Configure the Master Key
Every firewall and Panorama management server has a default master key that encrypts all the private keys and passwords in the configuration to secure them (such as the private key used for SSL Forward Proxy Decryption).
If a high availability (HA) configuration, you must use the same master key on both firewalls or Panorama in the pair. Otherwise, HA synchronization will not work properly.
Additionally, if you are using Panorama to manage your firewalls, you must use the same master key on Panorama and all managed firewalls so that Panorama can push configurations to the firewalls.
Be sure to store the master key in a safe location. You cannot recover the master key and the only way to restore the default master key is to Reset the Firewall to Factory Default Settings.
- Select DeviceMaster Key and Diagnostics and edit the Master Key section.
- Enter the Current Master Key if one exists.
- Define a new New Master Key and then Confirm New Master Key. The key must contain exactly 16 characters.
- To specify the master key Life Time,
enter the number of Days and/or Hours after
which the key will expire.You must configure a new master key before the current key expires. If the master key expires, the firewall or Panorama automatically reboots in Maintenance mode. You must then Reset the Firewall to Factory Default Settings.
- Enter a Time for Reminder that
specifies the number of Days and Hours before
the master key expires when the firewall generates an expiration
alarm. The firewall automatically opens the System Alarms dialog
to display the alarm.To ensure the expiration alarm displays, select DeviceLog Settings, edit the Alarm Settings, and Enable Alarms.
- (Optional) Select whether to use an HSM to encrypt the master key. For details, see Encrypt a Master Key Using an HSM.
- Click OK and Commit.
Device > Master Key and Diagnostics
Device > Master Key and Diagnostics Select Device Master Key and Diagnostics or Panorama Master Key and Diagnostics to configure the master key that encrypts ...
Encrypt the Master Key
Encrypt the Master Key If you have not previously encrypted the master key on a firewall, use the following procedure to encrypt it. Use this ...
Encrypt a Master Key Using an HSM
Encrypt a Master Key Using an HSM A master key encrypts all private keys and passwords on the firewall and Panorama. If you have security ...
Refresh the Master Key Encryption
Refresh the Master Key Encryption As a best practice, periodically refresh the master key encryption by rotating the wrapping key that encrypts it. The frequency ...
Secure Keys with a Hardware Security Module
Secure Keys with a Hardware Security Module A hardware security module (HSM) is a physical device that manages digital keys. An HSM provides secure storage ...
Define Alarm Settings
Define Alarm Settings Device > Log Settings Use the Alarm Settings to configure Alarms for the CLI and the web interface. You can configure notifications ...
Other Supported Actions to Manage Certificates
Other Supported Actions to Manage Certificates After you generate the certificate, its details display on the page and the following actions are available: Other Supported ...
What Settings Don’t Sync in Active/Passive HA?
What Settings Don’t Sync in Active/Passive HA? You must configure the following settings on each firewall in an HA pair in an active/passive deployment. These ...
Get Your API Key
Get Your API Key To use the API, generate the API key required for authenticating API calls. Request parameters should be URL encoded when used ...