>
    Enable, Disable, Refresh, or Restart an IKE Gateway or IPSec Tunnel
    Focus
    Download PDF
    Focus
    1. Home
    2. Network Security
    3. Monitor Your IPSec VPN Tunnel
    4. Enable, Disable, Refresh, or Restart an IKE Gateway or IPSec Tunnel
    Download PDF
    Network Security

    Enable, Disable, Refresh, or Restart an IKE Gateway or IPSec Tunnel

    Table of Contents

    Enable, Disable, Refresh, or Restart an IKE Gateway or IPSec Tunnel

    Where Can I Use This?What Do I Need?
    • PAN-OS
    		No license required
    You can enable, disable, refresh, or restart an IKE gateway or VPN tunnel to make troubleshooting easier.

    Enable or Disable an IKE Gateway or IPSec Tunnel

    Enable or disable an IKE gateway or IPSec tunnel to make troubleshooting easier.
    • Enable or disable an IKE gateway.
      1. Select NetworkNetwork ProfilesIKE Gateways and select the gateway you want to enable or disable.
      2. At the bottom of the screen, click Enable or Disable.
    • Enable or disable an IPSec tunnel.
      1. Select NetworkIPSec Tunnels and select the tunnel you want to enable or disable.
      2. At the bottom of the screen, click Enable or Disable.

    Refresh or Restart an IKE Gateway or IPSec Tunnel

    You can refresh or restart an IKE gateway or IPSec tunnel. The refresh and restart behaviors for an IKE gateway and IPSec tunnel are as follows:
    Phase
    Refresh
    Restart
    IKE Gateway (IKE Phase 1)
    Updates the onscreen statistics for the selected IKE gateway.
    Equivalent to issuing a second show command in the CLI (after an initial show command).
    Restarts the selected IKE gateway.
    IKEv2: Also restarts any associated child IPSec security associations (SAs).
    IKEv1: Doesn’t restart the associated IPSec SAs.
    A restart is disruptive to all existing sessions.
    Equivalent to issuing a clear, test, show command sequence in the CLI.
    IPSec Tunnel (IKE Phase 2)
    Updates the onscreen statistics for the selected IPSec tunnel.
    Equivalent to issuing a second show command in the CLI (after an initial show command).
    Restarts the IPSec tunnel.
    A restart is disruptive to all existing sessions.
    Equivalent to issuing a clear, test, show command sequence in the CLI.
    Keep in mind that the result of restarting an IKE gateway depends on whether its IKEv1 or IKEv2.
    • Refresh or restart an IKE gateway.
      1. Select NetworkIPSec Tunnels and select the tunnel for the gateway you want to refresh or restart.
      2. In the row for that tunnel, under the Status column, click IKE Info.
      3. At the bottom of the IKE Info screen, click the action you want:
        • Refresh—Updates the statistics on the screen.
        • Restart—Clears the SAs, so traffic is dropped until the IKE negotiation starts over and the tunnel is recreated.
    • Refresh or restart an IPSec tunnel.
      You might determine that the tunnel needs to be refreshed or restarted because you use the tunnel monitor to monitor the tunnel status, or you use an external network monitor to monitor network connectivity through the IPSec tunnel.
      1. Select NetworkIPSec Tunnels and select the tunnel you want to refresh or restart.
      2. In the row for that tunnel, under the Status column, click Tunnel Info.
      3. At the bottom of the Tunnel Info screen, click the action you want:
        • Refresh—Updates the onscreen statistics.
        • Restart—Clears the SAs, so traffic is dropped until the IKE negotiation starts over and the tunnel is recreated.

    © 2025 Palo Alto Networks, Inc. All rights reserved.