Next-Generation Firewall
Refresh a Pre-Shared Key
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
Refresh a Pre-Shared Key
Refresh the Pre-Shared Key for an Auto VPN cluster on Strata Cloud Manager.
Where Can I Use This? | What Do I Need? |
---|---|
|
One of these licenses:
|
Auto
VPN allows you to configure secure connectivity between your managed
firewalls using SD-WAN. Peers in the VPN cluster use a pre-shared key to mutually
authenticate each other. To strengthen your security posture, Palo Alto Networks
recommends refreshing the pre-shared keys used for authenticating VPN tunnels for
existing VPN clusters periodically to ensure your VPN tunnels are not
compromised.
Refreshing the pre-shared key may cause a temporary service disruption. To avoid
impact to your business, Palo Alto Networks recommends scheduling a maintenance
window to ensure you can resolve and service disruption issues outsides of
business hours.
- Log in to Strata Cloud Manager.Configure Auto VPN.Select ManageConfigurationNGFW and Prisma AccessOverviewConfigurationNGFW and Prisma AccessSetup and select the Global configuration scope.Select Global SettingsAuto VPNVPN ClustersAuto VPNVPN Clusters.Locate the VPN cluster for which you want to refresh the pre-shared key.In the Pre-Shared Key Generated Data column, click Refresh Key.A new Config Push to Redresh the Pre-Shared Key is displayed.Check Acknowledge the possible service disruption.You are prompted that refreshing the pre-shared key may cause a service disruption as the new pre-shared key generates a new security association (SA) for all SD-WAN firewalls in the VPN cluster. You must acknowledge the possibility of a service disruption due to refreshing the pre-shared key to continue.Push.