cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
868
Views
1
Helpful
2
Replies

Duo Network Gateway

Ah15
Level 1
Level 1

Could anyone advise when is it preferable to use Duo Network Gateway for the Apps protection?

I have two cases; one for firepower ssl vpn protected by Duo, and needs to apply device health to it.

And the second case, for RDP, SSH UNIX and fortigate ssl vpn and also needs to apply device health and agent verification to it.

1 Accepted Solution

Accepted Solutions

DuoPablo
Cisco Employee
Cisco Employee

Hi @Ah15 ,

For your Firepower integration, I would suggest using a SAML integration method such as Duo Single Sign-On for Cisco Firepower with AnyConnect so that device health features (such as Trusted Endpoints) can be utilized. Depending on the application(s) that your users access post-VPN, you may be able to replace said SSL VPN with Duo Network Gateway (DNG) and achieve a Zero Trust architecture. Please see the following blog article: https://duo.com/blog/duo-network-gateway-reducing-vpn-reliance

For RDP and Unix (SSH), Duo Network Gateway supports both of these protocols with device health features:

In the case of Fortigate, Duo does not have an integration that supports device health because it uses RADIUS: Duo Fortinet SSL VPN 2FA, RADIUS Automatic Push | Duo Security. Again, DNG might be a great use case to lessen the reliance on VPN products.

Overall, DNG is great for VPN-less access to internal applications via HTTPS, RDP, SSH, and SMB. Not only can it enable your users to access these services remotely, but it also allows for Duo MFA, Device Health App/Policies, and Trusted Endpoints to be used - all part of a Zero Trust framework!

Hope this helps!

View solution in original post

2 Replies 2

DuoPablo
Cisco Employee
Cisco Employee

Hi @Ah15 ,

For your Firepower integration, I would suggest using a SAML integration method such as Duo Single Sign-On for Cisco Firepower with AnyConnect so that device health features (such as Trusted Endpoints) can be utilized. Depending on the application(s) that your users access post-VPN, you may be able to replace said SSL VPN with Duo Network Gateway (DNG) and achieve a Zero Trust architecture. Please see the following blog article: https://duo.com/blog/duo-network-gateway-reducing-vpn-reliance

For RDP and Unix (SSH), Duo Network Gateway supports both of these protocols with device health features:

In the case of Fortigate, Duo does not have an integration that supports device health because it uses RADIUS: Duo Fortinet SSL VPN 2FA, RADIUS Automatic Push | Duo Security. Again, DNG might be a great use case to lessen the reliance on VPN products.

Overall, DNG is great for VPN-less access to internal applications via HTTPS, RDP, SSH, and SMB. Not only can it enable your users to access these services remotely, but it also allows for Duo MFA, Device Health App/Policies, and Trusted Endpoints to be used - all part of a Zero Trust framework!

Hope this helps!

Thanks Pablo for your reply and the detailed information.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links