Palo Alto PA5220 is not login after password complexity changes

AadidevArun — Sat, 05 Nov 2022 07:41:42 GMT

We changed the password complexity and history settings on our firewall a couple of days ago.
After committing the changes the local users are not able to login on the firewall.
So we tried to boot into maintenance mode by connecting through a console cable in order to roll back to a older running config.
This did not do anything though, because the users are still not able to login using their old credentials from the time when the running config was saved.
Does rolling back to a saved running config, undo-s the password complexity settings?
Is there a way to import a device state config from the actual maintenance mode without having to reset to factory default and connect from the management interface?

Re: Palo Alto PA5220 is not login after password complexity changes

S.Cantwell — Tue, 08 Nov 2022 14:24:03 GMT

Hello there

When you reverted to a previous configuration, I wanted to make certain that the file was a NAMED snapshot file and not a previous running-configuration.xml file. (To call this file a saved running-configuration file just makes me believe it was not a named file, so please re-confirm my incorrectness in understanding) To answer some questions, reverting to a previously named configuration file does not undo password complexity. I am not aware of how to import a device state during maintenance mode.

When the local users cannot log in, what does your authentication log show? If you changed one person's password, are they able to log in? I am presuming you are refering to end users authentication through the FW, and not the admins trying to attempt authentication to the FW. (TO vs THROUGH) .

topic Palo Alto PA5220 is not login after password complexity changes in General Topics

Palo Alto PA5220 is not login after password complexity changes

Re: Palo Alto PA5220 is not login after password complexity changes