Upgrade duo authentication proxy

Hi All,

DUO server is integrated with ISE Server for TWO Factor authentication, DUO proxy software in Server is pretty old and need to updated from Ver 3.2.4 to 5.5.0. Need to know what are the precatution i need to take for smooth functioning after upgradation.

Basically im using duo 2fa for my Remote Access VPN Users.

Hi @Vishal, upgrading the Duo Authentication Proxy should be pretty seamless, as the installer preserves your current configuration and log files when upgrading to the latest release. You can make a backup copy before running the upgrade just to be safe, which is always a good idea. You’ll find instructions on how to do that, including the directories you’ll need, both in our docs on how to upgrade the proxy as well as this help article. I hope that helps! :smiley:

Hi Amy ,

Thanks for your reply. I had 2 concern it will be great help if you address this.

  1. Would my Syntax in the configuration will remain the same in current & new version ? (Upgrading from Ver 3.2.4 to 5.5.0)

  2. I have integrated my Duo with Cisco ISE for my VPN Users where first level of Authentication would be via ISE and then DUO. Would upgrading the authentication proxy would impact communication between ISE and DUO ?

Hi @Vishal

Unfortunately, we can’t know this without seeing your exact configuration. Newer releases of the Authentication Proxy do stricter checking on options, so it is possible that you could have something in your config today that is invalid or incorrect that the config checker in the current release would flag that would prevent startup. If this is the case, it will tell you before you install the upgrade. Friendly reminder that the community is NOT the correct place to share your config files, and you should contact Duo Support instead. :slight_smile:

No, it should have no impact provided the Authentication Proxy starts and the config is valid.

Definitely create a backup copy of the authproxy.cfg and any certificate+key files in the configuration directory. You may want to test the upgrade on a non-production server first in case any issues do crop up. Also, you can always reinstall the previous version of the Authentication Proxy in the event there is an issue, until you are able to troubleshoot it further and correct it.

If you’re really concerned though, it might be a good idea to open a Duo Support case to review your configuration with them prior to making any changes. They will be able to identify and correct any issues ahead of time, and if you do run into problems still, they can also assist with those!