Firewall Access issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firewall Access issue

L3 Networker

Hi Team,

The user is having issues logging in to the firewall. Please find below a screenshot and suggest how we should troubleshoot. Under the system log, I see authentication success, but the user is not able to login.

 

shirishkulkarni_0-1708412549709.png

 

4 REPLIES 4

Community Team Member

Hi @shirishkulkarni ,

 

Are you by chance running into bug-issue PAN-171300 ?

When logging on to the firewall using "admin" account/"non-default" password, the Password Change Required page pops up.

 

Are you running an earlier PAN-OS version perhaps ?

PAN-171300 was fixed in 11.0.0, 10.2.4, 10.1.0, 9.1.16

 

Hope this helps,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

We are running VM-300 firewall and version is 10.1.6, we observe this issue face by single user, rest users dont have this issue.

Cyber Elite
Cyber Elite

@shirishkulkarni,

If you're using external authentication for an admin login, have you tried having them simply change the password of that account outside of the firewall? Sounds like your external authentication is telling the firewall your password needs to be changed and the firewall is attempting to allow you to do that, however it's not configured in a way that actually allows that to function.

This explains why you're seeing the successful authentication in the logs, because the user is authenticating successfully. Similar to how it would work on Windows however, if you're password needs to be changed and you can't proceed through that prompt for any reason it won't actually give the user access. 

He is using LDAP authentication to access the firewall; other colleagues don't have any issues; he changed his password on AD, but the issue still persists.

  • 1044 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!