01-30-2014 09:57 AM
Has anyone noticed a login issue since upgrading to 6.0.0? It seems inconsistent, but when I log in from the outside interface, I will get the message, "Creating administrative session. Please wait". I will then get returned back to the login prompt. If I VPN in and log in from the inside interface, I will see all my hung login attempts from my outside IP. Seems like a minor issue, but it could take up management CPU resources from an unwary user. This is on a PA-500 running 6.0.0, anyone else have the same issue?
-Johnny
01-30-2014 10:24 AM
Hello Johny,
I would suggest you generate a new certificate through the CLI and update the web-server certificate setting to use it and see if the issue clears?
admin@pan.work> request certificate generate certificate-name NewWebCert name NewWebCert
admin@pan.work> configure
Entering configuration mode
[edit]
admin@pan.work# set deviceconfig system web-server-certificate NewWebCert
[edit]
admin@pan.work# commit
Thanks
02-12-2014 02:57 PM
HULK,
Will this affect the operation of our current certificate? We only use it as a GUI certificate and don't want to have to generate another CSR or get another certificate from our CA. Thanks.
-Johnny
02-12-2014 07:29 PM
Hello,
Are you using any external certificate to access web-browser..?
Thanks
02-14-2014 05:57 PM
We use the GUI certificate to access the firewall externally as well as internally through the web browser.
02-14-2014 06:18 PM
Thanks for your update. The above mentioned command will not affect the operation of your current certificate.
Thanks
02-17-2014 11:57 AM
I am continuing to get this problem when I log in to the firewall after re-generating the certificate when I log in with the fqdn. When I log in through the IP address it works fine. Any ideas?
02-17-2014 12:42 PM
I log in to a PA-200 using the FQDN almost daily from a remote location and have not seen this issue. I am using a public CA (godaddy) for that certificate, and it was the same cert used when I was running 5.0.10.
A couple things you might try:
1. Check the authd.log file to see if there is anything relating to the login there:
> less mp-log authd.log {hit Shift+G to go to the bottom of the log, navigation is the same as linux 'less' or VIM}
2. Turn on authd debug and check the above log again after attempting a login
> debug authd on debug {disable it afterwards with 'debug authd on info'}
3. If the auth is successful as I suspect, you may be experiencing an issue with the PHP that the GUI web server is using. There's an article on getting a PHP debug log from the GUI, though it may be difficult if you can't get in to begin with. Still, may be worth a shot:
How to Run a PAN-OS Web UI Debug
Hope this helps!
Greg
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
