FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sjoshi
Staff
Staff
Article Id 339397
Description

 

This article describes how to fix the 'Entry Not Found' error when selecting a 2FA authentication scheme in FortiGate's ZTNA SaaS-based access proxy configuration

 

Scope

 

FortiGate.

 

Solution

 

The requirement is to set up 2FA when accessing ZTNA SaaS-based applications using radius authentication. On FortiGate, the option to enable 2FA is not visible via GUI but on CLI it can be seen that 2FA is enabled.

 

Capture.PNG

 

config authentication scheme
    edit "radius"
        set method basic
        set require-tfa enable
        set user-database "radius srv"
    next
end

 

When selecting the 'radius' authentication scheme under the authentication rule, the 'Entry not found' error appears. 

 

Capture.PNG

 

When viewing the same configuration from the CLI:

 

config authentication rule
    edit "test"
        set srcintf "port1"
        set srcaddr "all"
    next
end

chameleon-kvm72 (test) # set active-auth-method
<string> please input string value
test scheme

chameleon-kvm72 (test) # set active-auth-method

 

The 'radius' scheme is not listed among the active authentication schemes, which is why attempting to select it from the GUI results in an 'Entry Not Found' error. Regardless of disabling ip-based or enabling web-auth-cookie the issue remains the same.

 

To use 2FA with radius authentication it is necessary to use a form-based method under the authentication scheme and post that the scheme can be selected under the authentication rule.

 

Capture.PNG

 

The 'radius' scheme is available under the list of active-auth-method:

 

config authentication rule
    edit "test"
        set srcintf "port1"
        set srcaddr "all"
    next
end

chameleon-kvm72 (test) # set active-auth-method
<string> please input string value
radius scheme
test scheme

Contributors