Learn about new Certificate Management features in PAN-OS® 10.0.
New Certificate Management Feature
Description
Master Key Encryption Enhancement
On physical and virtual Palo Alto Networks appliances,
you can now configure the Master Key to use the AES-256-GCM encryption
algorithm to encrypt data. The AES-256-GCM encryption algorithm
increases encryption strength to protect keys better and also includes
a built-in integrity check. When you change the encryption level
to AES-256-GCM, devices use it instead of the AES-256-CBC encryption
algorithm when encrypting keys and other sensitive data.
HSM Enhancements
Newer client driver versions are now supported for
SafeNet and nCipher Hardware Security Module (HSM) appliances:
SafeNet:
You can select from versions 5.4.2 or 7.2.
Additionally,
you can choose to have your firewall authenticate and establish
trust using manually generated certificates.
nCipher nShield Connect:
Version 12.40.2 is available
(backward compatible up to v11.50 for older appliances)