Sonicwall SMA500 and Duo integration issue

Michael_Natale · ‎12-20-2021

After following the setup guide to integrate my new SMA 500 with the duo prompt I’ve got it working with one exception. After the prompt pushes to a user’s phone and they say accept it doesn’t allow a user in.

The Virtual office portal and the Duo popup window just say success and stay open and nothing ever connects. I don’t see any settings from any of the setup documentation that address this stage as something that I could have missed. Everything else is working flawlessly.

All the logs I can find indicate no errors. It’s almost like the final allow from the prompt is never reaching the SonicWALL.

DuoKristina · ‎12-22-2021

The way this integration works is:

The SMA sends a RADIUS access request to the Duo Authentication Proxy,
The Duo proxy responds to the SMA with a RADIUS challenge that initializes the interactive prompt.
The user performs 2FA in the prompt.
The SMA responds back to the Duo proxy with the answer to the previously issued RADIUS challenge.
The Duo proxy verifies that challenge reponse with Duo’s service.
The Duo proxy sends a RADIUS access accept to the SMA.
The SMA grants access.

It sounds like something is going awry after step 3. You can look at the debug log on the Authentication Proxy to see if it is getting the challenge response from the SMA, and sending back the accept to the SMA. If the proxy is sending the accept to the SMA, checking the SMA logs to see what happens after that would help.

This can be tricky to diagnose so you might want to open a support case if you don’t see the problem.

Duo, not DUO.