NIAP: Assurance Continuity
  NIAP  »»  Product Compliant List  »»  Product Entry  »»  Assurance Continuity  
Assurance Continuity - Palo Alto Networks M-100, M-200, M-500, and M-600 Hardware, and Virtual Appliances all running Panorama 9.1.8

Date of Maintenance Completion:  2021.04.22

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.1

Original Evaluated TOE:  2020.08.17 - Palo Alto Networks M-100, M-200, M-500, and M-600 Hardware, and Virtual Appliances all running Panorama 9.0

CC Certificate [PDF] Validation Report [PDF] Assurance Activity [PDF]

Administrative Guide [PDF]

Please note:  The above files are for the Original Evaluated TOE.  Consequently, they do not refer to this maintained version, although they apply to the maintained version. 

Security Target [PDF] * Assurance Continuity Maintenance Report [PDF] Administrative Guide [PDF]

Please note:  This serves as an addendum to the VR for the Original Evaluated TOE. 

* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product.  Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate.  Such assurance can only be gained through re-evaluation. 

Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary.  A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target.  Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents. 

Product Description

Changes to the TOE:

The TOE consists of the Panorama M-100, M-200, M-500 and M-600 appliances and virtual appliances all running PAN-OS version 9.1.8 (hereafter Panorama, i.e., the TOE). The vendor made software changes to the PAN-OS that addressed bug fixes and added new features to the software, revising it from the evaluated Panorama version 9.0 to version 9.1.8.

TOE new features:

New features have been identified in the table below. Each table includes the feature name and a description of the feature.  The description also explains the impact of the feature on the evaluation and its inclusion or exclusion from the evaluation.




The PAN-OS software can include a native SD-WAN subscription to provide intelligent and dynamic path selection on top of what the PAN-OS security software already delivers. Secure SD-WAN provides the optimal end user experience by leveraging multiple ISP links to ensure application performance and scale capacity. The SD-WAN capability is considered out of scope for the Panorama evaluation. The ST and AGD have been updated to exclude this functionality.

SAML Authentication

SAML Authentication is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP). External authentication is outside the scope of the evaluation. The ST and AGD have been updated to exclude this functionality.

Simplified Application Dependency Workflows

You now have simplified workflows to find and manage application dependencies.

You can see and address application dependencies immediately in the Application tab as you create a new Security policy rule or add new applications to an existing rule.

Commits provide another checkpoint for dependencies. When a policy rule does not include all application dependencies, you can directly access the associated Security policy rule from the Commit dialog to add the required applications.

The simplified application dependency workflow does not impact the security functionality or the SFRs in the Panorama.

Increased System Disk for the Panorama Virtual Appliance

To support larger data sets for large-scale firewall deployments, PAN-OS 9.1 gives you the option to expand the Panorama virtual appliance system disk to 224GB. While the 81GB system disk is still supported, increasing the system disk ensures:

Sufficient disk space for dynamic updates when managing large-scale firewall deployments.

Expand storage for monitoring and reporting for managed firewall health and SD-WAN monitoring and reporting data at high-scale in Panorama mode.

This new feature of expanding the Panorama virtual appliance system disk to 224 GB for v9.1 does not affect any of the SFRs or security functionality in the Panorama 9.1.8 Maintenance Assurance.

Automatic Panorama Connection Recovery

To ensure that you do not commit a configuration change that inadvertently causes the firewall to lose connectivity to Panorama, PAN-OS 9.1 can automatically revert the Panorama and firewall configuration to the previous running configuration. For example, if you perform configuration changes to the service routes, and as a result the change blocks traffic from the firewall to Panorama, the firewall’s hourly connectivity checks can trigger Automatic Panorama Connection Recovery to revert the configuration back to the last running configuration to restore the connection to Panorama. This recovery ensures that a configuration change won’t cause a loss in productivity or require you to physically access the firewall.

The Automatic Panorama Connection Recovery was not evaluated. Only the secure TLS connections between the firewalls and Wildfire to the TOE were evaluated. The ST and AGD have been updated to exclude this functionality.

PAN-OS REST API request parameters and error responses

The REST API methods now accept the API key only through a custom HTTP header and no longer as a query parameter. To authenticate your REST API request to the firewall or Panorama, use the custom HTTP header X-PAN-Key: to include the API key in the HTTP header. This change applies only to the REST API; the XML API is unchanged.

The REST API methods now implement both rename and move with custom HTTP mappings instead of action query parameters. Examples of the new and previous conventions are below.

Rename an address:

New convention: POST /restapi//objects/addresses:rename

Replaces: POST /restapi//objects/addresses?action=rename

Move a security policy rule:

New convention: POST /restapi//policies/securityrules:move

Replaces: POST /restapi//policies/securityrules?action=move

There is a new error response format for all REST API methods. This new format offers consistent and reliable error reporting that includes both human-readable messages and parsable error codes. The format includes overall request status, product-specific error codes, and details that will give the caller the maximum amount of data available if an error does occur.

The REST API URIs now denote version with a v prefix for versions 9.1 and beyond. Examples of the new and previous conventions are below:

New convention: GET /restapi/v9.1/objects/addresses

Replaces: GET /restapi/9.0/objects/addresses

This change in default behavior does not affect any of the SFRs or security functionality in the Panorama 9.1.8 Maintenance Assurance. No updates are required for the ST or AGD documents.

Vendor Information

Palo Alto Networks, Inc
Jake Bajic
(669) 235-9283
(669) 444-6627
Site Map              Contact Us              Home