![]() ![]() This Duo proxy server will receive incoming RADIUS requests from your RADIUS device, contact your existing local LDAP/AD or RADIUS server to perform primary authentication if necessary, and then contact Duo's cloud service for secondary authentication. To integrate Duo with your RADIUS device, you will need to install a local Duo proxy service on a machine within your network. You should already have a working primary authentication configuration for your RADIUS device users before you begin to deploy Duo. You'll need to pre-enroll your users in Duo using one of our available methods before they can log in using this configuration. See the Duo Authentication Proxy - Configuration Reference Guide for all available configuration modes and options.īefore moving on to the deployment steps, it's a good idea to familiarize yourself with Duo administration concepts and features like options for applications, and Duo policy settings and how to apply them. SonicWALL TZ, NSA, SMA, SRA, and Aventail seriesĭuo Security has several configurable modes and options available for RADIUS in the Duo Authentication Proxy software.Citrix NetScaler Gateway (XenDesktop/XenApp).Cisco ACS / ISE / ISR / Catalyst / SSH Network Device Access / IPSec VPN / ASA.We've verified RADIUS compatibility with a wide variety of vendors and devices, including but not limited to: User access is granted after the Duo Authentication Proxy returns success to the authenticating device.ĭuo can be integrated with most devices and systems that support RADIUS for authentication. The Duo server proxies primary credentials to your user store, and then contacts Duo for two-factor authentication after primary authentication succeeds. ![]() In this configuration you insert the Duo Authentication Proxy between your VPN device and your existing primary LDAP or RADIUS authentication server. The Primary+Duo RADIUS configuration supports devices and appliances with RADIUS authentication. See Duo Knowledge Base article 7546 for additional guidance. If your organization requires IP-based rules, please review Duo Knowledge Base article 1337.Įffective June 30, 2023, Duo no longer supports TLS 1.0 or 1.1 connections or insecure TLS/SSL cipher suites. This application communicates with Duo's service on SSL TCP port 443.įirewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |