HSM clients are integrated with PA-3200 Series,
PA-5200 Series, PA-7000 Series, and VM-Series firewalls and with
the Panorama management server (both virtual and M-Series appliances)
for use with the following HSM vendors:
—PAN-OS 9.0 and 8.1 support nCipher nShield client
version 12.30. PAN-OS 8.0 and earlier releases support client version
—The supported client versions depend on
the PAN-OS release:
PAN-OS 9.0—SafeNet Network client
versions 5.4.2 and 6.3.
PAN-OS 8.1—SafeNet Network client versions 5.4.2 and 6.2.2.
PAN-OS 8.0.2 and later PAN-OS 8.0 releases (also PAN-OS 7.1.10
and later PAN-OS 7.1 releases)—SafeNet Network client versions 5.2.1,
5.4.2, and 6.2.2.
The HSM server version
must be compatible with these client versions. Refer to the HSM
vendor documentation for the client-server version compatibility
matrix. On the firewall or Panorama, use the following procedure
to select the SafeNet Network client version that is compatible
with your SafeNet HSM server.
Downgrading HSM servers
might not be an option after you upgrade them.