- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-17-2013 05:42 AM
The decryption key is used only when the firewall from where the config xml file was exported out had a master key configured.
The master key is used to encrypt private keys on the firewall. This includes the RSA key used to authenticate the server when logging into CLI, The private key used by the web server when logging into the web interface, as well as any other keys loaded onto the firewall.
Without the masterkey, when we export the config off a firewall, the passwords are hashed, and this hash can be copied. Masterkey provides more security to the passwords.
Lets say we have firewall A and firewall B. Firewall A has the master key specified and we are exporting the configuration xml from firewall A. When you import and load this file from firewall A to firewall B, you have to use the same key on firewall B, so that you can decrypt the keys that were configured on firewall A.
The masterkey can be configured as shown below:
BR,
Karthik RP