New Duo Deployment

I have been tasked with planning and completing our organizations Duo implementation. I would like to set things up so that our users have a single sign-on portal which will hopefully cover all of the applications that we want to protect.

The external facing applications that we would like to protect currently include our RDS web gateway, Outlook Web Access (OWA) and a Fortinet SSL VPN. We also use an on-premise CRM system that I would like to provide external access to.

I have read through a number of the documents available regarding the Duo Access Gateway and the Duo Network Gateway. Not exactly sure what the correct situation is for using one or the other, or both.

Any suggestions about best practices for this type of architecture would be much appreciated.



1 Like

DOU Access Gateway is mainly for federation and acting as an ID Provider.
DUO AG as a portal that will be available with the web applications reachable from internet.

DUO Network Gateway is like VPN SSL PORTAL that you can put Internal Applications and make it available from internet for your roaming users.

In these portal you can use duo prompt and do the endpoint health check.
Fortigate SSL VPN will be integrating via duo Auth Proyx ( Radius Proxy) and will not present duo prompt and you will not have info about the user Operating system, browser version etc (health check).

Hope it helps.

1 Like