Palo Alto Networks Panorama management appliances provide centralized monitoring and management of Palo Alto Networks next-generation firewalls and Wildfire appliances. It provides a single location from which administrators can oversee all applications, users, and content traversing the whole network, and then use this knowledge to create application enablement policies that control and protect the network. Using Panorama for centralized policy and firewall management increases operational efficiency in managing and maintaining a network of firewalls.
\r\nThe TOE models included in the evaluation are Palo Alto Networks Panorama M-200, M-300, M-600, and M-700 models, and Panorama Virtual Appliance, all running version 11.1.
\r\nThe Panorama Virtual Appliance is supported on the following hypervisors:
\r\nThe evaluated version of the TOE consists of Palo Alto Panorama 11.1.9-c2 running on the following physical and virtual appliances:
The Panorama Virtual Appliance is supported on the following hypervisors:
The CCTL conducted evaluation testing of the Panorama Virtual Appliance on the following platforms:
VMware ESXi 7.0:
Microsoft Hyper-V Server 2019:
Linux KVM 4 Ubuntu 20.04:
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the collaborative Protection Profile for Network Devices [NDcPP] and Functional Package for Secure Shell (SSH) [SSHPKG]. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the guidance document, satisfies all of the security functional requirements stated in the Palo Alto Networks M-200, M-300, M-600, and M-700 Hardware, and Virtual Appliances all running Panorama 11.1 Security Target. The evaluation was completed in May 2025. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
","environmental_strengths":"Security Audit
\r\nThe TOE generates logs for security relevant events including the events specified in [NDcPP] and [SSHPKG]. By default, the TOE stores the logs locally so they can be accessed by an administrator. The TOE can also be configured to send the logs securely to a designated external log server.
\r\nCryptographic Support
\r\nThe TOE implements NIST-validated cryptographic algorithms that provide key management, random bit generation, encryption/decryption, digital signature generation and verification, cryptographic hashing, and keyed-hash message authentication features in support of higher-level cryptographic protocols, including SSH and TLS.
\r\nIdentification and Authentication
\r\nThe TOE requires all users accessing the TOE user interfaces to be successfully identified and authenticated before they can access any security management functions available in the TOE. The TOE offers remote network accessible (HTTPS, SSH) connections to the GUI and CLI for interactive administrator sessions and HTTPS for XML and REST APIs.
\r\nThe TOE supports the local (i.e., on device) definition and authentication of administrators with username, password or public-key, and role (set of privileges), which it uses to authenticate the human user and to associate that user with an authorized role. In addition, the TOE can authenticate users using X.509 certificates and can be configured to lock a user out after a configurable number of unsuccessful authentication attempts.
\r\nSecurity Management
\r\nThe TOE provides a GUI, CLI, or API (XML and REST) to access the security management functions. Security management commands are limited to administrators and are available only after they have provided acceptable user identification and authentication data to the TOE. The TOE provides access to the GUI/API/CLI remotely using an HTTPS/TLS or SSHv2 client.
\r\nThe TOE provides a number of management functions and restricts them to users with the appropriate privileges. The management functions include the capability to configure the audit function, configure the idle timeout, and review the audit trail. The TOE provides pre-defined Security Administrator, Audit Administrator, and Cryptographic Administrator roles. These administrator roles are all considered Security Administrator as defined in the [NDcPP].
\r\nProtection of the TSF
\r\nThe TOE implements mechanisms to protect itself to ensure the reliability and integrity of its security features.
\r\nIt protects particularly sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability).
\r\nThe TOE includes functions to perform self-tests so that it can detect when it is failing. It also includes mechanism to verify TOE updates to prevent malicious or other unexpected changes in the TOE.
\r\nTOE Access
\r\nThe TOE provides the capability to terminate a remote interactive session after a period of inactivity and supports administrator-initiated termination of the administrator’s own interactive session. The TOE will display an advisory and consent warning message regarding unauthorized use of the TOE before establishing a user session.
\r\nTrusted Path/Channels
\r\nThe TOE protects interactive communication with remote administrators using SSH or HTTP over TLS (HTTPS). SSH and TLS ensure both integrity and disclosure protection of channel data.
\r\nThe TOE protects communication with the syslog server, Palo Alto Networks firewalls and Wildfire Appliances using TLS connections.
","features":[{"id":3262,"feature_name":"Asymmetric Key Generation"},{"id":3340,"feature_name":"Auditing"},{"id":3265,"feature_name":"Cryptographic Hashing"},{"id":3263,"feature_name":"Cryptographic Key Establishment"},{"id":3264,"feature_name":"Cryptographic Signature Verification"},{"id":3261,"feature_name":"DRBG"},{"id":3339,"feature_name":"Flaw Remediation"},{"id":3266,"feature_name":"Keyed-hash message authentication"},{"id":3260,"feature_name":"SSH Server"}]}