In the world of data encryption, no key is considered secure for eternity. Given a period of time or given enough data, an attacker might be able to compromise the encrypted key. Secure transport supports the configuration of a rekey interval (time based) or rekey data size (volume based). By default the SCC has a rekey interval of 3600 seconds or 1 hour. However, for higher speed links a rekey can be triggered by the total amount of data transacted by the group, which is by default 4 TB. You can adjust these values by choosing Manage > Services: Secure Transport.

The rekey operation is performed without incurring a period of packet loss. Each SteelHead in the group is given a new encryption key by the controller. As each appliance in the group has the new encryption key, it uses the new key to perform path monitoring. After each group member on a path is using the new key for path monitoring, the SteelHeads switch to the new key.