Panorama scheduled config-export failure with 20 character SCP password.

L0 Member

Panorama scheduled config-export failure with 20 character SCP password.

I noticed my Scheduled config-export backups were not working.  At some point they were working file.  Upon Further troubleshooting I found that the Panorama scheduled config export was failing because the password was 20 characters long.  Upon changing to a 15 character password for the account the exports were successful. This appears to be an undocumented bug where this is a very short limit to the length of password usable by Panorama.

 

Tags (2)
L7 Applicator

Re: Panorama scheduled config-export failure with 20 character SCP password.

@ECPP,

It would be helpful when reporting a possible issue if the Panorama version number was presented :)

 

*Edit*

This actually looks to be expected. 

Cause
When the Palo Alto Networks firewall tries to connect to the SCP server, it encrypts the password and the data can be at most 63 characters. This value doesn't reflect the actual number of characters in unencrypted form entered in the password field.

 

The maximum length of the password is 15. If the password exceeds 15 characters, then the test SCP connection will throw the error.

 

Resolution
Reduce the length of the password to 15 or less.

 https://live.paloaltonetworks.com/t5/Management-Articles/Password-limit-for-Scheduled-config-Export/...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!