Duo Security only for RDS-authentication via VPN (Homeoffice), but not in local network

we intend to purchase a Terminalserver (RDS Server) and therefore want to protect the RDP-access from the Internet (VPN / Homeoffice-use). But within our local network there shouldn`t be a DUO-security-control if we connect to the RDS-Server from our local clients while working in our company.

Is there a solution for this scenario? Maybe there is a filtering option in relation to the IP-address of the VPN-clients possible?


You don’t even need VPN when using it for RDS as RDS has its own SSL gateway, though it won’t hurt except for reduced performance.

Set up RDS the way it should be: RD Gateway, RD Broker/Connection, RD Session Host.

Put Duo for RD Gateway on the RD Gateway server. Create a policy to trust the IP address of you work’s network.

When someone outside of your work’s network tries to reach your RDG, Duo will prompt.

When someone inside of your work’s network tries to reach your RDG, Duo will NOT prompt due to the policy you created.

This has been my setup since 2018. Good luck!

1 Like

Alright. Many Thanks! :grinning:

1 Like