Change the Key Lifetime or Authentication Interval for IKEv2
Where Can I Use
This?
What Do I Need?
PAN-OS
No license required
This task is optional; the default setting of the IKEv2 IKE SA re-key lifetime is 8 hours. The
default setting of the IKEv2 Authentication Multiple is 0, meaning the
reauthentication feature is disabled. For more information, see SA Key Lifetime and Re-Authentication Interval.
To change the default values, perform the following task. A prerequisite is that an IKE Crypto
profile already exists.
Change the SA key lifetime or authentication interval
for an IKE Crypto profile.
Select
Network
Network Profiles
IKE Crypto
and
select the IKE Crypto profile that applies to the local gateway.
For the
Key Lifetime
, select a unit
(
Seconds
,
Minutes
,
Hours
, or
Days
) and
enter a value. The minimum is 3 minutes.
For
IKE Authentication Multiple
, enter a value,
which is multiplied by the lifetime to determine the reauthentication
interval.