Authorized networks and Microsoft RDP


#1

Hi Friends,

I’m having a little trouble understanding authorized networks and using the microsoft rdp application.

Looking at this page https://help.duo.com/s/article/2155?language=en_US it says Windows Logon (RDP sessions only) is supported, I’m assuming that is the microsoft rdp application.

Now I have the login client installed on the rdp server and that all works fine. What I do notice is in the auth logs on the admin site it reports the internal IP of the server when a user rdp’s and duo auths to the server.

Over to the authorized networks policy part.
If I add the external ip of the client connecting to the rdp server, it doesn’t seem to do anything (still pops up for duo).
If I add the internal ip of the rdp SERVER for testing it stops asking for duo for everyone since it always will be the server ip not the client so not all that useful. (I know it says to only use external ip’s for the authorized networks so im guessing this is not the way).

Am I missing something here?

Thanks folks,
Craig


#2

The whitelisted IP is the one sent to Duo, which is the IP of the system where the Duo application was installed. So, it is correct that the IP sent to Duo is the IP of your RDP server. You cannot whitelist the RDP client IPs.