Troubleshoot Authentication Issues
When users fail to authenticate to a Palo Alto Networks firewall or Panorama, or the Authentication process takes longer than expected, analyzing authentication-related information can help you determine whether the failure or delay resulted from:
- User behavior—For example, users are locked out after entering the wrong credentials or a high volume of users are simultaneously attempting access.
- System or network issues—For example, an authentication server is inaccessible.
- Configuration issues—For example, the Allow List of an authentication profile doesn’t have all the users it should have.
The following CLI commands display information that can help you troubleshoot these issues:
Display the number of locked user accounts associated with the authentication profile (
auth-profile), authentication sequence (
is-seq), or virtual system (
To unlock users, use the following operational command:
debug authenticationcommand to troubleshoot authentication events.
showoptions to display authentication request statistics and the current debugging level:
connection-debugoptions to enable or disable authentication debugging:
Test the connection and validity of the certificate profile.
Troubleshoot a specific authentication using the
Authentication IDdisplayed in