Troubleshoot Authentication Issues
When users fail to authenticate to a Palo Alto Networks firewall or Panorama, or the Authentication process takes longer than expected, analyzing authentication-related information can help you determine whether the failure or delay resulted from:
- User behavior—For example, users are locked out after entering the wrong credentials or a high volume of users are simultaneously attempting access.
- System or network issues—For example, an authentication server is inaccessible.
- Configuration issues—For example, the Allow List of an authentication profile doesn’t have all the users it should have.
The following CLI commands display information that can help you troubleshoot these issues:
Display the number of locked user accounts associated with the authentication profile (
auth-profile), authentication sequence (
is-seq), or virtual system (
To unlock users, use the following operational command:
debug authenticationcommand to troubleshoot authentication events.
showoptions to display authentication request statistics and the current debugging level:
connection-debugoptions to enable or disable authentication debugging:
Configure an Authentication Profile
Authentication Profile Device > Authentication Profile Select Device Authentication Profile or Panorama Authentication Profile to manage authentication profiles. To create a new profile, Add one ...
Authentication Logs Authentication logs display information about authentication events that occur when end users try to access network resources for which access is controlled by ...
Test Authentication Server Connectivity
Test Authentication Server Connectivity The test authentication feature enables you to verify whether the firewall or Panorama can communicate with the authentication server specified in ...
Objects > Authentication
Objects > Authentication An authentication enforcement object specifies the method and service to use for authenticating end users who access your network resources. You assign ...
Using the GlobalProtect Agent
Using the GlobalProtect Agent The tabs in the GlobalProtect agent contain useful information about status and settings and provide information to assist in troubleshooting connection ...
Authentication Authentication is a method for protecting services and applications by verifying the identities of users so that only legitimate users have access. Several firewall ...
Log Collector CLI Authentication Settings
Log Collector CLI Authentication Settings Panorama > Managed Collectors > Authentication An M-Series appliance in Log Collector mode (Dedicated Log Collector) has no web interface, ...
Device > User Identification > Captive Portal Settings
Device > User Identification > Captive Portal Settings Edit ( ) the Captive Portal Settings to configure the firewall to authenticate users whose traffic matches ...