Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
caunon
Staff
Staff

Created on ‎11-27-2024 06:24 AM

Article Id 360271

Troubleshooting Tip: Authentication Failed with msg="User XXX failed in authentication" with Group 'N/A' when using Device(MAC Address) with any authentication group

Description

This article describes how to fix and to avoid the issue when using Device (MAC Address) with any authentication group in Firewall Policy.
Scope

FortiGate  v6.4.x ,v7.2.x
Solution

 

  1. Create a firewall policy with a Device (MAC Address) with any authentication group as below.

 

 

  1. Go to Policy & Objects -> Addresses -> Create New and supply the following details:

 

 

  • Name: testD1
  • Type: Device (MAC Address)
  • MAC Address: 00:4C:6F:74:3B:01
  • Interface: any
  • Select OK.

 

     

1.png

 

 

  1. Go to User & Authentication -> User Definition -> Create New and supply the following parameters:

 

 

  • Username: user1
  • User Type: Local User
  • Password: •••••
  • Select OK.

 

2.png

 

  1. Go to User & Authentication -> User Groups -> Create New.

 

  • Name: Grp1
  • Members: user1
  • Select OK.

  

3.png

 

 

  1. Go to Policy & Objects -> Firewall Policy -> Create New and supply the following parameters with the Device (MAC Address) from step 1 and the Group Grp1 from step 2.

 

  • Source: Address: testD1
  • User: Grp1
  • Security Profiles:
    • AV: default
    • IPS: default
    • SSL: certificate-inspection
  • Select OK.

  

4.png

 

 

  1. Use a testing PC to access the internet. An 'Authentication Required' page will appear, requesting Username and Password to login.
    Enter the username and password of the local user from Step 1.i, then select Continue.
    An 'Authentication Failed' message will appear:

 

 

5.png

 

6.png

  1. Go to Log & Report -> System Events -> Logs -> DropDownList on the top right. Select User Events.

    It will show the following:

 

Message : User user1 failed in authentication

Group : N/A

 

7.png

  1. Show the raw log:

 

date=2024-11-27 time=02:46:20 eventtime=1732646780255110072 tz="+0800" logid="0102043009" type="event" subtype="user" level="notice" vd="root" logdesc="Authentication failed" srcip=10.10.2.193 dstip=10.10.4.199 policyid=1 interface="port5" user="user1" group="N/A" authproto="HTTP(10.10.2.193)" action="authentication" status="failure" reason="N/A" msg="User user1 failed in authentication"

 

To fix:

 

  1. It is necessary to upgrade FortiGate firmware version to be v7.4.1 and above.

  2. After upgrading FortiGate firmware version to be v7.4.1 and above, use the testing PC to access the internet. It will show an 'Authentication Required' page with a prompt to enter the Username and Password to login.
    Enter the username and password of the local user from Step 1.ii, then select Continue. It will be able to access to the internet after that.

 

8.png

9.png

10.png

  1. Go to Log & Report -> System Events -> Logs -> DropDownList on the top right. Select User Events.

    The following will be shown:

 

Message : User user1 added to auth logon

 

11.png

 

  1. Show the raw log with:

date=2024-11-27 time=03:24:58 eventtime=1732649097899486935 tz="+0800" logid="0102043039" type="event" subtype="user" level="notice" vd="root" logdesc="Authentication logon" srcip=10.10.2.193 user="user1" authserver="N/A" action="auth-logon" status="logon" msg="User user1 added to auth logon"

 
1499
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.