Troubleshoot Authentication Issues
When users fail to authenticate to a Palo Alto Networks
firewall or Panorama, or the Authentication process
takes longer than expected, analyzing authentication-related information
can help you determine whether the failure or delay resulted from:
- User behavior—For example, users are locked out after entering the wrong credentials or a high volume of users are simultaneously attempting access.
- System or network issues—For example, an authentication server is inaccessible.
- Configuration issues—For example, the Allow List of an authentication profile doesn’t have all the users it should have.
The following CLI commands display information that can help
you troubleshoot these issues:
Task | Command |
---|---|
Display the number of locked user accounts
associated with the authentication profile ( auth-profile ), authentication
sequence (is-seq ), or virtual system (vsys ).To unlock users, use the following operational
command:
|
|
Use the debug authentication command
to troubleshoot authentication events.Use the show options
to display authentication request statistics and the current debugging level:
Use the connection-debug options
to enable or disable authentication debugging:
|
|
Test the connection and validity
of the certificate profile. |
|
Troubleshoot a specific authentication using
the Authentication ID displayed in Monitor Logs Authentication |
|
Recommended For You
Recommended Videos
Recommended videos not found.