USG Flex 500H Passive device HA mode MFA error

Mk88_it

Hello,

We have enabled MFA for the admin user.

When the Passive device becomes active we cannot access the gui because the MFA is not working.

When the Primary device returns active, we can access the gui normally.

Tried with firmware 1.32 ga and 132ABZH0ITS-0423-250300903

Thank you

Zyxel_James

@Mk88_it

I can't reproduce this behavoir in my lab, I wonder if the sync is not completed for 2fa google auth config
Please try this step

1. remove and re-create the admin account again, then enable 2FA for this admin account.
2. input CLI to active firewall: cmd device-ha force-sync 2fa-google-auth

If still no work, please collect the information of this CLI: show state vrf main device-ha _debug sync-info

Dylan96

@Zyxel_James any updates on this issue?

Mk88_it

@Zyxel_Melen @Zyxel_Judy Please help us😉

Zyxel_James

@Mk88_it

I can't reproduce this behavoir in my lab, I wonder if the sync is not completed for 2fa google auth config
Please try this step

1. remove and re-create the admin account again, then enable 2FA for this admin account.
2. input CLI to active firewall: cmd device-ha force-sync 2fa-google-auth

If still no work, please collect the information of this CLI: show state vrf main device-ha _debug sync-info

Mk88_it

Hello @Zyxel_James I can confirm that your workaround solved the problem.

Just a note: since it's not possible to remove the built-in admin account, so I just revoked the 2FA codes for that account, recreated it and finally I ran the cli input as you wrote.