To log into the Palo Alto Networks firewall, the browser must be TLS 1.0 compatible.
All passwords on the firewall must be at least six characters.
Accounts are locked after the number of failed attempts that is configured on the Device > Setup > Management page. If the firewall is not in FIPS mode, it can be configured so that it never locks out. However, in FIPS mode, the lockout time is required.
The firewall automatically determines the appropriate level of self-testing and enforces the appropriate level of strength in encryption algorithms and cipher suites.
Non-FIPS approved algorithms are not decrypted and are thus ignored during decryption.
When configuring IPSec, a subset of the normally available cipher suites is available.
Self-generated and imported certificates must contain public keys that are 2048 bits (or more).
The exporting of CSRs (Certificate Signing Request) is not supported while in FIPS mode. The following error will appear: Error: download -> certificate -> format 'pkcs10' is not an allowed keyword' be generated
SSH key-based authentication must use RSA public keys that are 2048 bits or higher.
The serial port is disabled.
Management port IP address cannot be changed via maintenance mode console.
Telnet, TFTP, and HTTP management connections are unavailable.