>
    INC_GLOBALPROTECT_PORTAL_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_PER_PA_LOCATION
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Incidents and Alerts Reference Guide
    4. AI-Powered ADEM Incidents
    5. INC_GLOBALPROTECT_PORTAL_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_PER_PA_LOCATION
    Download PDF
    Prisma Access

    INC_GLOBALPROTECT_PORTAL_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_PER_PA_LOCATION

    Table of Contents

    INC_GLOBALPROTECT_PORTAL_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_PER_PA_LOCATION

    Learn about the INC_GLOBALPROTECT_PORTAL_AUTH_TIMEOUT_FAILURES_COUNT_EXCEEDED_ABOVE_BASELINE_ PER_PA_LOCATION incident.

    Synopsis

    Portal authentication timeout failures are higher than twice the baseline for location <location-name>.
    Incident Codeā€”INC_GLOBALPROTECT_PORTAL_AUTH_TIMEOUT_FAILURES_COUNT_EXCEEDED_ABOVE_BASELINE_ PER_PA_LOCATION

    Required License

    AI-Powered ADEM

    Details

    Description
    Raise condition
    The incident is raised for a location when the average authentication timeouts are more than twice the baseline for 45 minutes.
    Clear condition
    The incident is cleared for a location when the average authentication timeouts are less than twice the baseline for 45 minutes.

    Correlated Alerts

    • AL_GLOBALPROTECT_GW_USER_AUTH_SUCCESS_COUNT_DROPPED_BELOW_BASELINE_PER_ PA_LOCATION
    • AL_GLOBALPROTECT_GW_USER_AUTH_TIMEOUT_FAILURES_COUNT_EXCEEDED_ABOVE_ BASELINE_PER_PA_LOCATION
    • AL_GLOBALPROTECT_USER_COUNT_DROPPED_BELOW_BASELINE_ACROSS_PER_PA_LOCATION

    Remediation

    Check your authentication service availability on those services.
    • For on-premise authentication services (such as LDAP, Radius, or Kerberos), you can review audit logs for incoming user requests or login errors. If there is a lapse in incoming requests, take packet captures on the relevant network path.
    • For public authentication services (such as SAML or cloud LDAP or Radius services), review audit logs provided by your authentication service. If there is a lapse in incoming requests, check with your authentication provider for any ongoing outages.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.