Temporary Master Key Expiration Extension

Extend the life time of the Master Key after expiration.
Each firewall and Panorama management server has a default master key that encrypts all private keys and passwords. To more closely control your private key and password encryption, you can create your own master key (DeviceMaster Key and Diagnostics) and configure the lifetime of the key.
In PAN-OS 9.0 you can configure the master key to automatically renew the configured master key for a specified number of days after the lifetime of the master key expires. The Temporary Master Key Expiration Extension allows you to extend the lifetime of the master key if you cannot update it across all managed devices and the Panorama management server at the time of expiration.
To deploy a new master key to firewalls, Log Collectors, and WF-500 appliances, see Master Key Deployment from Panorama.
  1. Log in to the firewall web interface.
  2. Select DeviceMaster Key and Diagnostics and edit the Master Key.
  3. Enable Auto Renew Master Key, and configure the firewall to Auto Renew with Same Master Key for a specified number of days and hours.
    Consider the number of days until your next available maintenance window when configuring the master key to automatically renew after the lifetime of the key expires.
  4. Click OK to apply the auto-renew setting.

Related Documentation