Select Device > Setup > HSM to configure a Hardware Security Module (HSM) and to view HSM status.
What do you want to know? See:
What is the purpose of a Hardware Security Module (HSM) and where can I find detailed configuration procedures? Secure Keys with a Hardware Security Module
Configure: Hardware Security Module Provider Settings
HSM Authentication
How do I view HSM status? Hardware Security Module Provider Configuration and Status
Hardware Security Module Status
Hardware Security Module Provider Settings
To configure a Hardware Security Module (HSM) on the firewall, edit the Hardware Security Module Provider settings.
Hardware Security Module (HSM) Provider Setting Description
Provider Configured Select the HSM vendor: None —By default, the firewall does not connect to any HSM. SafeNet Network HSM Thales nShield Connect The HSM server version must be compatible with the HSM client version on the firewall
Module Name Specify a module name for the HSM. This can be any ASCII string up to 31 characters long. Create multiple module names if you are configuring a high availability HSM configuration.
Server Address Specify an IPv4 address for any HSM modules you are configuring.
High Availability ( SafeNet Network only ) Select this option if you are configuring the HSM modules in a high availability configuration. The module name and server address of each HSM module must be configured.
Auto Recovery Retry ( SafeNet Network only ) Specify the number of times that the firewall will try to recover its connection to an HSM before failing over to another HSM in an HSM high availability configuration (range is 0–500).
High Availability Group Name. ( SafeNet Network only ) Specify a group name to be used for the HSM high availability group. This name is used internally by the firewall. It can be any ASCII string up to 31 characters long.
Remote Filesystem Address ( Thales nShield Connect Only ) Configure the IPv4 address of the remote file system used in the Thales nShield Connect HSM configuration.
HSM Authentication
Select Setup Hardware Security Module and configure the following settings to authenticate the firewall to the HSM.
HSM Module Authentication Description
Server Name Select an HSM server name from the drop-down.
Administrator Password Enter the administrator password of the HSM to authenticate the firewall to the HSM.
Hardware Security Module Provider Configuration and Status
The Hardware Security Module Provider section shows the HSM configuration settings and the connectivity status of the HSM.
Hardware Security Module (HSM) Provider Status Description
Provider Configured Select the HSM vendor configured on the firewall: None SafeNet Network HSM Thales nShield Connect
High Availability ( SafeNet Network only ) HSM high availability is configured if checked.
High Availability Group Name. ( SafeNet Network only ) The group name configured on the firewall for HSM high availability.
Firewall Source Address The address of the port used for the HSM service. By default this is the management port address. It can be specified as a different port however through the Services Route Configuration in Device > Setup > Services.
Master Key Secured by HSM If checked, the master key is secured on the HSM.
Status Shows green if the firewall is connected and authenticated to the HSM and shows red if the firewall is not authenticated or if network connectivity to the HSM is down. You can also Hardware Security Module Status for more details on the HSM connection.
Hardware Security Module Status
The Hardware Security Module Status section provides the following information about HSMs that have been successfully authenticated. The display is different depending on the HSM provider configured (SafeNet or Thales).
Hardware Security Module Status Description
SafeNet Network Serial Number —The serial number of the HSM partition is displayed if the HSM partition was successfully authenticated. Partition —The partition name on the HSM that was assigned on the firewall. Module State —The current operating state of the HSM connection. This field shows Authenticated if the HSM is displayed in this table.
Thales nShield Connect Name —The Server name of the HSM. IP address —The IP address of the HSM that was assigned on the firewall. Module State —The current operating state of the HSM connection. This setting shows Authenticated if the firewall successfully authenticated to the HSM and shows Not Authenticated if authentication failed.

Related Documentation