Every firewall and Panorama management server has a default master key that encrypts all the private keys and passwords in the configuration to secure them (such as the private key used for SSL Forward Proxy Decryption).
In a high availability (HA) configuration, ensure both firewalls or Panorama management servers in the pair use the same master key. If the master keys differ, HA configuration synchronization will not work properly.
Additionally, if you are using Panorama to manage your firewalls, you must use the same master key on Panorama and all managed firewalls so that Panorama can push configurations to the firewalls.
Device > High Availability > General, edit the Setup and disable (clear) the
your configuration changes.
This step is required before you can deploy a new master key to a firewall HA pair. If you do not disable HA before deploying a new master key, Panorama will lose connectivity to the primary firewall.
Device > Master Key and Diagnostics
and edit the Master Key section.
Current Master Key
if one exists.
Define a new
New Master Key
Confirm New Master Key. The key must contain exactly 16 characters.
To specify the master key
Life Time, enter the number of
after which the key will expire.
You must configure a new master key before the current key expires. If the master key expires, the firewall or Panorama automatically reboots in Maintenance mode. You must then
Reset the Firewall to Factory Default Settings.
Time for Reminder
that specifies the number of
before the master key expires when the firewall generates an expiration alarm. The firewall automatically opens the System Alarms dialog to display the alarm.
To ensure the expiration alarm displays, select
Device > Log Settings, edit the Alarm Settings, and