Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1429
Views
2
Helpful
1
Replies

Questions about using Duo deploy

Go to solution
ZONGYUho80020
Level 1
Level 1

‎12-16-2020 02:11 AM

Hi everyone

I have encountered some doubts about the way Duo runs authentication (I integrate with FTD). Duo has three methods Authentication Proxy, Duo Network Gateway, Duo Access Gateway, and I also know that Authentication Proxy uses RADIUS or LDAP for authentication. Duo does the second verification.
Duo Network Gateway means to install Duo’s connection tool on the host, you can use Duo Network Gateway use ssh connect to internal network
Duo Access Gateway can be verified through AD or online or Google G Suite accounts online verification service

I want to know what kind of environment these three types should be built in? All three are very similar. I can’t distinguish the pros and cons of each method. I hope I can mention it, thank all

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎12-16-2020 02:44 PM

Duo Authentication Proxy supports LDAP and RADIUS authentication.

Duo Access Gateway supports SAML 2.0 only.

So which one you choose depends on your use case. If you are looking to add 2FA to FTD VPN logins, then we recommend RADIUS with the Duo Authentication Proxy.

I saw that the new FTD 6.7 release supports SAML for VPN, so Duo Access Gateway or Duo Single Sign-on are also valid options. We do not yet have step-by-step instructions for FTD with SAML, but you could configure this using a Duo generic SAML application.

Duo Network Gateway is a like a reverse proxy for publishing internal web applications or SSH servers externally with 2FA added. It is not a good solution for adding 2FA to FTD RA VPN. It would be used instead of the RA VPN to provide SSH/HTTPS access to internal services without a VPN tunnel.

Duo, not DUO.

View solution in original post

1 Reply 1

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎12-16-2020 02:44 PM

Duo Authentication Proxy supports LDAP and RADIUS authentication.

Duo Access Gateway supports SAML 2.0 only.

So which one you choose depends on your use case. If you are looking to add 2FA to FTD VPN logins, then we recommend RADIUS with the Duo Authentication Proxy.

I saw that the new FTD 6.7 release supports SAML for VPN, so Duo Access Gateway or Duo Single Sign-on are also valid options. We do not yet have step-by-step instructions for FTD with SAML, but you could configure this using a Duo generic SAML application.

Duo Network Gateway is a like a reverse proxy for publishing internal web applications or SSH servers externally with 2FA added. It is not a good solution for adding 2FA to FTD RA VPN. It would be used instead of the RA VPN to provide SSH/HTTPS access to internal services without a VPN tunnel.

Duo, not DUO.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents