Can Panorama manage master-key on the firewall?

Can Panorama manage master-key on the firewall?

10306
Created On 02/04/19 23:01 PM - Last Modified 03/22/19 20:29 PM


Question


Panorama, firewalls, Log Collectors, and WF-500 appliances use a master key to encrypt sensitive elements in a configuration. As part of a standard security practice, you must renew the key on each individual firewall, Log Collector, WildFire appliance, and Panorama when your master key expires

Environment


  • Panorama
  • Firewall
  • PAN-OS 9.0
  • Master key

Answer


Starting with PAN-OS 9.0, deploying a new master key to multiple firewalls can be performed centrally through the Panorama. Before PAN-OS 9.0, the master keys must be updated individually on each device. 

A new “Deploy Master Key” button has been added:
  • Managed Devices
  • Managed Collectors
  • Managed WildFire Appliances
On the GUI, navigate to Panorama > Managed Devices > Summary
Managed Devices

Deploy Master Key

The Deploy Master Key dialog box will display a list of all connected devices
  • No filter for connection state
  • Devices must be connected in order to deploy Master Keys
  • Select devices for deployment, then click “Change”

Additional Information


How to create a master key on the CLI
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsbCAC

Refer to the 9.0 PAN-OS® New Features Guide for more information 
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features.html
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmjnCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language