Next-Generation Firewall
Refresh a Pre-Shared Key
Table of Contents
Refresh a Pre-Shared Key
Refresh the Pre-Shared Key for an Auto VPN cluster on Strata Cloud Manager.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of these licenses:
|
Auto
VPN allows you to configure secure connectivity between your managed
firewalls using SD-WAN. Peers in the VPN cluster use a pre-shared key to mutually
authenticate each other. To strengthen your security posture, Palo Alto Networks
recommends refreshing the pre-shared keys used for authenticating VPN tunnels for
existing VPN clusters periodically to ensure your VPN tunnels are not
compromised.
Refreshing the pre-shared key may cause a temporary service disruption. To avoid
impact to your business, Palo Alto Networks recommends scheduling a maintenance
window to ensure you can resolve and service disruption issues outsides of
business hours.
- Log in to Strata Cloud Manager.Configure Auto VPN.Select and select the Global configuration scope.Select .Locate the VPN cluster for which you want to refresh the pre-shared key.In the Pre-Shared Key Generated Data column, click Refresh Key.A new Config Push to Redresh the Pre-Shared Key is displayed.Check Acknowledge the possible service disruption.You are prompted that refreshing the pre-shared key may cause a service disruption as the new pre-shared key generates a new security association (SA) for all SD-WAN firewalls in the VPN cluster. You must acknowledge the possibility of a service disruption due to refreshing the pre-shared key to continue.Push.
