AIOps for NGFW Premium license (use the Strata Cloud Manager app)
Auto VPN
allows you to configure secure connectivity between your managed firewalls using
SD-WAN. Peers in the VPN cluster use a pre-shared key to mutually authenticate each
other. To strengthen your security posture, Palo Alto Networks recommends refreshing
the pre-shared keys used for authenticating VPN tunnels for existing VPN clusters
periodically to ensure your VPN tunnels are not compromised.
Refreshing the pre-shared key may cause a temporary service disruption. To avoid
impact to your business, Palo Alto Networks recommends scheduling a maintenance
window to ensure you can resolve and service disruption issues outsides of
business hours.
Locate the VPN cluster for which you want to refresh the pre-shared key.
In the
Pre-Shared Key Generated Data
column, click
Refresh Key
.
A new
Config Push to Redresh the Pre-Shared Key
is
displayed.
Check
Acknowledge the possible service disruption
.
You are prompted that refreshing the pre-shared key may cause a service
disruption as the new pre-shared key generates a new security association
(SA) for all SD-WAN firewalls in the VPN cluster. You must acknowledge the
possibility of a service disruption due to refreshing the pre-shared key to
continue.