Do master keys automatically get renewed?

Do master keys automatically get renewed?

22119
Created On 02/04/19 23:03 PM - Last Modified 03/22/19 20:29 PM


Question


The master key encrypts all passwords and private keys on the firewall or Panorama (such as the RSA key for authenticating administrators who access the CLI). Encrypting passwords and keys improves security by ensuring their plaintext values are not exposed anywhere on the firewall or Panorama

Environment


  • Panorama
  • Firewall
  • PAN-OS 9.0
  • Master key

Answer


Starting in 9.0, master-keys can automatically be renewed with the same master key
Auto renew master key
  • Enable to automatically renew the master key for a specified number of days and hours
  • Disable (clear) to allow the master key to expire after the configured key life time

Additional Information


Refer to the 9.0 PAN-OS® New Features Guide for more information 
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features.html
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmjsCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language