Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
985
Views
0
Helpful
1
Replies

Duo Access Gateway internal and not DMZ

kmcdole
Level 1
Level 1

‎11-17-2021 04:46 PM

Looking to enable SSO for our backup platform Cohesity. Their solutions guide say to setup Duo Access Gateway (DAG) and create a Duo SSO application using using the Generic Service Provider. Then add as an SSO Provider in Cohesity. Reading the DAG requirements it says to deploy in DMZ. Can the DAG be on internal network if integration is only being configured for an on-prem application?

Labels:
0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎11-17-2021 05:29 PM

Since many customers are setting up DAG for both internal and external access (even of on-premises applications), we recommend putting the DAG in a DMZ to avoid opening up ingress for external users to your internal network.

If your DAG SSO site will only be accessed by users on the internal network then yes, you can install it on the internal network.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents