>
    Refresh a Pre-Shared Key
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Set Up Firewalls
    4. Auto VPN
    5. Refresh a Pre-Shared Key
    Download PDF
    Next-Generation Firewall

    Refresh a Pre-Shared Key

    Table of Contents

    Refresh a Pre-Shared Key

    Refresh the Pre-Shared Key for an Auto VPN cluster on Strata Cloud Manager.
    Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • VM-Series, funded with Software NGFW Credits
    • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
    Auto VPN allows you to configure secure connectivity between your managed firewalls using SD-WAN. Peers in the VPN cluster use a pre-shared key to mutually authenticate each other. To strengthen your security posture, Palo Alto Networks recommends refreshing the pre-shared keys used for authenticating VPN tunnels for existing VPN clusters periodically to ensure your VPN tunnels are not compromised.
    Refreshing the pre-shared key may cause a temporary service disruption. To avoid impact to your business, Palo Alto Networks recommends scheduling a maintenance window to ensure you can resolve and service disruption issues outsides of business hours.
    1. Log in to Strata Cloud Manager.
    2. Configure Auto VPN.
    3. Select ManageConfigurationNGFW and Prisma Access and in the Overview, select the Global configuration scope.
    4. Select Global SettingsAuto VPNVPN Clusters.
    5. Locate the VPN cluster for which you want to refresh the pre-shared key.
    6. In the Pre-Shared Key Generated Data column, click Refresh Key.
      A new Config Push to Redresh the Pre-Shared Key is displayed.
    7. Check Acknowledge the possible service disruption.
      You are prompted that refreshing the pre-shared key may cause a service disruption as the new pre-shared key generates a new security association (SA) for all SD-WAN firewalls in the VPN cluster. You must acknowledge the possibility of a service disruption due to refreshing the pre-shared key to continue.
    8. Push.

    © 2024 Palo Alto Networks, Inc. All rights reserved.