cfg export + master key hash

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

cfg export + master key hash

L2 Linker

Dear Community,

 

I have found this side note in an article regarding the master key on the firewall.

 

"Without the Master Key, when a configuration is exported from a firewall, the password is hashed and can be copied."

 

Basically its the exact answer of the question I originally had. I am facing a situation where a firewall crashed. I have received the new firewall and have the certificates and the running config saved locally. 

 

When trying to import the config the firewall skips basically every entries in regards to password or keys and shows this as error messages. I do understand the firewall is unable to decrypt those data without a matching master key.

 

However from where do I retrive the master key hash and do I assume correclty to use the hash as the password for the imported config?

 

Thanks.

 

Kind regards,

 

Rene

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@Rboehme,

That's not how it works. If you don't know what the previous master key was set to at the time of the crash, it doesn't matter that you have the hash values. The hash values are created with the device's master key, so a hash value without the same master key in use is absolutely pointless as the system is unable to read it. The master key between the devices either need to match, or you will need to regenerate all passwords and keys. 

 

 

View solution in original post

1 REPLY 1

Cyber Elite
Cyber Elite

@Rboehme,

That's not how it works. If you don't know what the previous master key was set to at the time of the crash, it doesn't matter that you have the hash values. The hash values are created with the device's master key, so a hash value without the same master key in use is absolutely pointless as the system is unable to read it. The master key between the devices either need to match, or you will need to regenerate all passwords and keys. 

 

 

  • 1 accepted solution
  • 2799 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!