Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Focus

Next-Generation Firewall

Authentication failures detected

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Approaching Max Capacity - System Throughput

Card Failure: Card start timeout - Max restarts attempted

Authentication failures detected

Incident Code	INC_NGFW_AUTH_FAILURES
Severity	Warning
Category	Network Services
Subcategory	Authentication
Description	This incident is triggered when the number of authentication failures suddenly spikes. The failures are associated with connection issues to authentication servers or services such as LDAP, RADIUS, TACACS, Kerberos, SAML, etc.
Raise Condition	When we see an anomalous rise in Authentication failures from its average baseline for more than 4 hours.
Clear Condition	When we do not see anomalous rise in Authentication failures from its average baseline for more than 4 hours.
Probable Root Cause Incident	"INC_NGFW_AUTH_SAML_IDP_CERT_SIGN_FAILURES", "INC_NGFW_AUTH_SAML_IDP_CERT_UNKNOWN_SIGNER", "INC_NGFW_AUTH_SAML_USER_MISMATCH", "INC_NGFW_CLIENT_OOB_SAML_MESSAGE", "INC_NGFW_CLOUD_AUTH_FAIL_VALIDATE_OPAQUE", "INC_NGFW_EDL_CERT_AUTH_FAIL", "INC_NGFW_LDAP_SERVER_CONNECTION_FAILURE", "INC_NGFW_LOCK_WITHOUT_PID", "INC_NGFW_POST_EXPIRATION_ACCESS_SETTINGS_NOT_CONFIGURED", "INC_NGFW_SAML_AUTHN_REQUEST_CERT_EXPIRED", "INC_NGFW_SAML_ERROR_MAX_CLOCK_SKEW", "INC_NGFW_SAML_IDP_MSG_NO_ASSERTION", "INC_NGFW_SAML_IDP_MSG_NO_SIGNATURE", "INC_NGFW_SAML_SSO_FAIL_USER_NOT_IN_ALLOWLIST", "INC_NGFW_UID_LDAP_CONNECT_FAIL_ACCESS_DENIED"

Approaching Max Capacity - System Throughput

Card Failure: Card start timeout - Max restarts attempted