- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-07-2023 08:00 AM
Hi,
Is it possible to set a IKEv2 pre-shared key to a hex value in a PAN-OS 9.1 or later NG firewall? Don't see an option with the GUI or CLI.
thanks,
Brian
02-08-2023 03:14 AM
Hello
From PA Admin guide "The Pre-Shared Key value is a string that the administrator creates using a maximum of 255 ASCII or non-ASCII characters. Generate a key that is difficult to crack with dictionary attacks; use a pre-shared key generator, if necessary. "
02-08-2023 08:11 PM
Hello Brianjsmith7, I think, according to the documentation, what they meant is that you can also use Unicode. I don't think it allows you to use '0x' when giving hexadecimal characters. It reads that as a string of characters. For example, '48656C6C'.
02-08-2023 03:14 AM
Hello
From PA Admin guide "The Pre-Shared Key value is a string that the administrator creates using a maximum of 255 ASCII or non-ASCII characters. Generate a key that is difficult to crack with dictionary attacks; use a pre-shared key generator, if necessary. "
02-08-2023 08:34 AM
yes, but that does not answer my question. How does PAN-OS know the key entry format to convert to binary? Otherwise, I assume it considers the entry ascii. Can I use, for example, 0x before a hex string?
02-08-2023 09:20 AM
nope. How does PAN-OS know the key entry format to convert to binary? Otherwise, I assume it considers the entry ascii. Can I use, for example, using 0x before a hex string does not work.
02-08-2023 08:11 PM
Hello Brianjsmith7, I think, according to the documentation, what they meant is that you can also use Unicode. I don't think it allows you to use '0x' when giving hexadecimal characters. It reads that as a string of characters. For example, '48656C6C'.
02-09-2023 12:47 PM
Thank you for your answer. I get something similar from support. So I conclude PA does not support binary keys, since I dont think all bit combinations are supported by unicode characters that could be entered, such as control keys.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!