Network Security
Enable, Disable, Refresh, or Restart an IKE Gateway or IPSec Tunnel
Table of Contents
Expand All
|
Collapse All
Network Security Docs
-
- Security Policy
-
- Security Profile Groups
- Security Profile: AI Security
- Security Profile: WildFire® Analysis
- Security Profile: Antivirus
- Security Profile: Vulnerability Protection
- Security Profile: Anti-Spyware
- Security Profile: DNS Security
- Security Profile: DoS Protection Profile
- Security Profile: File Blocking
- Security Profile: URL Filtering
- Security Profile: Data Filtering
- Security Profile: Zone Protection
-
- Policy Object: Address Groups
- Policy Object: Regions
- Policy Object: Traffic Objects
- Policy Object: Applications
- Policy Object: Application Groups
- Policy Object: Application Filter
- Policy Object: Services
- Policy Object: Auto-Tag Actions
- Policy Object: Devices
-
- Uses for External Dynamic Lists in Policy
- Formatting Guidelines for an External Dynamic List
- Built-in External Dynamic Lists
- Configure Your Environment to Access an External Dynamic List
- Configure your Environment to Access an External Dynamic List from the EDL Hosting Service
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Policy Object: HIP Objects
- Policy Object: Schedules
- Policy Object: Quarantine Device Lists
- Policy Object: Dynamic User Groups
- Policy Object: Custom Objects
- Policy Object: Log Forwarding
- Policy Object: Authentication
- Policy Object: Decryption Profile
- Policy Object: Packet Broker Profile
-
-
-
- The Quantum Computing Threat
- How RFC 8784 Resists Quantum Computing Threats
- How RFC 9242 and RFC 9370 Resist Quantum Computing Threats
- Support for Post-Quantum Features
- Post-Quantum Migration Planning and Preparation
- Best Practices for Resisting Post-Quantum Attacks
- Learn More About Post-Quantum Security
-
-
-
- Investigate Reasons for Decryption Failure
- Identify Weak Protocols and Cipher Suites
- Troubleshoot Version Errors
- Troubleshoot Unsupported Cipher Suites
- Identify Untrusted CA Certificates
- Repair Incomplete Certificate Chains
- Troubleshoot Pinned Certificates
- Troubleshoot Expired Certificates
- Troubleshoot Revoked Certificates
Enable, Disable, Refresh, or Restart an IKE Gateway or IPSec Tunnel
Where Can I Use This? | What Do I Need? |
---|---|
| No license required |
Enable or Disable an IKE Gateway or IPSec Tunnel
- Enable or disable an IKE gateway.
- Select NetworkNetwork ProfilesIKE Gateways and select the gateway you want to enable or disable.
- At the bottom of the screen, click Enable or Disable.
- Enable or disable an IPSec tunnel.
- Select NetworkIPSec Tunnels and select the tunnel you want to enable or disable.
- At the bottom of the screen, click Enable or Disable.
Refresh or Restart an IKE Gateway or IPSec Tunnel
You can refresh or restart an IKE gateway or IPSec tunnel. The refresh and
restart behaviors for an IKE gateway and IPSec tunnel are as follows:
Phase
|
Refresh
|
Restart
|
---|---|---|
IKE Gateway (IKE Phase 1)
|
Updates the onscreen statistics for the selected IKE
gateway.
Equivalent to issuing a second show command
in the CLI (after an initial show
command).
|
Restarts the selected IKE gateway.
IKEv2: Also restarts any associated child IPSec
security associations (SAs).
IKEv1: Doesn’t restart the associated IPSec SAs.
A restart is disruptive to all existing sessions.
Equivalent to issuing a clear,
test, show
command sequence in the CLI.
|
IPSec Tunnel (IKE Phase 2)
|
Updates the onscreen statistics for the selected IPSec
tunnel.
Equivalent to issuing a second show command
in the CLI (after an initial show
command).
|
Restarts the IPSec tunnel.
A restart is disruptive to all existing sessions.
Equivalent to issuing a clear,
test, show
command sequence in the CLI.
|
Keep in mind that the result of restarting an IKE gateway depends on whether its
IKEv1 or IKEv2.
- Refresh or restart an IKE gateway.
- Select NetworkIPSec Tunnels and select the tunnel for the gateway you want to refresh or restart.
- In the row for that tunnel, under the Status column, click IKE Info.
- At the bottom of the IKE Info screen, click the action you want:
- Refresh—Updates the statistics on the screen.
- Restart—Clears the SAs, so traffic is dropped until the IKE negotiation starts over and the tunnel is recreated.
- Refresh or restart an IPSec tunnel.You might determine that the tunnel needs to be refreshed or restarted because you use the tunnel monitor to monitor the tunnel status, or you use an external network monitor to monitor network connectivity through the IPSec tunnel.
- Select NetworkIPSec Tunnels and select the tunnel you want to refresh or restart.
- In the row for that tunnel, under the Status column, click Tunnel Info.
- At the bottom of the Tunnel Info screen, click the action you want:
- Refresh—Updates the onscreen statistics.
- Restart—Clears the SAs, so traffic is dropped until the IKE negotiation starts over and the tunnel is recreated.