End-of-Life (EoL)

Master Key Deployment from Panorama

Deploy new, or renew expiring master keys, from the Panorama™ management server.
Panorama™, firewalls, Log Collectors, and WF-500 appliances use a master key to encrypt sensitive elements in a configuration. As part of a standard security practice, you must renew the key on each individual firewall, Log Collector, WildFire appliance, and Panorama when your master key expires. Starting with PAN-OS 9.0, you can now deploy a new master key to multiple firewalls, Log Collectors, and WF-500 appliances directly from Panorama to ensure a uniform key deployment. See Configure the Master Key for more information.
  1. Select
    Commit
    Commit to Panorama
    and
    Commit
    any pending changes.
    Panorama must re-encrypt data using the new master key. To deploy the master key to managed devices and encrypt the data, you must commit all pending changes before you can successfully deploy the key. The new master key deployment fails if there are any pending changes on the Panorama management server.
  2. Deploy the master key to managed firewalls.
    1. Select
      Panorama
      Managed Devices
      Summary
      and
      Deploy Master Key
      .
    2. Select all devices and
      Change
      the master key.
    3. Configure the master key and click
      OK
      .
    4. Verify that the master key was deployed successfully to all selected devices.
      A System log generates when you deploy a new master key from Panorama.
  3. Deploy the master key to Log Collectors.
    1. Select
      Panorama
      Managed Collectors
      and
      Deploy Master Key
      .
    2. Select all devices and
      Change
      the master key.
    3. Configure the master key and click
      OK
      .
    4. Verify that the master key was deployed successfully to all selected devices.
      A System log generates when you deploy a new master key from Panorama.
  4. Deploy the master key to managed WildFire appliances.
    1. Select
      Panorama
      Managed WildFire Appliances
      and
      Deploy Master Key
      .
    2. Select all devices and
      Change
      the master key.
    3. Configure the master key and click
      OK
      .
    4. Verify that the master key was deployed successfully to all selected devices.
      A System log generates when you deploy a new master key from Panorama.

Recommended For You