Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1725
Views
0
Helpful
1
Replies

Duo for ssl vpn & 2fa

suthomas11
Level 1
Level 1

‎09-04-2019 12:59 AM

Hello All,

We have a fortinet based ssl vpn with Cisco ACS as the radius server fetching attributes from AD.
To enable 2FA, in the authproxy.cfg file should the entries include both fortinet device & Cisco acs?
As also, where is the best place to check on logs for verification. Duo is on a windows machine .
Please help. Thank you.

Labels:
0 Helpful
1 Reply 1

gnyce
Level 1
Level 1

‎09-27-2019 04:26 AM

I’m not the best one to answer, but here goes. It depends. We were not currently using a radius server, so we just used the duo auth proxy to ‘look’ like one, and it can do both the AD verification and 2FA of course. It is limited to what it can do with AD, but it can check for membership in an AD group, and a few other things I seem to recall. If you are using your Cisco ACS for other radius-type things (accounting/logging) or requiring specific attributes, then I would think you’d want to define/use the ‘radius_client’ for the initial auth. The docs are your friend. Duo Authentication Proxy Reference | Duo Security

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents