To use AES-256-GCM, the devices Panorama manages and Panorama
must run PAN-OS 10.0. This also applies to
HA pairs. The default
encryption algorithm that the master key uses to encrypt data is
AES-256-CBC, to maintain compatibility among devices that Panorama
manages and between firewall HA pairs until all of the devices can
upgrade to PAN-OS 10.0. The
crypto entries in the System
log show master key activity.