Password expired date doesn't HA sync

Reply
Highlighted
L0 Member

Password expired date doesn't HA sync

Hi I have a problem about Password expired date HA sync.

I have four pair of Paloalto firewall

PA-5020(7.1.8)

PA-3020(7.1.10)

PA-2050(7.1.10)*2

I config password expired in Device->Setup->Management->Minimum Password Complexity->Required Password Change Period

After the first password expired date, I change my password and find out a problem.

The situation like this

1. The password expired

2. I login the Master device, and the Master device force me to change my password.

3.Then I login the Slave device by using the new password. And the Slave Device will force me to change my password AGAIN.

(More worse situation,If you setting "Block Password Change Period" and forgot to change Slave password again,The device will lock you admin account only in the Slave Device....)

 

It look like the password change doing HA sync, but password expired status not doing HA sync.

Is there any solution about this problem?

Highlighted
L7 Applicator

it looks like the password age is not reset on the passive by the sync, you'll want to reach out to support or switch to external authentication so you no longer need to control these locally

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!