I do understand that we use the master key for encrypting our private keys and passwords stored on the firewall. However I am wondering why we should touch this key at anytime? What is the default lifetime of the default master key? I assume it to be 0 (=infinite) as I cant find anything about this question even in the PANOS admin guide. Please clarify:
- What is the default lifetime of the native/default master key?
- Why should we change it (periodically? How often?)
Thanks and kind regards,
Solved! Go to Solution.
The default master key is infinite and will never expire. You would want to modify this prior to deploying the firewalls as best practice as by default everyone has the same master key from factory. Essentially if you never change this key it would be easier for someone to get your password by reverse engineering your hash values.
You can obviously modify the master key post deploy if you want, you just have to take more care to do it properly and insure the consequences of modifying the master key won't kill off any of your existing processes.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!