Fortinet black logo

Administration Guide

Cryptographic Key

FAQ

What is the Cryptographic Key?

The cryptographic key is used by some security modules such as Cookie Security, MiTB, Site Publish and Captcha for encryption and decryption.

Each FortiWeb appliance will generate such a unique and random key to guarantee its security, and this key will not be changed after system reboots or executed with factory reset.

Why do we need to backup or restore the cryptographic key?

On 7.0.2 and later builds, you can backup or restore the cryptographic key via System > Maintenance > Backup & Restore > Cryptographic Key. As this option is hidden by default, you need to enable it in System > Config > Feature Visibility > Cryptographic key Backup/Restore.

In all FortiWeb HA modes including HA Manager mode, this key will be automatically synchronized from the primary node to secondary nodes, so that the same traffic flow can be processed via different appliances in the HA group because it is encrypted and decrypted by the same key. This is crucial for the traffic to be distributed successfully among HA nodes.

For load-balance scenarios in public clouds where multiple FortiWeb appliances are deployed to process traffic flows dispatched by an upstream load-balancer, you need to manually backup the key from one FortiWeb and restore it to all other appliances, because FortiWeb only supports automatic synchronization of the cryptographic key in HA modes.

Please note this key cannot be synchronized via System > Config > Config-Synchronization due to some implementation consideration.

FAQ

What is the Cryptographic Key?

The cryptographic key is used by some security modules such as Cookie Security, MiTB, Site Publish and Captcha for encryption and decryption.

Each FortiWeb appliance will generate such a unique and random key to guarantee its security, and this key will not be changed after system reboots or executed with factory reset.

Why do we need to backup or restore the cryptographic key?

On 7.0.2 and later builds, you can backup or restore the cryptographic key via System > Maintenance > Backup & Restore > Cryptographic Key. As this option is hidden by default, you need to enable it in System > Config > Feature Visibility > Cryptographic key Backup/Restore.

In all FortiWeb HA modes including HA Manager mode, this key will be automatically synchronized from the primary node to secondary nodes, so that the same traffic flow can be processed via different appliances in the HA group because it is encrypted and decrypted by the same key. This is crucial for the traffic to be distributed successfully among HA nodes.

For load-balance scenarios in public clouds where multiple FortiWeb appliances are deployed to process traffic flows dispatched by an upstream load-balancer, you need to manually backup the key from one FortiWeb and restore it to all other appliances, because FortiWeb only supports automatic synchronization of the cryptographic key in HA modes.

Please note this key cannot be synchronized via System > Config > Config-Synchronization due to some implementation consideration.