TACACS+ authentication always sets the local firewall IP as the remote address.

TACACS+ authentication always sets the local firewall IP as the remote address.

1996
Created On 10/31/22 03:39 AM - Last Modified 02/19/25 22:53 PM


Symptom


  • TACACS+ should use the IP address of the end devices authenticating as the remote address.
  • Here we can see Network device IP of firewall reflecting under remote address instead of remote user IP.
02358213.png

Environment


  • Palo Alto Firewalls
  • PAN-OS 9.0, 9.1, 10.0 and 10.1
  • TACACS+

Cause


Firewall sends the "rem_addr" field  as the IP address of the firewall.

Resolution


  1. The issue is fixed under PAN-173179 in PAN-OS 10.1.5.
  2. Upgrading to the Fixed code or higher versions will resolve the issue.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kEu6CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language