Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2266
Views
3
Helpful
2
Replies

New Duo Deployment

rick_m
Level 1
Level 1

‎12-18-2019 07:06 AM

I have been tasked with planning and completing our organizations Duo implementation. I would like to set things up so that our users have a single sign-on portal which will hopefully cover all of the applications that we want to protect.

The external facing applications that we would like to protect currently include our RDS web gateway, Outlook Web Access (OWA) and a Fortinet SSL VPN. We also use an on-premise CRM system that I would like to provide external access to.

I have read through a number of the documents available regarding the Duo Access Gateway and the Duo Network Gateway. Not exactly sure what the correct situation is for using one or the other, or both.

Any suggestions about best practices for this type of architecture would be much appreciated.

Thanks,

Rick

2 Replies 2

paulorosa
Level 1
Level 1

‎12-20-2019 02:39 AM

Hi,
DOU Access Gateway is mainly for federation and acting as an ID Provider.
DUO AG as a portal that will be available with the web applications reachable from internet.

DUO Network Gateway is like VPN SSL PORTAL that you can put Internal Applications and make it available from internet for your roaming users.

In these portal you can use duo prompt and do the endpoint health check.
Fortigate SSL VPN will be integrating via duo Auth Proyx ( Radius Proxy) and will not present duo prompt and you will not have info about the user Operating system, browser version etc (health check).

Hope it helps.

BabbittJE
Level 1
Level 1

‎08-12-2020 02:23 PM

@rick_m, I use DAG as my SSO. It’s like Microsoft’s Federated login but this is hosted on-premise. Then, I can tell, via the Duo Admin Console, most applications to use this DAG. I have Microsoft 365, Microsoft Remote Desktop Gateway, LastPass and DAG Launcher all protected. I could easily add more apps to protect. On the list of apps they have for you to select and protect, I do see Microsoft RD Gateway (what I use, too), Fortinet FortiGate SSL VPN and Microsoft OWA listed, along with many other apps. There’s 2 type of protections, 2FA only or 2FA with SSO. Only my M365 is on 2FA with SSO; all the rest of mine are on 2FA only because that’s where I first started. SSO was added later and I migrated just the M365 over to this one. Works well. Good luck!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents