When doing inbound SSL decrypt via a Palo Alto firewall, how are the private keys that you load into the FW protected?

Reply
Highlighted
L4 Transporter

When doing inbound SSL decrypt via a Palo Alto firewall, how are the private keys that you load into the FW protected?

I had this question come up from a security minded colleague at work, and it was a good question that I didn't know the answer to.

In order to do SSL decryption for inbound SSL connections to servers that sit "behind" the Palo Alto, the procedure involves loading the SSL private keys onto the PA. Under "normal common sense security best practices," this is inherently a security risk, because the SSL private key of web servers should be protected as much as possible and definitely shouldn't be loaded onto a device that is inherently put on the edge of trusted networks (and usually is on the outer edge of a DMZ even in fact!).

So this begs the question: How are the private keys on a PA protected from tampering or from being stolen? If I steal a passive Palo Alto, can I break into it or remove the hard drives and pull the private keys off? What's to stop me from doing that?


Accepted Solutions
Highlighted
L5 Sessionator

Re: When doing inbound SSL decrypt via a Palo Alto firewall, how are the private keys that you load into the FW protected?

You can specify a master key (Device > Master Key and Diagnostics) to encrypt private keys on the firewall.

Private keys are stored in encrypted form by default,even if a new master key is not specified.

The keys can be transported and they can be imported on a different box if the master key matches.

Without a master key match, the import will fail.

HTH,

AMeya

View solution in original post


All Replies
Highlighted
L5 Sessionator

Re: When doing inbound SSL decrypt via a Palo Alto firewall, how are the private keys that you load into the FW protected?

You can specify a master key (Device > Master Key and Diagnostics) to encrypt private keys on the firewall.

Private keys are stored in encrypted form by default,even if a new master key is not specified.

The keys can be transported and they can be imported on a different box if the master key matches.

Without a master key match, the import will fail.

HTH,

AMeya

View solution in original post

Highlighted
L6 Presenter

Re: When doing inbound SSL decrypt via a Palo Alto firewall, how are the private keys that you load into the FW protected?

Is there a doc describing this including which algos/methods are being used etc?

But as a sidenote to egearhert: If somebody breaks in and steal your PA gear, you should replace the private keys on your servers because they will most likely be affected anyway (somebody untrusted has been inside your datacenter).

Also if Im not mistaken the private key thingy doesnt work if the servers are using DH (Diffie Hellman) for keyexchange.

Another setup might be to use ssl-offloading. For example a setup such as Internet <-> F5 <-> PA <-> server(s) (I exclude routers/switches in this example).

This way the F5 can terminate the ssl-session and in cleartext forward the traffic towards your servers through the PA. Of course the problem of "what if somebody steals the gear" is moved from PA to F5 (or similar device) but still.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!