Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
1
Replies

Trying to protect an intranet website

tkrakowiak
Level 1
Level 1

‎05-30-2023 01:31 PM

Hi there,
I’m trying to protect an intranet website that is only accessible via IP but having trouble configuring DNG portal. What I’m expecting is to navigate to http://192.168.0.1 and be prompted for SSO authentication. Any tips or advises?
Many thanks
Tomasz

0 Helpful
1 Reply 1

DuoPablo
Cisco Employee
Cisco Employee

‎06-13-2023 09:30 AM

Hi @tkrakowiak ,

DNS is the backbone of the Duo Network Gateway. If you navigate to http://192.168.0.1 then you will be routed to the website directly. DNG is invoked when you navigate to the specified external URL of the website that is configured to point to DNG’s hostname/IP address. Even though the website may only be accessible via IP internally, DNG requires an external hostname to know how to route the client to said website.

2X_7_719df7b468f8b9b6814855ae00207fcf5ea5dde9.png

For instance, if I wanted to access the website at http://192.168.0.1, I would first navigate to https://app.example.com (which is a public CNAME for my DNG server, dng.example.com), then DNG would route the client to the configured internal URL of http://192.168.0.1 after authentication. The DNG Admin settings for this Web Application would look similar to:

2X_1_19cd182b52d008ee913bdf72ddae93a37069d1ff.png

How do I prevent internal users from bypassing Duo Network Gateway for my web applications?

Hope this helps!

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents