cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this solution

L5 Sessionator

The decryption key is used only when the firewall from where the config xml file was exported out had a master key configured.

The master key is used to encrypt private keys on the firewall. This includes the RSA key used to authenticate the server when logging into CLI, The private key used by the  web server when logging into the web interface, as well as any other keys loaded onto the firewall.

Without the masterkey, when we export the config off a firewall, the passwords are hashed, and this hash can be copied. Masterkey provides more security to the passwords.

Lets say we have firewall A and firewall B. Firewall A has the master key specified and we are exporting the configuration xml from firewall A. When you import and load this file from firewall A to firewall B, you have to use the same key on firewall B, so that you can decrypt the keys that were configured on firewall A.

The masterkey can be configured as shown below:

masterkey.JPG.jpg

BR,

Karthik RP

View solution in original post

Who Me Too'd this solution