Secure & Up-to-Date Password Storage for Internal Users
currently, passwords of internal users are stored as md4 hashes. According to Wikipedia, this hash function was already severely broken 10 years ago: "As of 2007, an attack can generate collisions in less than 2 MD4 hash operations" . IMHO, this is a severe security issue, especially for a security device such as a firewall.
While it's technically true that access to password hashes requires administrative access, those hashes should still be protected, even in case of compromise. This also facilitates insider attacks, and so on...
Therefore, I strongly suggest that password storage follows well-established security principles: Use an up-to-date hash function (e.g. bcrypt, argon2, ...) as well as a salt. For more information, please see any recommendation on password storage by NIST, OWASP, ...