Why is a Decryption Key Required When Loading an Imported Configuration File?

Why is a Decryption Key Required When Loading an Imported Configuration File?

26844
Created On 09/25/18 17:50 PM - Last Modified 06/12/23 17:54 PM


Resolution


Details

The decryption key is required when the source Palo Alto Networks firewall (from where the configuration file was exported), has a Master Key configured. The same key that was used on the source firewall must be used on the destination firewall when importing the configuration.

pic1.JPG.jpg

The Master Key is used to encrypt private keys on the firewall, which includes the RSA key used to authenticate the server when logging into CLI and the private key used by the web server when logging into the web interface. Without the Master Key, when a configuration is exported from a firewall, the password is hashed and can be copied. The Master Key provides more security to those passwords.

The Master Key is configured at Device > Master Key and Diagnostics:

masterkey.JPG.jpg

owner: sodhegba
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClK4CAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language