018-00B Affix a tamper proof seal over screw on the lower right side mounting bracket. Repeat the same step for left side bracket. Affix four tamper proof seals between the top cover/fan guards and top cover/PSU where as shown. Palo Alto Networks Firewall Security Policy Page 48 of 49 Palo Alto Networks 880-000018-00B Affix four tamper proof seals between the bottom chassis/fan guards and bottom chassis/PSU where as shown. Palo Alto Networks Firewall Security Policy Page 49 of 49