Password expired date doesn't HA sync

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Password expired date doesn't HA sync

L0 Member

Hi I have a problem about Password expired date HA sync.

I have four pair of Paloalto firewall

PA-5020(7.1.8)

PA-3020(7.1.10)

PA-2050(7.1.10)*2

I config password expired in Device->Setup->Management->Minimum Password Complexity->Required Password Change Period

After the first password expired date, I change my password and find out a problem.

The situation like this

1. The password expired

2. I login the Master device, and the Master device force me to change my password.

3.Then I login the Slave device by using the new password. And the Slave Device will force me to change my password AGAIN.

(More worse situation,If you setting "Block Password Change Period" and forgot to change Slave password again,The device will lock you admin account only in the Slave Device....)

 

It look like the password change doing HA sync, but password expired status not doing HA sync.

Is there any solution about this problem?

1 REPLY 1

Cyber Elite
Cyber Elite

it looks like the password age is not reset on the passive by the sync, you'll want to reach out to support or switch to external authentication so you no longer need to control these locally

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1907 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!