Do master keys automatically get renewed?
23098
Created On 02/04/19 23:03 PM - Last Modified 03/22/19 20:29 PM
Question
The master key encrypts all passwords and private keys on the firewall or Panorama (such as the RSA key for authenticating administrators who access the CLI). Encrypting passwords and keys improves security by ensuring their plaintext values are not exposed anywhere on the firewall or Panorama
Environment
- Panorama
- Firewall
- PAN-OS 9.0
- Master key
Answer
Starting in 9.0, master-keys can automatically be renewed with the same master key
- Enable to automatically renew the master key for a specified number of days and hours
- Disable (clear) to allow the master key to expire after the configured key life time
Additional Information
Refer to the 9.0 PAN-OS® New Features Guide for more information
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features.html