March 18, 2023, 2:15pm
Could anyone advise when is it preferable to use Duo Network Gateway for the Apps protection?
I have two cases; one for firepower ssl vpn protected by Duo, and needs to apply device health to it.
And the second case, for RDP, SSH UNIX and fortigate ssl vpn and also needs to apply device health and agent verification to it.
For your Firepower integration, I would suggest using a SAML integration method such as
Duo Single Sign-On for Cisco Firepower with AnyConnect so that device health features (such as Trusted Endpoints) can be utilized. Depending on the application(s) that your users access post-VPN, you may be able to replace said SSL VPN with Duo Network Gateway (DNG) and achieve a Zero Trust architecture. Please see the following blog article: https://duo.com/blog/duo-network-gateway-reducing-vpn-reliance
RDP and Unix (SSH), Duo Network Gateway supports both of these protocols with device health features:
In the case of Fortigate, Duo does not have an integration that supports device health because it uses RADIUS:
Duo Fortinet SSL VPN 2FA, RADIUS Automatic Push | Duo Security. Again, DNG might be a great use case to lessen the reliance on VPN products.
Overall, DNG is great for VPN-less access to internal applications via HTTPS, RDP, SSH, and SMB. Not only can it enable your users to access these services remotely, but it also allows for Duo MFA, Device Health App/Policies, and Trusted Endpoints to be used - all part of a Zero Trust framework!
Hope this helps!
March 22, 2023, 12:51pm
Thanks Pablo for your reply and the detailed information.