I have an SSL VPN device with users locally configured on it. I want the primary authentication to be from the users locally created on my SSL VPN device (checkpoint firewall) and the secondary authentication to be Duo. I have deployed Duo Authentication Proxy and the config file looks like:
The traffic flow:
SSL VPN users connect to Gateway (Checkpoint) > Primary authentication using locally created users > Secondary authentication Radius server pointed to Duo.
Is this the correct way of doing? If yes, how will the user/pwd entered by a client as a part of primary authentication be known to Duo and how will it verify against that username in the Duo Security cloud?
In this case, Duo is not working as a radius client or ad client.