Can’t login Palo Alto Firewall because MFA doesn’t work

In a case, you can’t login PA firewall because the MFA doesn’t work. What can you do or how do you disable MFA?

Resolution 1: Disable or change Authentication Profile on PA Firewall

  1. Login PA Firewall from a back door (a local user without MFA enabled account).
  2. Go to DEVICE>Administration. Disable or change the Authentication Profile?

 

Resolution 2:  Disable MFA (multi-factor authentication) and 2FA (two-factor authentication) on your security app or access tools

In this post we use DUO as example.

  1. Login duo.com
  2. Click Users on the left pane.

3.  Click on the user who has a problem to login PA firewall.

4. Switch from Active to Bypass.

5. Click Save Change. Now, try to login again.

 

Published by

Bob Lin

Bob Lin, Chicagotech-MVP, MCSE & CNE Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com

Leave a Reply