KMS Support for VM-Series

Integrate cloud native key managers to store certificates.
This release integrates cloud native key managers, Azure Key Vault and AWS Secrets Manager, to store certificates for VM-Series firewalls. Decryption policies are configured using Panorama or the CLI.
For environments using autoscaling, VM-Series instances boot up in a state with the necessary certificates retrieved and ready to decrypt traffic without additional manual configuration.
Consider the following when integrating cloud native key managers:
  • Use a certificate in cloud native key manager for outbound or inbound decryption.
  • Specify the key manager stored certificate as part of bootstrap.
  • Specify the key manager stored certificate as part of the decryption policy on PAN-OS (using VM-Series or through Panorama).
  • Add new certificates, or edit an existing certificate of a decryption profile at any time.
  • View and clear logs containing information about certificates in decryption profiles.
  • You do not have to specify platform specific information beyond certificate details. The VM-Series instance uses the appropriate APIs to communicate with the platform’s native key manager.

Recommended For You