Refresh a Pre-Shared Key
Focus
Focus
Next-Generation Firewall

Refresh a Pre-Shared Key

Table of Contents

Refresh a Pre-Shared Key

Refresh the Pre-Shared Key for an Auto VPN cluster on Strata Cloud Manager.
Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.
Where Can I Use This?What Do I Need?
One of these:
Auto VPN allows you to configure secure connectivity between your managed firewalls using SD-WAN. Peers in the VPN cluster use a pre-shared key to mutually authenticate each other. To strengthen your security posture, Palo Alto Networks recommends refreshing the pre-shared keys used for authenticating VPN tunnels for existing VPN clusters periodically to ensure your VPN tunnels are not compromised.
Refreshing the pre-shared key may cause a temporary service disruption. To avoid impact to your business, Palo Alto Networks recommends scheduling a maintenance window to ensure you can resolve and service disruption issues outsides of business hours.
  1. Log in to Strata Cloud Manager.
  2. Select ManageConfigurationNGFW and Prisma Access and in the Overview, select the Global configuration scope.
  3. Select Global SettingsAuto VPNVPN Clusters.
  4. Locate the VPN cluster for which you want to refresh the pre-shared key.
  5. In the Pre-Shared Key Generated Data column, click Refresh Key.
    A new Config Push to Redresh the Pre-Shared Key is displayed.
  6. Check Acknowledge the possible service disruption.
    You are prompted that refreshing the pre-shared key may cause a service disruption as the new pre-shared key generates a new security association (SA) for all SD-WAN firewalls in the VPN cluster. You must acknowledge the possibility of a service disruption due to refreshing the pre-shared key to continue.
  7. Push.