I have encountered some doubts about the way Duo runs authentication (I integrate with FTD). Duo has three methods Authentication Proxy, Duo Network Gateway, Duo Access Gateway, and I also know that Authentication Proxy uses RADIUS or LDAP for authentication. Duo does the second verification.
Duo Network Gateway means to install Duo’s connection tool on the host, you can use Duo Network Gateway use ssh connect to internal network
Duo Access Gateway can be verified through AD or online or Google G Suite accounts online verification service
I want to know what kind of environment these three types should be built in? All three are very similar. I can’t distinguish the pros and cons of each method. I hope I can mention it, thank all