Deploy new, or renew expiring master keys, to firewalls,
log collectors, and WF-500 appliances from the Panorama™ management
server when using the Panorama Interconnect plugin.
Panorama, firewalls, Log Collectors, and WF-500
appliances use a master key to encrypt sensitive elements in the
configuration and they have a default master key they use to encrypt
passwords and configuration elements.
As part of a standard
security practice, you must renew the key on each individual firewall,
Log Collector, WildFire appliance, and Panorama when your master
key expires. The master key deployed to your managed devices must
be the same for the Panorama Controller, Panorama Nodes, and managed
devices to successfully push the configuration. To ensure a uniform
key deployment, deploy a new master key or renew an expiring master
key on multiple firewalls, Log Collectors, and WF-500 appliances
directly from Panorama. When using Panorama Interconnect, you must
configure and deploy the same master key for the Panorama Controller and
all Panorama Nodes and managed devices during a single procedure.
To deploy a master key to managed devices, you must configure the
master key on each Panorama Node and deploy them to all devices
managed by that node. See Configure the Master Key for
the master key on the Panorama Controller.