Palo Alto Networks Knowledgebase: Character Limitation for Setting Up Master Key on Palo Alto Networks Firewall

Character Limitation for Setting Up Master Key on Palo Alto Networks Firewall

1679
Created On 02/08/19 00:03 AM - Last Updated 02/08/19 00:04 AM
Device Management Initial Configuration Installation QoS Zone and DoS Protection
Resolution

Overview

This document describes how to set up a master key on the Palo Alto Networks firewall.

 

Details

Found under Device > Master Key and Diagnostics, the master key is used to encrypt private keys such as the RSA key that is used to authenticate access to the CLI. The private key is used to authenticate access to the web interface of the firewall, as well as any other keys loaded on the firewall. Because the master key is used to encrypt all other keys, make sure to store the master key in a safe location. Even if a new master key is not specified, private keys are always stored in an encrypted form on the firewall, by default. This master key option offers an added layer of security.

 

master key.png

master key config.png

 

The Palo Alto Networks firewall's master key should be a string of exactly 16 characters. The firewall will accept any combination of upper-case and lower-case alphanumerical and special characters except "$" and "&".

 

Note:  If the master key is forgotten or lost, the only way to reset this key is to factory reset the Palo Alto Networks firewall. If a factory reset is necessary, refer to the following document: How to do a Factory Reset in PAN-OS 4.1 and 5.0

 

Note: If the Life Time expires without a new key having been set, the device will reboot into maintenance mode and will need to be factory reset

 

owner: sgantait



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CljgCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language