topic GP Portal logs showing local password guessing attempts even though I'm using Azure IdP. Should I be concerned? in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-portal-logs-showing-local-password-guessing-attempts-even/m-p/582665#M5221 <P>I have our portal set up to use Azure for logon, and it's been working great. Lately I'm seeing many of these attempts in the system logs:</P> <P>&nbsp;</P> <P>1. saml-client-redirect, "Client '95.164.0.25' redirected to '<A href="https://login.microsoftonline.com/xxxxxxxxx/saml2" target="_blank" rel="noopener">https://login.microsoftonline.com/xxxxxxxxx/saml2</A>' for authentication profile "Azure"</P> <P>2. auth-fail, Failed authentication for user 'lakiesha'. Reason: Internal error, e.g. network connection, DNS failure or remote server down. auth profile 'Azure', vsys 'vsys1', From: 95.164.0.25</P> <P>&nbsp;</P> <P>It looks like it's sending them to Azure, but then returning to the firewall again and trying to login as a local user. But why is there a internal error/DNS failure error message?</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 04 Apr 2024 15:56:33 GMT Maxstr 2024-04-04T15:56:33Z GP Portal logs showing local password guessing attempts even though I'm using Azure IdP. Should I be concerned? https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-portal-logs-showing-local-password-guessing-attempts-even/m-p/582665#M5221 <P>I have our portal set up to use Azure for logon, and it's been working great. Lately I'm seeing many of these attempts in the system logs:</P> <P>&nbsp;</P> <P>1. saml-client-redirect, "Client '95.164.0.25' redirected to '<A href="https://login.microsoftonline.com/xxxxxxxxx/saml2" target="_blank" rel="noopener">https://login.microsoftonline.com/xxxxxxxxx/saml2</A>' for authentication profile "Azure"</P> <P>2. auth-fail, Failed authentication for user 'lakiesha'. Reason: Internal error, e.g. network connection, DNS failure or remote server down. auth profile 'Azure', vsys 'vsys1', From: 95.164.0.25</P> <P>&nbsp;</P> <P>It looks like it's sending them to Azure, but then returning to the firewall again and trying to login as a local user. But why is there a internal error/DNS failure error message?</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 04 Apr 2024 15:56:33 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-portal-logs-showing-local-password-guessing-attempts-even/m-p/582665#M5221 Maxstr 2024-04-04T15:56:33Z