DUO with DUO Proxy firewall ports requirnments

Alan Tang · ‎11-23-2023

Hello:

I am implementing the DUO 2-FA with DUO Proxy. May I know the firewall port requirements for those custom application and Microsoft Remote Desktop Agent communicate with DUO Proxy? Is only port 443 was enough?

For the DUO Proxy to Cisco DUO Cloud (Internet), I just release port 443 for internet access is fine?

Thanks!

DuoKristina · ‎11-27-2023

Do you mean Duo Authentication for Windows Logon when you say "Microsoft Remote Desktop Agent"?

When installed, Duo Authentication for Windows Logon attempts to contact Duo's cloud service via HTTPS on port 443.

If you configure a web proxy on that system using netsh, then it will use whatever port you specified in the netsh config: https://duo.com/docs/rdp-faq#does-duo-authentication-for-windows-logon-support-web-proxying?

If you configure a proxy for only Duo traffic using an upstream Duo Authentication Proxy, then it uses whatever port you specify in the config (default 80): https://duo.com/docs/rdp-faq#is-it-possible-to-use-a-web-proxy-only-for-duo-authentication-for-windows-logon-traffic?

Duo, not DUO.

Alan Tang · ‎11-27-2023

There are no proxy server can be using in Remote Desktop Service Server Farm. This Server farm was not allow to have any internet access. However, I have a Duo Authentication Proxy that was in DMZ (This Proxy Allow internet access) and the RDS Server Farm can access to this "Duo Authentication Proxy". If the "Duo Authentication Proxy" IP is 10.3.20.200. May I know how can I told to the "Duo Authentication for Windows Logon" to use this Duo Authentication Proxy?

Thanks!