Duo support stated internal IPs are not allowed for the Authorized Network rules for security reasons. The configuration also states as much:
Specify networks using a comma-separated list of IP addresses, IP ranges, or CIDRs. These must be public IP ...
Duo support’s reply on using Duo Access Gateway
“The Duo Access Gateway wouldn’t be expected to be implemented at all and doing so wouldn’t change how the authentication policies affect your RDP logins. The Duo Access Gateway is our on-premise SAML ...
We use RDG for external connections (from the internet). I never said it was open to the internet.
It’s internal connections from within our network (desktop/server RDP to desktop/server within corp network) that I want to bypass MFA, which we don’t...
I wish we had as much luck as @BabbittJE Babbit. I went through the same thing with @vincentdb vincentdb, support pointed at our NAT policy as the culprit. I have our public IP as an authorized network but am still prompted for RDP connections within...