When the user attempts to log in through the firewall's GUI, an 'Authentication failure' error appears. However, the same credentials work successfully when logging in via the CLI or through the console.

Collect the httpsd debug and authd debug to verify that the authentication is successful, commands below:

diagnose debug application httpsd
diagnose debug application authd
diagnose debug enable

To disable:

diagnose debug disable
diagnose debug reset

The issue occurs only when 2FA and a trusted host are configured. When only 2FA is enabled, the user will be able to log in.

To resolve this issue, as a workaround, one option is to disable 2FA for the admin user, and the other option is to remove the trusted host configuration for the admin user.

1. To disable two-factor authentication (2FA) with FortiToken options. This can be done by going to System -> Admin -> Users and disabling the 2FA option for the secondary account.
2. To disable the trusted host option. This can be done by going to System -> Admin -> Users and removing the trusted host configuration.
   
   

Note: This issue is fixed in v7.6.5.