Curious why you want to shutdown a tunnel interface. This is a logical interface and not really tied to a physical interface as such. What are you trying to accomplish by shutting down tunnel interface?
Having said that, you can enable tunnel monitoring as that can basically disable the tunnel interface if the VPN is down to influence routing protocols. Is that what you are trying to do?
Many reasons, but I'll give the two, which I'm using it for right now. First, is a VPN between client(s) and myself. I don't want to leave it up at all times, just bring it up when needed. This will relieve routing conflicts between overlapping schemes among different clients and myself. Second, we moved from an old VPN between a Cisco (remote device) on one side and PA on the other to a complete Palo Alto solution. I want to avoid any chance of traffic routing over the old VPN and the only way to ensure this is to disable it, but PA doesn't allow an admin down state like Cisco does, BTW, why is that? SOP to leave the old infra in place until the new is proven good and stable. If a problem arises, simply fall back to the old VPN.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!