USG Flex 500H Passive device HA mode MFA error

Mk88_it · May 15

Hello,

We have enabled MFA for the admin user.

When the Passive device becomes active we cannot access the gui because the MFA is not working.

When the Primary device returns active, we can access the gui normally.

Tried with firmware 1.32 ga and 132ABZH0ITS-0423-250300903

Thank you

Zyxel_James · May 22

@Mk88_it

I can't reproduce this behavoir in my lab, I wonder if the sync is not completed for 2fa google auth config
Please try this step

remove and re-create the admin account again, then enable 2FA for this admin account.
input CLI to active firewall: cmd device-ha force-sync 2fa-google-auth

If still no work, please collect the information of this CLI: show state vrf main device-ha _debug sync-info

Dylan96 · May 20

@Zyxel_James any updates on this issue?

Mk88_it · May 21

@Zyxel_Melen @Zyxel_Judy Please help us😉

Zyxel_James · May 22

@Mk88_it

I can't reproduce this behavoir in my lab, I wonder if the sync is not completed for 2fa google auth config
Please try this step

remove and re-create the admin account again, then enable 2FA for this admin account.
input CLI to active firewall: cmd device-ha force-sync 2fa-google-auth

If still no work, please collect the information of this CLI: show state vrf main device-ha _debug sync-info

Mk88_it · May 28

Hello @Zyxel_James I can confirm that your workaround solved the problem.

Just a note: since it's not possible to remove the built-in admin account, so I just revoked the 2FA codes for that account, recreated it and finally I ran the cli input as you wrote.

USG Flex 500H Passive device HA mode MFA error

Accepted Solution

All Replies

Categories

Security Help Center