Next-Generation Firewall
Refresh a Pre-Shared Key
Table of Contents
Refresh a Pre-Shared Key
Refresh the Pre-Shared Key for an Auto VPN cluster on Strata Cloud Manager.
Contact your account team to enable Cloud Management for NGFWs using
Strata Cloud Manager.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of these:
|
Auto VPN
allows you to configure secure connectivity between your managed firewalls using
SD-WAN. Peers in the VPN cluster use a pre-shared key to mutually authenticate each
other. To strengthen your security posture, Palo Alto Networks recommends refreshing
the pre-shared keys used for authenticating VPN tunnels for existing VPN clusters
periodically to ensure your VPN tunnels are not compromised.
Refreshing the pre-shared key may cause a temporary service disruption. To avoid
impact to your business, Palo Alto Networks recommends scheduling a maintenance
window to ensure you can resolve and service disruption issues outsides of
business hours.
- Log in to Strata Cloud Manager.Configure Auto VPN.Select and in the Overview, select the Global configuration scope.Select .Locate the VPN cluster for which you want to refresh the pre-shared key.In the Pre-Shared Key Generated Data column, click Refresh Key.A new Config Push to Redresh the Pre-Shared Key is displayed.Check Acknowledge the possible service disruption.You are prompted that refreshing the pre-shared key may cause a service disruption as the new pre-shared key generates a new security association (SA) for all SD-WAN firewalls in the VPN cluster. You must acknowledge the possibility of a service disruption due to refreshing the pre-shared key to continue.Push.
