Palo Alto Networks (PAN) firewalls are FIPS-140-2 certified.  FIPS certification is generally required for use of firewalls in the government space.  Equally important as FIPS 140-2 mode is the ability to use 2FA (two-factor authentication) to provide strong login security to PAN-protected networks.

However, FIPS mode in PAN turns off the ability to use 2FA via the RADIUS security protocol even though RADIUS is the predominantly used security protocol in products capable of enabling 2FA in firewalls, VPNs, and the like.  This leaves PAN customers in a dilemma, actually more like leaving them between “a rock and a hard place”, because 2FA is as important to network security as is FIPS 140-2 certification!!

Green Rocket Security has a solution to this dilemma.  Probably the only solution currently on the market, it enables using PAN in FIPS mode and provides 2FA via our GreenRADIUS server which has been modified to use a different protocol than RADIUS.

The Green Rocket Security 2FA solution for PAN in FIPS mode:

• enables 2FA for PAN logins when running in FIPS-140-2 mode
• supports secure 2FA via a protocol combination allowed in FIPS mode
• integrates with Active Directory or OpenLDAP to validate the first factor for authentication (username and password)
• supports multiple tokens per user (hard and soft tokens)
• features auto-provisioning that simplifies the initial rollout of tokens
• includes a self-service portal for self-assignment of tokens and token re-synchronization
• provides authentication and token assignment reports

If you have a PAN firewall in FIPS mode and would like to add a strong security layer in two-factor authentication, contact us today to learn more about how GreenRADIUS can meet your requirements.