"Withdraw Static Routes if Service Connection or Remote Networks IPSec tunnel is down" setting causes all tunnels to go down.

"Withdraw Static Routes if Service Connection or Remote Networks IPSec tunnel is down" setting causes all tunnels to go down.

489
Created On 04/23/25 06:35 AM - Last Modified 10/29/25 21:44 PM


Symptom


  • Withdraw Static Routes if Service Connection or Remote Networks IPSec tunnel is down" setting is modified/configured.
  • During Commit and push, all Service Connections and Remote Networks tunnels go down..

Environment


  • Prisma Access(SASE)
  • Commit(Configuration push)
  • Service Connections

Cause


  • "Withdraw Static Routes if Service Connection or Remote Networks IPSec tunnel is down" setting involves changing in all Service Connection and Remote Networks ipsec tunnels.
  • When the config change occurs, IPSec key delete is initiated.
  • This causes all the tunnels to to go down temporarily.

Resolution


  1. The tunnel down events are expected.
  2. Tunnel Re-negotiation will bring the tunnels up.
  3. A maintenance window is recommended to make this configuration change to avoid tunnel flapping.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000XZL0KAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail