This page was not yet optimized for use on mobile devices.
Palo Alto Networks SD-WAN Instant-On Network (ION) Devices ION 1200, ION 1200-S, ION 3200, ION 5200, and ION 9200
Certificate #4719
Webpage information ?
Security policy ?
Symmetric Algorithms
AES-256, AES, AES-, CAST, HMACAsymmetric Algorithms
RSA 2048, ECDHE, ECDH, ECDSA, ECC, Diffie-HellmanHash functions
SHA-1Schemes
MAC, Key AgreementProtocols
SSHv2, SSH, TLSv1.2, TLS 1.2, TLS, IKEv2Randomness
DRBGElliptic Curves
P-256, P-384, P-521, P-224, curve P-256Block cipher modes
ECB, CBC, CTR, GCMTrusted Execution Environments
PSPSecurity level
Level 1, level 2, Level 2Certification process
out of scope, of the TELs as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. The ION 1200 requires 3 tamper evident labels while the ION 1200-C-NA/IONStandards
FIPS 140-3, FIPS 197, FIPS140-3, FIPS 186-4, FIPS 198-1, FIPS 180-4, SP 800-38D, SP 800-38A, SP 800-140B, SP 800-90B, PKCS#1, RFC 5288, ISO/IEC 24759File metadata
| Author | Richard Wang |
|---|---|
| Creation date | D:20240617182816-04'00' |
| Modification date | D:20240617182816-04'00' |
| Pages | 32 |
| Creator | Microsoft® Word 2016 |
| Producer | Microsoft® Word 2016 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
04.04.2025 The certificate data changed.
Certificate changed
The PDF extraction data was updated.
- The keywords property was updated, with the
{'crypto_protocol': {'__update__': {'SSH': {'__insert__': {'SSHv2': 28}}}}}data.
- The keywords property was updated, with the
-
24.02.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The exceptions property was updated.
-
12.08.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf.
- The certificate_pdf_url property was set to
-
15.07.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name Palo Alto Networks SD-WAN Instant-On Network (ION) Devices ION 1200, ION 1200-S, ION 3200, ION 5200, and ION 9200 was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4719,
"dgst": "7a36b30f042b6325",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"HMAC DRBGA3564",
"SHA2-224A3564",
"RSA SigVer (FIPS186-4)C170",
"SHA2-512A3565",
"RSA SigGen (FIPS186-4)A3563",
"ECDSA SigGen (FIPS186-4)A3563",
"HMAC-SHA2-384A3565",
"AES-CBCA3565",
"HMAC-SHA2-224A3563",
"SHA-1C170",
"AES-CTRA3563",
"AES-GCMA3564",
"ECDSA KeyGen (FIPS186-4)A3564",
"SHA2-256C170",
"AES-ECBA3563",
"KDF IKEv2A3563",
"ECDSA SigVer (FIPS186-4)A3563",
"HMAC-SHA2-512A3565",
"KDF SSHA3563",
"SHA2-384A3565",
"Counter DRBGA3563",
"KDF SNMPA3563",
"HMAC-SHA2-256A3565",
"KAS-ECC-SSC Sp800-56Ar3A3564",
"KDF TLSA3564",
"HMAC-SHA-1A3563",
"RSA KeyGen (FIPS186-4)A3563"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"6.1.2"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 20
},
"ECDH": {
"ECDH": 2,
"ECDHE": 39
},
"ECDSA": {
"ECDSA": 45
}
},
"FF": {
"DH": {
"Diffie-Hellman": 7
}
},
"RSA": {
"RSA 2048": 3
}
},
"certification_process": {
"OutOfScope": {
"of the TELs as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. The ION 1200 requires 3 tamper evident labels while the ION 1200-C-NA/ION": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 3
},
"CTR": {
"CTR": 1
},
"ECB": {
"ECB": 1
},
"GCM": {
"GCM": 6
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKEv2": 9
},
"SSH": {
"SSH": 43,
"SSHv2": 28
},
"TLS": {
"TLS": {
"TLS": 55,
"TLS 1.2": 1,
"TLSv1.2": 33
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 2
},
"MAC": {
"MAC": 2
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-224": 18,
"P-256": 21,
"P-384": 40,
"P-521": 36,
"curve P-256": 1
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 1
}
},
"fips_certlike": {
"Certlike": {
"AES-256": 2,
"AES-CBC 128": 2,
"AES-CBC 256": 4,
"AES-GCM 256": 4,
"HMAC-SHA-1": 22,
"PKCS#1": 10,
"RSA 2048": 3,
"SHA-1": 7,
"SHA2-256": 21,
"SHA2-384": 5,
"SHA2-512": 7
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"Level 2": 3,
"level 2": 1
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 7
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 50
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 15,
"FIPS 180-4": 12,
"FIPS 186-4": 16,
"FIPS 197": 7,
"FIPS 198-1": 11,
"FIPS140-3": 2
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-140B": 1,
"SP 800-38A": 4,
"SP 800-38D": 3,
"SP 800-90B": 3
},
"PKCS": {
"PKCS#1": 5
},
"RFC": {
"RFC 5288": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 15,
"AES-": 2,
"AES-256": 2
},
"CAST": {
"CAST": 1
}
},
"constructions": {
"MAC": {
"HMAC": 28
}
}
},
"tee_name": {
"AMD": {
"PSP": 25
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Richard Wang",
"/CreationDate": "D:20240617182816-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2016",
"/ModDate": "D:20240617182816-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2016",
"pdf_file_size_bytes": 1993601,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"about:blank",
"http://www.paloaltonetworks.com/"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 32
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "58d8700de54f144cf1496d921202936d433ed20e0fb00d556ba63f5030941c73",
"policy_txt_hash": "ba2f8a8ef0e4dc6afb8821d40638c6be4b692748f8c2271f889d0f06baed4584"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim Validation. The tamper evident seals installed as indicated in the Security Policy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf",
"date_sunset": "2026-07-10",
"description": "The Palo Alto Networks SD-WAN Instant-On Network (ION) Devices (ION 1200, ION 1200-S, ION 3200, ION 5200 and ION 9200) enable the integration of a diverse set of wide area network (WAN) connection types, improve application performance and visibility, enhance security and compliance, and reduce the overall cost and complexity of your WAN.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Operational environment: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A"
],
"fw_versions": "6.1.2",
"historical_reason": null,
"hw_versions": "[ION 1200, ION 1200-C-NA, ION 1200-C-ROW, ION 1200-C-5G-WW, ION 1200-S, ION 1200-S-C-NA, ION 1200-S-C-ROW, ION 1200-S-C-5G-WW, ION 3200] with FIPS Kit P/N 920-000363, and [ION 5200 and ION 9200] with FIPS Kit P/N 920-000333",
"level": 2,
"mentioned_certs": {},
"module_name": "Palo Alto Networks SD-WAN Instant-On Network (ION) Devices ION 1200, ION 1200-S, ION 3200, ION 5200, and ION 9200",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-07-11",
"lab": "GOSSAMER SECURITY SOLUTIONS INC",
"validation_type": "Initial"
}
],
"vendor": "Palo Alto Networks, Inc.",
"vendor_url": "http://www.paloaltonetworks.com"
}
}