SSL VPN tunnel mode is enabled in the firewall and the radius users are imported to the FortiGate.

It is necessary to make sure the actual RADIUS user name and the user imported in the FortiGate are the same. If not, a ' credential or ssl vpn configuration is wrong (-7200)' error will be received.

Check the below-mentioned output.

config user local
    edit "test"   <- Name of the user in firewall.
        set status enable
        set type radius

Since the username in the firewall and radius is the same authentication is successful and two factors worked.

Post entering the Token. It worked.

By mistake, if the radius user is saved with a different user name then VPN will not work.

config user local
    edit "Test"  <- The name from test to Test has been changed.
        set status enable
        set type radius

Trying to connect the VPN but it is not working.

It is because of the case sensitive, and post making the below mentioned changes the VPN is connected.

Note:

This option is only available when two-factor authentication is enabled for the user.

config user local
    edit "Test"
        set status enable
        set type radius
        set username-case-sensitivity <- To disable it, use 'set username-case-sensitivity disable'.
end

Note:

As of FortiOS 7.0.1 and above, the syntax of the command has been changed to 'username-sensitivity'.