I am in a task to change master key of a active standby pair.
I have followed all the instruction recommended by palo alto but while clicking "ok" after providing new key its getting invalid "candidate configuration.master key change aborted" error message.
If any one has any suggestions on this, please write.
first of all I wont recommend touching the master key and only if necessary. When prompted to enter the new key,
- how do you handle to the "current key" field?
- what do you enter to the rest of the fields?
I guess you can not go without either "reminder" or "auto key renewal". Has the master key changed before or is it default?
Modifying the master key is fine, but I would recommend that this should be done with caution. The last thing that you want to do is let a master key expire because you didn't setup reminders or nobody else knows that it's something that's going to need to be looked after.
The first thing that I would check is that there isn't any other pending changes, the master key update will fail unless all pending changes have been cleared or committed to the firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!