Looking at the documentation and network diagram at Duo Network Gateway | Duo Security It looks like only the DNG needs to communicate with the outside world and proxies requests to the SAML identity provider? Is this correct or can it be configured this way? I’m using the Duo Access Gateway as the SAML provider.
I would like to use DNG but I only have one external IP so with simple port forwarding 80/443 to the DNG I could only expose one host.
So can DNG proxy requests to the SAML provider and only require one IP for port forwarding or has anyone configured DNG and DAG behind another proxy system to work behind only one IP?