DUO Mobile App Calling home

johwoo · ‎06-17-2022

Hello,

Not sure if there is an answer for this , but here goes. We have implemented DUO MFA for Windows logon in our environment. This has been working very well.

We are starting to roll it out to areas that do not have the best cell reception if at all. We do have a guest network, but this requires users to go to a Barracuda login page. To try and make it easier, we’re kicking around the idea of putting an exception on the Baracuda to allow all traffic for DUO through without having to sign into the network.

My issue is, I don’t know what IP/address the mobile app uses to communicate with DUO.

Does anyone else have any insight?

Thank you,
John Wood.

Amy2 · ‎06-21-2022

Hi @johwoo, we have a help article that lists the IP ranges Duo uses for MFA APIs. It states that the IPs contacted by mobile devices are subject to change, however.

I think you could accomplish this using the Authorized Networks policy, which is supported for Barracuda. Using the Allow access without 2FA from these networks setting, you could provide a list of IP addresses to allow through without 2FA, but you would have to have the specific IPs for that area, and I’m not sure how feasible that is.

I hope that helps! Perhaps someone else with more expertise can weigh in and provide some useful suggestions.