On physical and virtual Palo Alto Networks devices, you can configure the master key to use the AES-256-CBC or the AES-256-GCM (introduced in PAN-OS 10.0) encryption algorithm to encrypt data such as keys and passwords. AES-256-GCM provides stronger encryption than AES-256-CBC and improves your security posture. It also includes a built-in integrity check. The master key uses the configured encryption algorithm to encrypt sensitive data stored on the firewall and on Panorama. When you set the encryption algorithm to AES-256-GCM, you can still use an HSM to encrypt the master key with an encryption key that is stored on the HSM.

The default encryption algorithm that the master key uses to encrypt data is AES-256-CBC—the same algorithm that the master key used prior to PAN-OS 10.0. AES-256-CBC is the default encryption level because when you manage firewalls with Panorama, the managed firewalls may be on different PAN-OS releases, and firewalls on PAN-OS releases earlier than PAN-OS 10.0 do not support AES-256-GCM. This is why Panorama must use the lowest level of encryption that its managed devices can use. For example, if some managed devices run PAN-OS 10.0 and some run earlier versions, Panorama must use AES-256-CBC. However, if all managed devices run PAN-OS 10.0 or later, then Panorama and all of its managed devices can use AES-256-GCM.

When you change the encryption algorithm to AES-256-GCM, devices use it instead of AES-256-CBC to encrypt sensitive data. When you change from one algorithm to another, you can also specify whether to: