Enable this option only if the master key
is encrypted on a Hardware Security Module (HSM). You cannot use
HSM on a dynamic interface such as a DHCP client or PPPoE. The
HSM configuration is not synchronized between peer firewalls in HA
mode. Therefore, each peer in an HA pair can connect to a different HSM
source. If you are using Panorama and need to keep both peer configurations
in sync, use Panorama templates to configure the HSM source on the
managed firewalls. The PA-220 does not support HSM. |