This article describes how to fix the 'Entry Not Found' error when selecting a 2FA authentication scheme in FortiGate's ZTNA SaaS-based access proxy configuration
FortiGate.
The requirement is to set up 2FA when accessing ZTNA SaaS-based applications using radius authentication. On FortiGate, the option to enable 2FA is not visible via GUI but on CLI it can be seen that 2FA is enabled.
config authentication scheme
edit "radius"
set method basic
set require-tfa enable
set user-database "radius srv"
next
end
When selecting the 'radius' authentication scheme under the authentication rule, the 'Entry not found' error appears.
When viewing the same configuration from the CLI:
config authentication rule
edit "test"
set srcintf "port1"
set srcaddr "all"
next
end
chameleon-kvm72 (test) # set active-auth-method
<string> please input string value
test scheme
chameleon-kvm72 (test) # set active-auth-method
The 'radius' scheme is not listed among the active authentication schemes, which is why attempting to select it from the GUI results in an 'Entry Not Found' error. Regardless of disabling ip-based or enabling web-auth-cookie the issue remains the same.
To use 2FA with radius authentication it is necessary to use a form-based method under the authentication scheme and post that the scheme can be selected under the authentication rule.
The 'radius' scheme is available under the list of active-auth-method:
config authentication rule
edit "test"
set srcintf "port1"
set srcaddr "all"
next
end
chameleon-kvm72 (test) # set active-auth-method
<string> please input string value
radius scheme
test scheme
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.