Palo Alto acknowledge login banner

Unimus support forum
Post Reply
bboy8012
Posts: 1
Joined: Mon Mar 28, 2022 8:13 pm

Sun Apr 24, 2022 4:43 pm

Hi All,

Having a little issue with Unimus being able to login into my PAN firewalls because I have the login banner that needs to be accepted. I have Googled around and have not found anything. Can anyone provide a link or some guidance on how to get Unimus to be able to log in? Thanks
Vik@Unimus
Posts: 158
Joined: Thu Aug 05, 2021 6:35 pm

Tue Jul 26, 2022 6:30 pm

Hello,

Apologies for a late reply. The issue regarding this specific banner and the aforementioned need to acknowledge it via the "Force admins to acknowledge this banner" the in PAN OS, is a known issue. When this was reported to us a little while ago we did some remote troubleshooting, but it hasn't provide enough information as even though it seems like a trivial thing, it turned out to be more complex, so we need to troubleshoot on a physical device in our lab directly.
We got one PA router previously, but that device turned out to have some issues and ultimately stopped working, but we have currently another device on its way.

For now, the workaround is simple - having a banner is fine, but for the time being it will work only with "Force admins to acknowledge this banner" option disabled.

I have just added this thread to our internal ticket so when we have updates to share, I will update this thread.
dhammel
Posts: 1
Joined: Wed Nov 23, 2022 7:34 pm

Wed Nov 23, 2022 7:42 pm

Hello,

Just came accross this post - obviously this is not a acceptable workaround. Our firewall admins have force enabled this banner for a reason ofcourse. When working on firewalls accountability is top priority and as such all engineers working on our firewalls have to READ AND ACKNOWLEDGE the banner for auditing and (legal) accountability reasons. I do agree that this banner (on the Palo Alto side) should be enabled on a per user basis, but it isn't.

The login simply asks for 'yes' to be entere to continue - shouldn't be that hard to incorporate this in Unimus?

The firewall simply writes the following question:

Do you accept and acknowledge the statement above ? (yes/no) :

Unimus could treat this as enable password or as extra feature on the credentials page... Please expedite this feature!

Rgds

David Hammel (a paying unimus user)
Vik@Unimus
Posts: 158
Joined: Thu Aug 05, 2021 6:35 pm

Thu Nov 24, 2022 2:31 pm

Hello,

Actually, our team has already finished works on this last week and the support for the forced acknowledgement will be rolled out, starting with the upcoming release of 2.3.0-Beta1 (and onward, of course). As soon as that happens, I will update this thread.
Post Reply