The Palo Alto Networks firewall uses AES-256 to encrypt data using the master key.
Note:The master key encrypts private keys and other secrets (such as passwords and shared keys) on the firewall. These include the RSA key that the firewall uses to authenticate the server when administrators log into the CLI and the private key that the web server uses when administrators log into the web interface. When a configuration is exported from a firewall, the master key encrypts the passwords that the firewall uses for authenticating to external servers.