Hi, I've just migrate from PAN OS 5.0.10 to 6.0.7 and GlobalProtect users have got problems with login. They had the password saved on their GP agent, but connection was refused and users were blocked due to intensive login attempts. We're using local users. It seems like users who couln't login are those with same string as user and password. Is there any addressed issue related? I haven't found anything analogous.
Check the settings in the following dialog box:
Device tab --- Setup ---Management tab --- Minimum Password Complexity box
Remove the check from "Block user name inclusion" to allow the users to connect.
But you already know you should consider just having them change passwords rather than allow this. You could then require password change and deny password reuse to get them back online. and after everyone is changed re-enable the feature.
Well, there is really no other place to set this up. So if this is off there is probably a bug that is using the default settings for password complexity.
I would turn it on and setup the features you need to allow the passwords to work.
If you want to get the bug identified and added to the bug database you could open a ticket with support as well so they can collect the data to pass on to programing.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!