Login to Firewall using GUI or CLI not working after changing the password complexity settings

Login to Firewall using GUI or CLI not working after changing the password complexity settings

10555
Created On 05/24/24 08:16 AM - Last Modified 06/06/24 02:42 AM


Symptom


Not able to access firewall via CLI / GUI after changing the password complexity setting.

Environment


  • Palo Alto Firewall
  • Supported PAN-OS

Cause


  • Required Password Change Period (days) changed from default value of "0" to a "specified" value.
  • If the configured users password is older then the "specified" value, then they will be locked out.
Example:
  • User1 is configured and working correctly, lets say 90 days.
  • Admin user changed the password complexity "Required password change period" to 30 days.
  • Since User1 password is not changed for past 90 days (which is greater than 30 days), he is now locked out.
  • The firewall will consider the password has expired due to Required Password Change Period setting.
  • The value of "0" is default setting which means the password never expires.
image.png

Resolution


  • If the admin user is not locked out (password complexity met), they can change the password of other users.
  • If all the users are locked out, follow the procedure below.

Panorama managed Firewall:
  1. Context Switch from Panorama to Firewall management
  2. On the Firewall GUI, change the password using GUI: Device >Administrators >Click on username and change the password.
image.png

Locally managed Firewall:
  1. If the Firewall (or Panorama) is managed locally factory reset is needed to to recover.
  2. Follow How to Reset the Administrator Password to recover the Firewall.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000010z0CCAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language