Nominated Discussion: Test Command Does Not Work

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member
No ratings

This Nominated Discussion Article is based on the post "Test command does not work" by @Matlu_NN  and responded to by @TomYoung . Read on to see the discussion and solution.


I have a couple of users created for read mode administration of the Palo Alto Firewall Cluster (they are local users).

When I try to test the Test Authentication Server Connectivity (I follow the documentation to the letter), I am constantly getting the same error when testing with the local users.


Any idea how to solve this, please?

I just want to "prove" to the end users, that the credentials "do work" without problems.



The error message indicates a missing target-vsys.  I don't see you setting the target-vsys in your commands.  Have you followed these steps?


You need to configure the "<vsys-name>"????

I have a Firewalls Cluster, and I do not see anything in the configuration of the equipment that makes me "recognize" if I have configured or not the "vsys".

Is this something that comes active by default or is it something that must be activated????

Working with vsys, can impact on the configuration that has the Cluster of equipment?



The CLI command is not configuring anything on the NGFW, but rather setting the context for your CLI test command.  As the doc says in step 1, "Specify which virtual system contains the authentication profile you want to test. This is only necessary if you are testing an authentication profile that is specific to a single virtual system (that is, you do not need to do this if the authentication profile is shared)."


This command only applies to the current CLI session.



Actually, I don't know what is the correct syntax of the command.
I am applying what I can understand from the shared document, but I always get the same result.




Can you tell me what you think is the error I am having in applying the command?

It is important to mention, that this is a local account created on the Palo Alto Firewall itself.


The correct syntax would be:

set system setting target-vsys vsys1



Rate this article:
  • 270 Subscriptions
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎07-20-2023 10:54 PM
Updated by: