Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
>
Clear
FIPS-CC Security Functions
Updated on
Thu Sep 07 00:09:57 UTC 2023
Focus
Download PDF
Updated on
Thu Sep 07 00:09:57 UTC 2023
Focus
Home
GlobalProtect
GlobalProtect FIPS-CC Certification
FIPS-CC Security Functions
Download PDF
GlobalProtect
FIPS-CC Security Functions
Table of Contents
Filter
Expand All
|
Collapse All
GlobalProtect Docs
Administration
Version
10.1 & Later
9.1
User Guide
Version
6.2
6.1
6.0
5.3
5.2
5.1
New Feature
Version
6.1
6.0
5.2
5.1
Release Notes
Version
6.2
6.1
6.0
5.3
5.2
5.1
Previous
Enable and Verify FIPS-CC Mode Using Microsoft Intune on Android Endpoints
Next
Resolve FIPS-CC Mode Issues
FIPS-CC Security Functions
Security functions are enforced for the GlobalProtect app when you enable FIPS-CC mode.
When you enable FIPS-CC mode for GlobalProtect, the following security functions are applied to all managed GlobalProtect apps on Windows and macOS,
iOS, Android,
and Linux endpoints:
You must configure the gateway to encrypt all VPN tunnels between the GlobalProtect app and gateways using TLS or IPSec.
When you configure an IPSec VPN tunnel on the gateway, you must select a cipher suite option presented during IPSec setup.
When you configure an IPSec VPN tunnel on the gateway, you can specify one of the following encryption algorithms:
AES-CBC-128 (with the
HMAC-
SHA-1 authentication algorithm)
AES-GCM-128
AES-GCM-256
Both server and client certificates must use one of the following signature algorithms:
RSA 2048 bit (or greater)
ECDSA P-256
ECDSA P-384
ECDSA P-521
In addition, you must use a signature hash algorithm of SHA-256, SHA-384, or SHA-512.
GlobalProtect app will enforce strict X.509v3 verification checks on the server certificate.
The verifications checks are based on NIAP's FIA_X509_EXT.1 and FIA_X509_EXT.2 certificate validation and authentication requirements.
Previous
Enable and Verify FIPS-CC Mode Using Microsoft Intune on Android Endpoints
Next
Resolve FIPS-CC Mode Issues
Recommended For You